Files
infrascripts/ansible/nebula_cert.sh
2025-10-22 21:47:09 -05:00

31 lines
1.0 KiB
Bash
Executable File

#!/bin/bash
# Author: Landon Dyck
# Generates and encrypts a new certificate for a nebula host. Calls unlock.sh so you don't
# have to enter your password twice, but will honor an unlock.sh called outside the script.
# Don't forget to add the host and ip address in ansible/group_vars/all/nebula.yml
#
# Usage: $ ./nebula_cert.sh ip_address hostname
# * ip_address: the ip address of the host. Make sure it's in the correct /24 network
# * hostname: the hostname of the host. If I need to explain more, you probably should
# not use this
. $(dirname "$0")/unlock.sh
ca_crt=roles/nebula/files/ca.crt
ca_key=roles/nebula/files/ca.key
client_key=roles/nebula/files/certs/$2.key
client_crt=roles/nebula/files/certs/$2.crt
cd ansible/
ansible-vault decrypt roles/nebula/files/ca.*
nebula-cert sign \
-ip "$1/24" \
-name $2 \
-out-key $client_key \
-out-crt $client_crt \
-ca-crt $ca_crt \
-ca-key $ca_key
read -p "Press [Enter] key to complete encryption"
ansible-vault encrypt roles/nebula/files/certs/$2.* roles/nebula/files/ca.*