sshca: Add genkey.sh script
This commit is contained in:
parent
e630255364
commit
5f38645fee
2 changed files with 36 additions and 0 deletions
28
roles/sshca/files/genkey.sh
Executable file
28
roles/sshca/files/genkey.sh
Executable file
|
|
@ -0,0 +1,28 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -eu
|
||||
|
||||
if [ $# -ne 1 ]; then
|
||||
echo "Usage: $(basename "$0") <year>" 1>&2
|
||||
exit
|
||||
fi
|
||||
|
||||
cd /srv/sshca/ca
|
||||
|
||||
year="$1"
|
||||
if [ "$year" -eq "$year" ] 2> /dev/null; then
|
||||
if [ "$year" -lt "$(date +%Y)" ]; then
|
||||
echo "ERROR: Invalid year \"${year}\", time in the past" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
echo "ERROR: Invalid year \"${year}\"" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -f "ca.${year}" ]; then
|
||||
echo "ERROR: Key \"${year}\" already exists" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
ssh-keygen -t ed25519 -f "/srv/sshca/ca/ca.${year}" -C "foo.sh - SSH CA ${year}"
|
||||
|
|
@ -27,6 +27,14 @@
|
|||
group: "{{ ansible_wheel }}"
|
||||
follow: false
|
||||
|
||||
- name: Copy key generation script
|
||||
ansible.builtin.copy:
|
||||
dest: /srv/sshca/ca/genkey.sh
|
||||
src: genkey.sh
|
||||
mode: "0755"
|
||||
owner: root
|
||||
group: "{{ ansible_wheel }}"
|
||||
|
||||
- name: Copy signing script
|
||||
ansible.builtin.copy:
|
||||
dest: /srv/sshca/signcert.sh
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue