autocommit

secrets-decrypt.sh

@@ -1,31 +1,39 @@
 #!/bin/bash
 
-# Проверка наличия аргументов
+if [ "$(id -u)" != "0" ]; then
+    echo -e "\033[31mThis script requires superuser rights.\033[0m"
+    exit 0
+fi
+
 if [ "$#" -ne 3 ]; then
     echo "Usage: $0 PASSWORD ARCHIVE_FILE DESTINATION_DIR"
     exit 1
 fi
 
-# Присваиваем аргументы переменным
 PASSWORD=$1
 ARCHIVE_FILE=$2
 DESTINATION_DIR=$3
 
-# Проверка наличия существующего файла архива
+trap 'echo -e "\033[31msecrets-encrypt.sh: Something went wrong\033[0m"; exit 1' ERR
+set -e
+
+export DEBIAN_FRONTEND=noninteractive
+
+echo "Checking for an existing archive file..."
 if [ ! -f "$ARCHIVE_FILE" ]; then
     echo "Error: Archive file '$ARCHIVE_FILE' not found!"
     exit 2
 fi
 
-# Создание директории назначения, если она не существует
+echo "Check DESTINATION_DIR: $DESTINATION_DIR..."
-if [ ! -d "$DESTINATION_DIR" ]; then
+mkdir -p "$DESTINATION_DIR"
-    mkdir -p "$DESTINATION_DIR"
-fi
 
-# Расшифровываем и извлекаем архив
+
+echo "Decrypt and extract the archive..."
 openssl enc -aes-256-cbc -d -in "$ARCHIVE_FILE" -out - -pass pass:"$PASSWORD" -pbkdf2 -iter 100000 | tar -xzf - -C "$DESTINATION_DIR"
 
-# Проверка успешности выполнения команд
+trap - ERR
+
 if [ $? -eq 0 ]; then
     echo "Archive successfully decrypted and extracted to '$DESTINATION_DIR'"
 else

secrets-encrypt.sh

@@ -1,8 +1,12 @@
 #!/bin/bash
 
-# Проверим, что серверный домен передан как параметр
+if [ "$(id -u)" != "0" ]; then
+    echo -e "\033[31mThis script requires superuser rights.\033[0m"
+    exit 0
+fi
+
 if [ -z "$1" ]; then
-  echo "Usage: $0 <server_domain>"
+  echo "Usage: $0 <SERVER_DOMAIN>"
   exit 1
 fi
 
@@ -12,31 +16,28 @@ DOMAIN_DIR="/data/secrets/$SERVER_DOMAIN"
 KEYS_FILE="$SAFE_DIR/keys.env"
 ARCHIVE_FILE="$SAFE_DIR/$SERVER_DOMAIN.tar.gz"
 
-trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' ERR
+trap 'echo -e "\033[31msecrets-encrypt.sh: Something went wrong\033[0m"; exit 1' ERR
 set -e
 
 export DEBIAN_FRONTEND=noninteractive
 
-# Функция генерации пароля
 generate_password() {
   tr -dc 'a-z0-9' < /dev/urandom | head -c20
 }
 
-# Проверяем наличие ключа в keys.env и получаем его
+echo "We check for the presence of a key in keys.env and get it..."
 KEY_VAR=$(echo "$SERVER_DOMAIN" | tr '.' '_')
 
 if grep -q "^$KEY_VAR=" "$KEYS_FILE"; then
   PASSWORD=$(grep "^$KEY_VAR=" "$KEYS_FILE" | cut -d '=' -f2)
-  echo "Password for $SERVER_DOMAIN already exists."
+  echo "Password for $SERVER_DOMAIN already exists"
 else
   PASSWORD=$(generate_password)
   echo "$KEY_VAR=$PASSWORD" >> "$KEYS_FILE"
   echo "Generated new password for $SERVER_DOMAIN."
 fi
 
-# Упаковываем и шифруем архив
+echo "Pack and encrypt the archive..."
-#tar -czf - -C "$DOMAIN_DIR" . | openssl enc -aes-256-cbc -e -out "$ARCHIVE_FILE" -pass pass:"$PASSWORD"
-
 tar -czf - -C "$DOMAIN_DIR" . | openssl enc -aes-256-cbc -e -out "$ARCHIVE_FILE" -pass pass:"$PASSWORD" -pbkdf2 -iter 100000
 
 trap - ERR

secrets-le-save.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copy $SERVER_HOST.acme.json from remote server to dev server
+echo "Copy REMOTE_SERVER_HOST.acme.json from remote server to dev server $SERVER_DOMAIN..."
 
