add generate-secrets pkg

generate-secrets.sh will also be used in generate-secrets.nix, so DRY its dependency definitions.
2019-11-27 14:04:31 +01:00
parent e34093a8ac
commit 6447694214
5 changed files with 10 additions and 2 deletions
--- a/pkgs/generate-secrets/generate-secrets.sh
+++ b/pkgs/generate-secrets/generate-secrets.sh
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+opensslConf=${1:-openssl.cnf}
+secretsFile=secrets.nix
+
+if [ ! -e "$secretsFile" ]; then
+    echo Write secrets to $secretsFile
+    makepw="apg -m 20 -x 20 -M Ncl -n 1"
+    {
+        echo \{
+        echo "  bitcoinrpcpassword = \"$($makepw)\";"
+        echo "  lnd-wallet-password = \"$($makepw)\";"
+        echo "  lightning-charge-api-token = \"$($makepw)\";"
+        echo "  liquidrpcpassword = \"$($makepw)\";"
+        echo "  spark-wallet-password = \"$($makepw)\";"
+        echo \}
+    } >> $secretsFile
+    echo Done
+else
+    echo $secretsFile already exists. Skipping.
+fi
+
+if [ ! -e nginx.key ] || [ ! -e nginx.cert ]; then
+    echo Generate Nginx Self-Signed Cert
+    openssl genrsa -out nginx.key 2048
+    openssl req -new -key nginx.key -out nginx.csr -subj "/C=KN"
+    openssl x509 -req -days 1825 -in nginx.csr -signkey nginx.key -out nginx.cert
+    rm nginx.csr
+    echo Done
+else
+    echo Nginx Cert already exists. Skipping.
+fi
+
+if [ ! -e lnd.key ] || [ ! -e lnd.cert ]; then
+    echo Generate LND compatible TLS Cert
+    openssl ecparam -genkey -name prime256v1 -out lnd.key
+    openssl req -config $opensslConf -new -sha256 -key lnd.key -out lnd.csr -subj '/CN=localhost/O=lnd'
+    openssl req -config $opensslConf -x509 -sha256 -days 1825 -key lnd.key -in lnd.csr -out lnd.cert
+    rm lnd.csr
+    echo Done
+else
+    echo LND cert already exists. Skipping.
+fi