31 lines
1.0 KiB
Bash
Executable File
31 lines
1.0 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Author: Landon Dyck
|
|
# Generates and encrypts a new certificate for a nebula host. Calls unlock.sh so you don't
|
|
# have to enter your password twice, but will honor an unlock.sh called outside the script.
|
|
# Don't forget to add the host and ip address in ansible/group_vars/all/nebula.yml
|
|
#
|
|
# Usage: $ ./nebula_cert.sh ip_address hostname
|
|
# * ip_address: the ip address of the host. Make sure it's in the correct /24 network
|
|
# * hostname: the hostname of the host. If I need to explain more, you probably should
|
|
# not use this
|
|
|
|
. $(dirname "$0")/unlock.sh
|
|
ca_crt=roles/nebula/files/ca.crt
|
|
ca_key=roles/nebula/files/ca.key
|
|
client_key=roles/nebula/files/certs/$2.key
|
|
client_crt=roles/nebula/files/certs/$2.crt
|
|
|
|
|
|
cd ansible/
|
|
ansible-vault decrypt roles/nebula/files/ca.*
|
|
nebula-cert sign \
|
|
-ip "$1/24" \
|
|
-name $2 \
|
|
-out-key $client_key \
|
|
-out-crt $client_crt \
|
|
-ca-crt $ca_crt \
|
|
-ca-key $ca_key
|
|
read -p "Press [Enter] key to complete encryption"
|
|
ansible-vault encrypt roles/nebula/files/certs/$2.* roles/nebula/files/ca.*
|