 if [ "$(id -u)" != "0" ]; then
     echo -e "\033[31mThis script requires superuser rights.\033[0m"
@@ -8,20 +8,31 @@ if [ "$(id -u)" != "0" ]; then
 fi
 
 if [ -z "$1" ]; then
-  echo "Usage: $0 <server_host>"
+  echo "Usage: $0 <REMOTE_SERVER_HOST>"
   exit 1
 fi
 
-SERVER_HOST=$1
+REMOTE_SERVER_HOST=$1
 REMOTE_USER="root"
-ACME_FILE="/data/secrets/$SERVER_HOST/letsencrypt/$SERVER_HOST.acme.json"
+ACME_FILE="/data/secrets/$REMOTE_SERVER_HOST/letsencrypt/$REMOTE_SERVER_HOST.acme.json"
+SECRETS_PATH=/data/secrets/$SERVER_DOMAIN/$SERVER_DOMAIN.env
 
 trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' ERR
 set -e
 
 export DEBIAN_FRONTEND=noninteractive
- 
+
-scp $REMOTE_USER@$SERVER_HOST:$ACME_FILE $ACME_FILE
+source $SECRETS_PATH
+
+echo $SECRETS_PATH
+
+if [ -z "$SSHPORT" ]; then
+    echo "Error: SSHPORT is not set or is empty"
+    exit 1
+fi
+
+echo "scp copy from $REMOTE_SERVER_HOST to local $SERVER_DOMAIN: $ACME_FILE..."
+scp -P $SSHPORT $REMOTE_USER@$REMOTE_SERVER_HOST:$ACME_FILE $ACME_FILE
 
 trap - ERR
-echo "remote $SERVER_HOST.acme.json copied to local folder"
+echo "remote $REMOTE_SERVER_HOST.acme.json copied to local folder"

secrets-push.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Push secrets to storage of secrets on $SERVER_ORIGIN_DOMAIN
+echo "Push secrets to storage of secrets on SERVER_ORIGIN_DOMAIN..."
 
 if [ "$(id -u)" != "0" ]; then
     echo -e "\033[31mThis script requires superuser rights.\033[0m"
@@ -8,28 +8,25 @@ if [ "$(id -u)" != "0" ]; then
 fi
 
 if [ -z "$1" ]; then
-  echo "Usage: $0 <server_host>"
+  echo "Usage: $0 <REMOTE_SERVER_HOST>"
   exit 1
 fi
 
-SERVER_HOST=$1
+REMOTE_SERVER_HOST=$1
 SAFE_DIR="/data/secrets/safe"
-ARCHIVE_FILE="$SAFE_DIR/$SERVER_HOST.tar.gz"
+ARCHIVE_FILE="$SAFE_DIR/$REMOTE_SERVER_HOST.tar.gz"
 REMOTE_USER="root"
-SECRETS_PATH=/data/secrets/$SERVER_HOST/$SERVER_HOST.env
+SECRETS_PATH=/data/secrets/$SERVER_DOMAIN/$SERVER_DOMAIN.env
 
-
+trap 'echo -e "\033[31msecrets-push.sh: Something went wrong\033[0m"; exit 1' ERR
-
-trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' ERR
 set -e
 
 export DEBIAN_FRONTEND=noninteractive
 
 source $SECRETS_PATH
 
-
 echo "Encrypt secrets..."
-bash secrets-encrypt.sh $SERVER_HOST
+bash secrets-encrypt.sh $REMOTE_SERVER_HOST
 
 echo "Create SAFE_DIR on ORIGIN server..."
 ssh $REMOTE_USER@$SERVER_ORIGIN_DOMAIN "mkdir -p $SAFE_DIR"
@@ -38,4 +35,4 @@ echo "Save archive on ORIGIN server safe..."
 scp $ARCHIVE_FILE $REMOTE_USER@$SERVER_ORIGIN_DOMAIN:$SAFE_DIR
 
 trap - ERR
-echo "Secrets for $SERVER_HOST pushed complete"
+echo "Secrets for $REMOTE_SERVER_HOST pushed complete"