2023-07-24 14:14:52 +00:00
|
|
|
#!/bin/sh
|
|
|
|
|
2023-07-24 15:22:43 +00:00
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
|
|
escape_newline () {
|
|
|
|
sed 's/$/\\n/g' | tr -d '\n'
|
|
|
|
}
|
|
|
|
|
|
|
|
export VAULT_ADDR="${VAULT_ADDR:-"https://vault.srs.epita.fr:443"}"
|
|
|
|
SSH_PATH="${SSH_PATH:-/tmp/fic_ssh}"
|
|
|
|
DHPARAM_PATH="${DHPARAM_PATH:-/tmp/dhparam.pem}"
|
2023-07-24 15:55:22 +00:00
|
|
|
OUTPUT_PATH="${OUTPUT_PATH:-"$(mktemp -d)"}"
|
2023-07-24 15:22:43 +00:00
|
|
|
|
|
|
|
vault login -method=oidc -no-print 2> /dev/null
|
|
|
|
|
|
|
|
export DM_CRYPT="$(tr -d -c "a-zA-Z0-9" < /dev/urandom | fold -w512 | head -n 1)"
|
|
|
|
export CERT_PEM="$(vault kv get --field=cert.pem fic/cert/fic.srs.epita.fr | escape_newline)"
|
2023-07-24 15:55:22 +00:00
|
|
|
export CHAIN_PEM="$(vault kv get --field=chain.pem fic/cert/fic.srs.epita.fr | escape_newline)"
|
2023-07-24 15:22:43 +00:00
|
|
|
export FULLCHAIN_PEM="$(vault kv get --field=fullchain.pem fic/cert/fic.srs.epita.fr | escape_newline)"
|
|
|
|
export PRIVKEY_PEM="$(vault kv get --field=privkey.pem fic/cert/fic.srs.epita.fr | escape_newline)"
|
|
|
|
|
|
|
|
|
|
|
|
ssh-keygen -a 100 -t ed25519 -q -f "$SSH_PATH" -N "" <<< 'y'
|
|
|
|
|
|
|
|
export SYNCRO_PUBLIC_KEY="$(cat "$SSH_PATH".pub | escape_newline)"
|
|
|
|
export SYNCRO_PRIVATE_KEY="$(cat "$SSH_PATH" | escape_newline)"
|
|
|
|
|
|
|
|
echo -e "\n\nGenerating DH params please wait"
|
|
|
|
|
|
|
|
openssl dhparam -out "$DHPARAM_PATH" 4096 &>/dev/null
|
|
|
|
export DHPARAM="$(cat "$DHPARAM_PATH" | escape_newline)"
|
|
|
|
|
|
|
|
TEMPLATE='
|
2023-07-24 14:14:52 +00:00
|
|
|
{
|
|
|
|
"dm-crypt": {
|
|
|
|
"entries": {
|
|
|
|
"key": {
|
|
|
|
"perm": "0440",
|
2023-07-24 15:22:43 +00:00
|
|
|
"content": "${DM_CRYPT}"
|
2023-07-24 14:14:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
"ssh": {
|
|
|
|
"entries": {
|
|
|
|
"authorized_keys": {
|
|
|
|
"perm": "0444",
|
2023-07-26 13:19:42 +00:00
|
|
|
"content": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEzkTeIdK4W/fNzrK7XCqOHQpICDaAvPhcFuetwVujV4 erwan.poles@epita.fr\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGpS5mMfl832EKi03M0awrTbiuGOh+OII5ojM3V9Onl9 tanguy.maraux@gmail.com\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCUKevt/f1n2byv5oH43iQsZ7b4kAATHlHNUF6WMQjk6BSEpdx3Ux1ly0jKy6TPq+04/H0qSC7xF9vGsv3stcbXNST47aIKRnp+27J0SYsj4oaqIGJ/gtgl1QJfJVB+Sld7Sh65zT30kqm0Il3y5PHfpTk/9Y6HOEpnOO8IvmnL4jwiwKMXM+0EyaTaBvsAFo6AYz3/dvkNKSf3SMQWZJNqGtufZcXqg16gWy2+tqALhtCDdmIV1qtK81MxWgol19ZBukk8+qfnX3SgCY1VaJIbBs0vmkixE0e89Pr+mRIPjDL/3U5yH5StUrVOtJqo2pX9mN+r0G8A+lZouprjhu8rGsIyF4zXdcELgh5/ZVR11/OLnZaThsrh1NjZvFdeEgXNZ5IBEZ9KbLUSj7c6lb1j4PtST+BNc8iQj6DdktYluj7LiEgbfpss7rXmoAUC3y01/z1L1GiKJ+FQkN9ri/eQoT3gwyAApS/80MhP4SfgNbdslN49369hY3z04DC7aDc= paul@paul-82wr\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICo5yumHfQbMwhZAtEZByQR0xIVcoealS7g4MNTMEVaX