sample-config/generate-gpg-keys.sh

#! /usr/bin/env nix-shell
#! nix-shell -i bash -p gnupg ssh-to-pgp

## Import user SSH key into GPG

cp ~/.ssh/id_rsa /tmp/id_rsa
ssh-keygen -p -N "" -f /tmp/id_rsa
{
    IFS=$'\n' read -r -d '' CAPTURED_STDERR;
    IFS=$'\n' read -r -d '' CAPTURED_STDOUT;
} < <((printf '\0%s\0' "$(ssh-to-pgp -private-key -i /tmp/id_rsa | gpg --import --allow-non-selfsigned-uid --quiet)" 1>&2) 2>&1)
USER_GPG_FINGERPRINT=$(echo $CAPTURED_STDERR | awk '{print $1;}')
echo "FINGERPRINT: ${USER_GPG_FINGERPRINT}"
rm /tmp/id_rsa
# set ultimate trust level
echo "${USER_GPG_FINGERPRINT}:6:" | gpg --import-ownertrust
echo -e "adduid\n\n${USER}@localhost\n\nsave\nexit\n" | gpg --command-fd=0 --status-fd=1 --edit-key ${USER_GPG_FINGERPRINT}

sed -i -e "s/\&user .\+$/\&user $USER_GPG_FINGERPRINT/g" .sops.yaml

## Import host SSH key into GPG

# Get GPG fingerprint of server RSA key
# HOST_GPG_FINGERPRINT=$(sudo cat /etc/ssh/ssh_host_rsa_key | ssh-to-pgp -private-key | gpg --import --allow-non-selfsigned-uid --quiet 2> /dev/null | head -n 1)
{
    IFS=$'\n' read -r -d '' CAPTURED_STDERR;
    IFS=$'\n' read -r -d '' CAPTURED_STDOUT;
} < <((printf '\0%s\0' "$(sudo cat /etc/ssh/ssh_host_rsa_key | ssh-to-pgp -private-key | gpg --import --allow-non-selfsigned-uid --quiet)" 1>&2) 2>&1)
HOST_GPG_FINGERPRINT=$(echo $CAPTURED_STDERR | awk '{print $1;}')
echo "FINGERPRINT: ${HOST_GPG_FINGERPRINT}"
# set ultimate trust level
echo "${HOST_GPG_FINGERPRINT}:6:" | gpg --import-ownertrust
echo -e "adduid\n\n${USER}@localhost\n\nsave\nexit\n" | gpg --command-fd=0 --status-fd=1 --edit-key ${HOST_GPG_FINGERPRINT}

sed -i -e "s/\&host_$HOST .\+$/\&host_$HOST $HOST_GPG_FINGERPRINT/g" .sops.yaml
HF-7: Move out sops config * Updated configuration.nix to match latest homefree * Added secrets config * Updated Readme 2024-12-13 17:14:13 -08:00			`#! /usr/bin/env nix-shell`
			`#! nix-shell -i bash -p gnupg ssh-to-pgp`

			`## Import user SSH key into GPG`

			`cp ~/.ssh/id_rsa /tmp/id_rsa`
			`ssh-keygen -p -N "" -f /tmp/id_rsa`
			`{`
			`IFS=$'\n' read -r -d '' CAPTURED_STDERR;`
			`IFS=$'\n' read -r -d '' CAPTURED_STDOUT;`
			`} < <((printf '\0%s\0' "$(ssh-to-pgp -private-key -i /tmp/id_rsa \| gpg --import --allow-non-selfsigned-uid --quiet)" 1>&2) 2>&1)`
			`USER_GPG_FINGERPRINT=$(echo $CAPTURED_STDERR \| awk '{print $1;}')`
			`echo "FINGERPRINT: ${USER_GPG_FINGERPRINT}"`
			`rm /tmp/id_rsa`
			`# set ultimate trust level`
			`echo "${USER_GPG_FINGERPRINT}:6:" \| gpg --import-ownertrust`
			`echo -e "adduid\n\n${USER}@localhost\n\nsave\nexit\n" \| gpg --command-fd=0 --status-fd=1 --edit-key ${USER_GPG_FINGERPRINT}`

			`sed -i -e "s/\&user .\+$/\&user $USER_GPG_FINGERPRINT/g" .sops.yaml`

			`## Import host SSH key into GPG`

			`# Get GPG fingerprint of server RSA key`
			`# HOST_GPG_FINGERPRINT=$(sudo cat /etc/ssh/ssh_host_rsa_key \| ssh-to-pgp -private-key \| gpg --import --allow-non-selfsigned-uid --quiet 2> /dev/null \| head -n 1)`
			`{`
			`IFS=$'\n' read -r -d '' CAPTURED_STDERR;`
			`IFS=$'\n' read -r -d '' CAPTURED_STDOUT;`
			`} < <((printf '\0%s\0' "$(sudo cat /etc/ssh/ssh_host_rsa_key \| ssh-to-pgp -private-key \| gpg --import --allow-non-selfsigned-uid --quiet)" 1>&2) 2>&1)`
			`HOST_GPG_FINGERPRINT=$(echo $CAPTURED_STDERR \| awk '{print $1;}')`
			`echo "FINGERPRINT: ${HOST_GPG_FINGERPRINT}"`
			`# set ultimate trust level`
			`echo "${HOST_GPG_FINGERPRINT}:6:" \| gpg --import-ownertrust`
			`echo -e "adduid\n\n${USER}@localhost\n\nsave\nexit\n" \| gpg --command-fd=0 --status-fd=1 --edit-key ${HOST_GPG_FINGERPRINT}`

			`sed -i -e "s/\&host_$HOST .\+$/\&host_$HOST $HOST_GPG_FINGERPRINT/g" .sops.yaml`