diff --git a/secrets-decrypt.sh b/secrets-decrypt.sh index cc6d38f..1a15b05 100644 --- a/secrets-decrypt.sh +++ b/secrets-decrypt.sh @@ -1,31 +1,39 @@ #!/bin/bash -# Проверка наличия аргументов +if [ "$(id -u)" != "0" ]; then + echo -e "\033[31mThis script requires superuser rights.\033[0m" + exit 0 +fi + if [ "$#" -ne 3 ]; then echo "Usage: $0 PASSWORD ARCHIVE_FILE DESTINATION_DIR" exit 1 fi -# Присваиваем аргументы переменным PASSWORD=$1 ARCHIVE_FILE=$2 DESTINATION_DIR=$3 -# Проверка наличия существующего файла архива +trap 'echo -e "\033[31msecrets-encrypt.sh: Something went wrong\033[0m"; exit 1' ERR +set -e + +export DEBIAN_FRONTEND=noninteractive + +echo "Checking for an existing archive file..." if [ ! -f "$ARCHIVE_FILE" ]; then echo "Error: Archive file '$ARCHIVE_FILE' not found!" exit 2 fi -# Создание директории назначения, если она не существует -if [ ! -d "$DESTINATION_DIR" ]; then - mkdir -p "$DESTINATION_DIR" -fi +echo "Check DESTINATION_DIR: $DESTINATION_DIR..." +mkdir -p "$DESTINATION_DIR" -# Расшифровываем и извлекаем архив + +echo "Decrypt and extract the archive..." openssl enc -aes-256-cbc -d -in "$ARCHIVE_FILE" -out - -pass pass:"$PASSWORD" -pbkdf2 -iter 100000 | tar -xzf - -C "$DESTINATION_DIR" -# Проверка успешности выполнения команд +trap - ERR + if [ $? -eq 0 ]; then echo "Archive successfully decrypted and extracted to '$DESTINATION_DIR'" else diff --git a/secrets-encrypt.sh b/secrets-encrypt.sh index 5bffa19..f1fc48f 100644 --- a/secrets-encrypt.sh +++ b/secrets-encrypt.sh @@ -1,8 +1,12 @@ #!/bin/bash -# Проверим, что серверный домен передан как параметр +if [ "$(id -u)" != "0" ]; then + echo -e "\033[31mThis script requires superuser rights.\033[0m" + exit 0 +fi + if [ -z "$1" ]; then - echo "Usage: $0 " + echo "Usage: $0 " exit 1 fi @@ -12,31 +16,28 @@ DOMAIN_DIR="/data/secrets/$SERVER_DOMAIN" KEYS_FILE="$SAFE_DIR/keys.env" ARCHIVE_FILE="$SAFE_DIR/$SERVER_DOMAIN.tar.gz" -trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' ERR +trap 'echo -e "\033[31msecrets-encrypt.sh: Something went wrong\033[0m"; exit 1' ERR set -e export DEBIAN_FRONTEND=noninteractive -# Функция генерации пароля generate_password() { tr -dc 'a-z0-9' < /dev/urandom | head -c20 } -# Проверяем наличие ключа в keys.env и получаем его +echo "We check for the presence of a key in keys.env and get it..." KEY_VAR=$(echo "$SERVER_DOMAIN" | tr '.' '_') if grep -q "^$KEY_VAR=" "$KEYS_FILE"; then PASSWORD=$(grep "^$KEY_VAR=" "$KEYS_FILE" | cut -d '=' -f2) - echo "Password for $SERVER_DOMAIN already exists." + echo "Password for $SERVER_DOMAIN already exists" else PASSWORD=$(generate_password) echo "$KEY_VAR=$PASSWORD" >> "$KEYS_FILE" echo "Generated new password for $SERVER_DOMAIN." fi -# Упаковываем и шифруем архив -#tar -czf - -C "$DOMAIN_DIR" . | openssl enc -aes-256-cbc -e -out "$ARCHIVE_FILE" -pass pass:"$PASSWORD" - +echo "Pack and encrypt the archive..." tar -czf - -C "$DOMAIN_DIR" . | openssl enc -aes-256-cbc -e -out "$ARCHIVE_FILE" -pass pass:"$PASSWORD" -pbkdf2 -iter 100000 trap - ERR diff --git a/secrets-le-save.sh b/secrets-le-save.sh index 884351a..c30f2e6 100644 --- a/secrets-le-save.sh +++ b/secrets-le-save.