roote@roote-VirtualBox\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDO/3qKhSUbGYZBVraFo68oScJahRDNQfG+uwDQlLv7g nemunaire@khonsou\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDCanbPYZGJPlXAbaUkVZPZbGMngjKctmm4dmBOv+eqAkNioeAtUKfmsNWJRZRqB+N2CcIn+0XtgIILNRS1/YC94oAkrSq7lXQ/Pb1vx/N8xQ+c8HCI+YVilKP3digpuVRa8eeCJLnOoBw0MKaXIvul6bG4rUSV+xxXMfeDb0BN9h1CLAnsdK3Ku0DIX57GqtPYbeqTN3tYZ3l+9uewAqUKJ28jEw+DTLUDLytyAw2XDalWMSlnC+WyoXMmwuYz74yKwiRzDPvOloDQf4cEZcdlywcz6HePTcH0d1oPaiTdDtIsI0eSSvZWSLBKA3hc+J3flH2Xyoz4Y7O5pdjoKK7dLoITHGK1Ue9MMCU8n9cqBFozDY7QtJuiY4bx9bdnhUc5PAXGpPR7vWM4tckEcaP8pEhED+h/u7TD4SyZlmUUZVyv7icrcCSQEbIKVLYi8bfMgXxDwkEiAOnTLCEDXT27VauSfQab68RmiMJvylW8ynl7rrM/3T0pbuzRXKJjGnuvNTNMQZqPwt+yp2BtXB/XdLEkh18PI35j/As+hhubxhtYW+esvuDw4a/JBWUtwO7MacM9VlKOtyV+LWKUljVwpgR5mCljauLnL5LulxmjRrcnm2nFCW7WzeSrilEV4AZ2lA0JJLMVI5VAWc6sP+LyM9TA3rmoaMxTxlJkni6Aw== cardno:18 059 785\n"
|
2023-07-24 14:14:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
"synchro": {
|
|
|
|
"entries": {
|
|
|
|
"id_ed25519": {
|
|
|
|
"perm": "0400",
|
2023-07-24 15:22:43 +00:00
|
|
|
"content": "${SYNCRO_PRIVATE_KEY}"
|
2023-07-24 14:14:52 +00:00
|
|
|
},
|
|
|
|
"id_ed25519.pub": {
|
|
|
|
"perm": "0444",
|
2023-07-24 15:22:43 +00:00
|
|
|
"content": "${SYNCRO_PUBLIC_KEY}"
|
2023-07-24 14:14:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
"tls_config": {
|
|
|
|
"entries": {
|
|
|
|
"dhparams-4096.pem": {
|
|
|
|
"perm": "0400",
|
2023-07-24 15:22:43 +00:00
|
|
|
"content": "${DHPARAM}"
|
2023-07-24 14:14:52 +00:00
|
|
|
},
|
|
|
|
"cert.pem": {
|
|
|
|
"perm": "0400",
|
2023-07-24 15:22:43 +00:00
|
|
|
"content": "${CERT_PEM}"
|
2023-07-24 14:14:52 +00:00
|
|
|
},
|
|
|
|
"chain.pem": {
|
|
|
|
"perm": "0400",
|
2023-07-24 15:22:43 +00:00
|
|
|
"content": "${CHAIN_PEM}"
|
2023-07-24 14:14:52 +00:00
|
|
|
},
|
|
|
|
"fullchain.pem": {
|
|
|
|
"perm": "0400",
|
2023-07-24 15:22:43 +00:00
|
|
|
"content": "${FULLCHAIN_PEM}"
|
2023-07-24 14:14:52 +00:00
|
|
|
},
|
|
|
|
"privkey.pem": {
|
|
|
|
"perm": "0444",
|
2023-07-24 15:22:43 +00:00
|
|
|
"content": "${PRIVKEY_PEM}"
|
2023-07-24 14:14:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2023-07-24 15:22:43 +00:00
|
|
|
}'
|
|
|
|
|
2023-07-24 15:55:22 +00:00
|
|
|
echo "$TEMPLATE" | envsubst > "$OUTPUT_PATH"/user-data
|
2023-07-24 15:22:43 +00:00
|
|
|
|
2023-07-24 15:55:22 +00:00
|
|
|
echo -e "Result in $OUTPUT_PATH\nGenerating iso"
|
|
|
|
|
|
|
|
mkisofs -joliet-long -V CIDATA -o fickit-metadata.iso "${OUTPUT_PATH}"
|