#
# Backup
#
-nodo::subsystem::backup::encryptkey : "FIXME"
-nodo::subsystem::backup::password : 'FIXME using hiera-eyaml'
+# Example config:
+#
+# nodo::subsystem::backup::encryptkey : "FIXME"
+# nodo::subsystem::backup::password : 'FIXME using hiera-eyaml'
mkdir -p $HYDRA_FOLDER/puppet/config/secrets/node
cp $YAML $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+# Generate keys
+hydra $HYDRA newkeys all $NODE
+
+# Add OpenPGP key ID into secret node config
+KEYID="`keyringer $HYDRA decrypt nodes/$NODE/gpg/key.pub 2> /dev/null | gpg --with-colons 2> /dev/null | grep ^pub: | cut -d : -f 5`"
+echo "nodo::subsystem::backup::encryptkey: '$KEYID\"" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+
+echo "" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+
+# Add OpenPGP passphrase into secret node config
+keyringer $HYDRA decrypt nodes/$NODE/gpg/key.passwd | \
+hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+
+echo "" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yam
+
+# Add Borg passphrase into secret node config
+keyringer $HYDRA decrypt nodes/$NODE/borg/key.passwd | \
+hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+
# Add to git
(
cd $HYDRA_FOLDER/puppet
projects / hydra.git / commitdiff