Add DNS-01 ACME wildcard certificate
- Add Ansible Vault convenience script
This commit is contained in:
26
scripts/forward-ssh.sh
Executable file
26
scripts/forward-ssh.sh
Executable file
@@ -0,0 +1,26 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Finds the SSH private key under ./.vagrant and connects to
|
||||
# the Vagrant box, port forwarding localhost ports: 8443, 80, 443
|
||||
PRIVATE_KEY="$(find .vagrant -name "private_key")"
|
||||
HOST_IP="$(vagrant ssh -c "hostname -I | cut -d' ' -f2" 2>/dev/null)"
|
||||
MATCH_PATTERN="ssh -fNT -i ${PRIVATE_KEY}.*vagrant@"
|
||||
|
||||
function ssh_connect {
|
||||
sudo ssh -fNT -i "$PRIVATE_KEY" \
|
||||
-L 8443:localhost:8443 \
|
||||
-L 80:localhost:80 \
|
||||
-L 443:localhost:443 \
|
||||
-o UserKnownHostsFile=/dev/null \
|
||||
-o StrictHostKeyChecking=no \
|
||||
vagrant@"${HOST_IP::-1}" 2>/dev/null
|
||||
}
|
||||
|
||||
set -x
|
||||
if [ "$(pgrep -afc "$MATCH_PATTERN")" -eq 0 ]; then
|
||||
ssh_connect
|
||||
else
|
||||
pgrep -f "$MATCH_PATTERN" | xargs sudo kill -9
|
||||
ssh_connect
|
||||
fi
|
||||
set +x
|
||||
51
scripts/vault-key.sh
Executable file
51
scripts/vault-key.sh
Executable file
@@ -0,0 +1,51 @@
|
||||
#!/bin/bash
|
||||
BW_USERNAME="contact@freeitathens.org"
|
||||
ANSIBLE_VAULT_ITEM="e16b2542-f6c1-4e9f-8e33-af5201574a15"
|
||||
|
||||
# Does the key already exist?
|
||||
if [ -f .ansible_vault ]; then
|
||||
echo "Ansible Vault file already exists at ./.ansible_vault"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Install Bitwarden CLI binary to ./.bitwarden/bw
|
||||
if [ ! -d .bitwarden ]; then
|
||||
mkdir .bitwarden
|
||||
cd .bitwarden || exit 1
|
||||
wget "https://vault.bitwarden.com/download/?app=cli&platform=linux" -O bw-linux.zip
|
||||
unzip bw-linux.zip
|
||||
rm bw-linux.zip
|
||||
chmod u+x bw
|
||||
else
|
||||
cd .bitwarden || exit 1
|
||||
fi
|
||||
|
||||
# Get Master Password to unlock vault
|
||||
read -rsp "Master Password: " BW_PASSWORD
|
||||
export BW_PASSWORD
|
||||
echo
|
||||
|
||||
# Login
|
||||
LOGIN_RESPONSE=$(./bw login "$BW_USERNAME" "$BW_PASSWORD" --response --nointeraction)
|
||||
if [ ! "$(echo "$LOGIN_RESPONSE" | jq -r .success)" == "true" ]; then
|
||||
echo "$LOGIN_RESPONSE" | jq -r .message
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Unlock
|
||||
UNLOCK_RESPONSE=$(./bw unlock --passwordenv BW_PASSWORD --response --nointeraction)
|
||||
if [ ! "$(echo "$UNLOCK_RESPONSE" | jq -r .success)" == "true" ]; then
|
||||
echo "$UNLOCK_RESPONSE" | jq -r .message
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Trade password for session
|
||||
unset BW_PASSWORD
|
||||
BW_SESSION=$(echo "$UNLOCK_RESPONSE" | jq -r .data.raw)
|
||||
export BW_SESSION
|
||||
|
||||
# Place Ansible Vault secret and logout
|
||||
./bw get password "$ANSIBLE_VAULT_ITEM" --response --nointeraction | jq -r .data.data > ../.ansible_vault
|
||||
truncate -s -1 ../.ansible_vault
|
||||
chmod 600 ../.ansible_vault
|
||||
./bw logout --quiet
|
||||
Reference in New Issue
Block a user