44 lines
1.2 KiB
Bash
Executable file
44 lines
1.2 KiB
Bash
Executable file
#!/bin/sh
|
|
set -eu
|
|
|
|
tmp=$(mktemp -d)
|
|
trap 'rm -rf -- "$tmp"' EXIT
|
|
|
|
FILEPATH="${MANAGED_CLIENTS:-./var/syncthing-managed-clients.json}"
|
|
PKI_PATH="${PKI_PATH:-./pki/syncthing}"
|
|
SECRETS_PATH="${SECRETS_PATH:-secrets/syncthing}"
|
|
|
|
first_missing=$(
|
|
jq -r '
|
|
. as $root
|
|
| $root.managed_clients[]
|
|
| select($root.hashes[.] | not)
|
|
' "$FILEPATH" \
|
|
| head -n 1 \
|
|
)
|
|
[ -z "$first_missing" ] && echo "Done" >&2 && exit 0
|
|
|
|
echo "Generating cerificate for $first_missing"
|
|
mkdir "$tmp/$first_missing"
|
|
hash=$(
|
|
syncthing generate \
|
|
--config "$tmp/$first_missing" \
|
|
--data "$tmp/$first_missing/data" \
|
|
| grep -oP '(?<=device=)[A-Z0-9-]+' \
|
|
)
|
|
|
|
mkdir -p "$PKI_PATH"
|
|
mv "$tmp/$first_missing/cert.pem" "$PKI_PATH/$first_missing.cert"
|
|
|
|
# Remove the file so agenix does not try to decrypt
|
|
[ -f "$SECRETS_PATH/$first_missing.age" ] && rm "$SECRETS_PATH/$first_missing.age"
|
|
agenix -e "$SECRETS_PATH/$first_missing.age" < "$tmp/$first_missing/key.pem"
|
|
|
|
jq --arg client "$first_missing" \
|
|
--arg hash "$hash" \
|
|
'.hashes[$client] = $hash' "$FILEPATH" \
|
|
> "$tmp/new-syncthing-managed-clients.json" \
|
|
&& mv "$tmp/new-syncthing-managed-clients.json" "$FILEPATH"
|
|
|
|
# Revoke self to handle next client
|
|
"$0"
|