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copy $SERVER_HOST.acme.json from remote server to dev server +echo "Copy REMOTE_SERVER_HOST.acme.json from remote server to dev server $SERVER_DOMAIN..." if [ "$(id -u)" != "0" ]; then echo -e "\033[31mThis script requires superuser rights.\033[0m" @@ -8,20 +8,31 @@ if [ "$(id -u)" != "0" ]; then fi if [ -z "$1" ]; then - echo "Usage: $0 " + echo "Usage: $0 " exit 1 fi -SERVER_HOST=$1 +REMOTE_SERVER_HOST=$1 REMOTE_USER="root" -ACME_FILE="/data/secrets/$SERVER_HOST/letsencrypt/$SERVER_HOST.acme.json" +ACME_FILE="/data/secrets/$REMOTE_SERVER_HOST/letsencrypt/$REMOTE_SERVER_HOST.acme.json" +SECRETS_PATH=/data/secrets/$SERVER_DOMAIN/$SERVER_DOMAIN.env trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' ERR set -e export DEBIAN_FRONTEND=noninteractive - -scp $REMOTE_USER@$SERVER_HOST:$ACME_FILE $ACME_FILE + +source $SECRETS_PATH + +echo $SECRETS_PATH + +if [ -z "$SSHPORT" ]; then + echo "Error: SSHPORT is not set or is empty" + exit 1 +fi + +echo "scp copy from $REMOTE_SERVER_HOST to local $SERVER_DOMAIN: $ACME_FILE..." +scp -P $SSHPORT $REMOTE_USER@$REMOTE_SERVER_HOST:$ACME_FILE $ACME_FILE trap - ERR -echo "remote $SERVER_HOST.acme.json copied to local folder" \ No newline at end of file +echo "remote $REMOTE_SERVER_HOST.acme.json copied to local folder" \ No newline at end of file diff --git a/secrets-push.sh b/secrets-push.sh index 1106912..b9fffe7 100644 --- a/secrets-push.sh +++ b/secrets-push.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Push secrets to storage of secrets on $SERVER_ORIGIN_DOMAIN +echo "Push secrets to storage of secrets on SERVER_ORIGIN_DOMAIN..." if [ "$(id -u)" != "0" ]; then echo -e "\033[31mThis script requires superuser rights.\033[0m" @@ -8,28 +8,25 @@ if [ "$(id -u)" != "0" ]; then fi if [ -z "$1" ]; then - echo "Usage: $0 " + echo "Usage: $0 " exit 1 fi -SERVER_HOST=$1 +REMOTE_SERVER_HOST=$1 SAFE_DIR="/data/secrets/safe" -ARCHIVE_FILE="$SAFE_DIR/$SERVER_HOST.tar.gz" +ARCHIVE_FILE="$SAFE_DIR/$REMOTE_SERVER_HOST.tar.gz" REMOTE_USER="root" -SECRETS_PATH=/data/secrets/$SERVER_HOST/$SERVER_HOST.env +SECRETS_PATH=/data/secrets/$SERVER_DOMAIN/$SERVER_DOMAIN.env - - -trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' ERR +trap 'echo -e "\033[31msecrets-push.sh: Something went wrong\033[0m"; exit 1' ERR set -e export DEBIAN_FRONTEND=noninteractive source $SECRETS_PATH - echo "Encrypt secrets..." -bash secrets-encrypt.sh $SERVER_HOST +bash secrets-encrypt.sh $REMOTE_SERVER_HOST echo "Create SAFE_DIR on ORIGIN server..." ssh $REMOTE_USER@$SERVER_ORIGIN_DOMAIN "mkdir -p $SAFE_DIR" @@ -38,4 +35,4 @@ echo "Save archive on ORIGIN server safe..." scp $ARCHIVE_FILE $REMOTE_USER@$SERVER_ORIGIN_DOMAIN:$SAFE_DIR trap - ERR -echo "Secrets for $SERVER_HOST pushed complete" \ No newline at end of file +echo "Secrets for $REMOTE_SERVER_HOST pushed complete" \ No newline at end of file