add generate-secrets pkg

generate-secrets.sh will also be used in generate-secrets.nix, so DRY
its dependency definitions.
This commit is contained in:
Erik Arvstedt 2019-11-27 14:04:31 +01:00
parent e34093a8ac
commit 6447694214
No known key found for this signature in database
GPG key ID: 33312B944DD97846
5 changed files with 10 additions and 2 deletions

View file

@ -9,4 +9,5 @@
hwi = pkgs.callPackage ./hwi { };
pylightning = pkgs.python3Packages.callPackage ./pylightning { };
liquid-swap = pkgs.python3Packages.callPackage ./liquid-swap { };
generate-secrets = pkgs.callPackage ./generate-secrets { };
}

View file

@ -0,0 +1,6 @@
{ pkgs }: with pkgs;
writeScript "generate-secrets" ''
export PATH=${lib.makeBinPath [ coreutils apg openssl ]}
. ${./generate-secrets.sh} ${./openssl.cnf}
''

View file

@ -0,0 +1,43 @@
#!/bin/sh
opensslConf=${1:-openssl.cnf}
secretsFile=secrets.nix
if [ ! -e "$secretsFile" ]; then
echo Write secrets to $secretsFile
makepw="apg -m 20 -x 20 -M Ncl -n 1"
{
echo \{
echo " bitcoinrpcpassword = \"$($makepw)\";"
echo " lnd-wallet-password = \"$($makepw)\";"
echo " lightning-charge-api-token = \"$($makepw)\";"
echo " liquidrpcpassword = \"$($makepw)\";"
echo " spark-wallet-password = \"$($makepw)\";"
echo \}
} >> $secretsFile
echo Done
else
echo $secretsFile already exists. Skipping.
fi
if [ ! -e nginx.key ] || [ ! -e nginx.cert ]; then
echo Generate Nginx Self-Signed Cert
openssl genrsa -out nginx.key 2048
openssl req -new -key nginx.key -out nginx.csr -subj "/C=KN"
openssl x509 -req -days 1825 -in nginx.csr -signkey nginx.key -out nginx.cert
rm nginx.csr
echo Done
else
echo Nginx Cert already exists. Skipping.
fi
if [ ! -e lnd.key ] || [ ! -e lnd.cert ]; then
echo Generate LND compatible TLS Cert
openssl ecparam -genkey -name prime256v1 -out lnd.key
openssl req -config $opensslConf -new -sha256 -key lnd.key -out lnd.csr -subj '/CN=localhost/O=lnd'
openssl req -config $opensslConf -x509 -sha256 -days 1825 -key lnd.key -in lnd.csr -out lnd.cert
rm lnd.csr
echo Done
else
echo LND cert already exists. Skipping.
fi

View file

@ -0,0 +1,32 @@
[ req ]
#default_bits = 2048
#default_md = sha256
#default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, fully qualified host name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
[ v3_ca ]
subjectAltName = @alt_names
[ alt_names ]
IP.1 = 127.0.0.1
DNS.1 = localhost