cmd/key/generate.sh at main · dynamicalsystem.com/tinsnip

dynamicalsystem.com / tinsnip
fork atom
homelab infrastructure services
fork atom
tinsnip / cmd / key / generate.sh
at main 116 lines 3.4 kB view raw
wrap content
dynamicalsystem.com Fix rootless Docker support and machine name parsing 5mo ago
3bb45143
  1#!/bin/bash
  2# tin key generate - Generate SSH key for NAS server
  3
  4set -euo pipefail
  5
  6# Get tinsnip root and source libraries
  7SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
  8TINSNIP_ROOT="$(dirname "$(dirname "$SCRIPT_DIR")")"
  9source "$TINSNIP_ROOT/lib/core.sh"
 10source "$TINSNIP_ROOT/lib/registry.sh"
 11
 12# Generate SSH key pair for a NAS server
 13generate_nas_key() {
 14    local nas_server="$1"
 15    check_tinsnip_station || return 1
 16    
 17    # Ensure the ssh-keys directory exists
 18    local ssh_keys_dir="$NAS_CREDENTIALS_DIR/ssh-keys"
 19    if [[ ! -d "$ssh_keys_dir" ]]; then
 20        log_with_prefix "SSH Keys" "Creating SSH keys directory: $ssh_keys_dir"
 21        mkdir -p "$ssh_keys_dir"
 22    fi
 23    
 24    local key_path="$ssh_keys_dir/${nas_server}.key"
 25    local pub_key_path="${key_path}.pub"
 26    
 27    if [[ -f "$key_path" ]]; then
 28        warn_with_prefix "SSH Keys" "SSH key already exists for $nas_server"
 29        echo -e "\033[1;36mOverwrite existing key? [y/N]: \033[0m\c"
 30        read overwrite
 31        case "$overwrite" in
 32            [Yy]*)
 33                log_with_prefix "SSH Keys" "Overwriting existing key for $nas_server"
 34                rm -f "$key_path" "$pub_key_path"
 35                ;;
 36            *)
 37                log_with_prefix "SSH Keys" "Keeping existing key for $nas_server"
 38                return 0
 39                ;;
 40        esac
 41    fi
 42    
 43    log_with_prefix "SSH Keys" "Generating SSH key for NAS server: $nas_server"
 44    
 45    # Generate key with no passphrase for automation
 46    ssh-keygen -t ed25519 \
 47        -f "$key_path" \
 48        -C "tinsnip@$(hostname)-$nas_server" \
 49        -N "" \
 50        -q
 51    
 52    # Set restrictive permissions
 53    chmod 600 "$key_path"
 54    chmod 644 "$pub_key_path"
 55    
 56    log_with_prefix "SSH Keys" "SSH key generated: $key_path"
 57    log_with_prefix "SSH Keys" "Public key: $pub_key_path"
 58    
 59    log_with_prefix "SSH Keys" "✅ SSH key generated successfully"
 60    log_with_prefix "Next Steps" "Install on NAS: tin key install $nas_server"
 61    
 62    return 0
 63}
 64
 65show_help() {
 66    cat << EOF
 67tin key generate - Generate SSH key for NAS server
 68
 69USAGE:
 70    tin key generate <nas-server>
 71    tin key <nas-server>              # Shorthand
 72
 73DESCRIPTION:
 74    Generate an SSH key pair for authenticating with a NAS server.
 75    Keys are stored in the tinsnip station for centralized management
 76    and can be installed on the NAS for password-free access.
 77
 78ARGUMENTS:
 79    <nas-server>    NAS server hostname or IP address
 80
 81EXAMPLES:
 82    tin key generate DS412plus.local    # Generate key for DS412plus
 83    tin key 192.168.1.100               # Generate key for NAS IP
 84    tin key mynas                       # Generate key for named server
 85
 86NOTES:
 87    - Keys are stored in /mnt/station-prod/data/nas-credentials/ssh-keys/
 88    - Use 'tin key install <nas-server>' to install the key on the NAS
 89    - Use 'tin key list' to see generated keys
 90
 91EOF
 92}
 93
 94# Handle help flags
 95case "${1:-}" in
 96    --help|-h|help)
 97        show_help
 98        exit 0
 99        ;;
100esac
101
102# Main execution
103if [[ $# -eq 0 ]]; then
104    error_with_prefix "Key Generate" "NAS server name required"
105    echo "Usage: tin key generate <nas-server>" >&2
106    exit 1
107fi
108
109nas_server="$1"
110
111# Validate NAS server name (basic validation)
112if [[ -z "$nas_server" ]]; then
113    error_with_prefix "Key Generate" "NAS server name cannot be empty"
114fi
115
116generate_nas_key "$nas_server"