43 lines
1.3 KiB
Bash
43 lines
1.3 KiB
Bash
#!/bin/bash
|
||
|
||
# Проверим, что серверный домен передан как параметр
|
||
if [ -z "$1" ]; then
|
||
echo "Usage: $0 <server_domain>"
|
||
exit 1
|
||
fi
|
||
|
||
SERVER_DOMAIN=$1
|
||
SAFE_DIR="/data/secrets/safe"
|
||
DOMAIN_DIR="/data/secrets/$SERVER_DOMAIN"
|
||
KEYS_FILE="$SAFE_DIR/keys.env"
|
||
ARCHIVE_FILE="$SAFE_DIR/$SERVER_DOMAIN.tar.gz"
|
||
|
||
trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' ERR
|
||
set -e
|
||
|
||
export DEBIAN_FRONTEND=noninteractive
|
||
|
||
# Функция генерации пароля
|
||
generate_password() {
|
||
tr -dc 'a-z0-9' < /dev/urandom | head -c20
|
||
}
|
||
|
||
# Проверяем наличие ключа в keys.env и получаем его
|
||
KEY_VAR=$(echo "$SERVER_DOMAIN" | tr '.' '_')
|
||
|
||
if grep -q "^$KEY_VAR=" "$KEYS_FILE"; then
|
||
PASSWORD=$(grep "^$KEY_VAR=" "$KEYS_FILE" | cut -d '=' -f2)
|
||
echo "Password for $SERVER_DOMAIN already exists."
|
||
else
|
||
PASSWORD=$(generate_password)
|
||
echo "$KEY_VAR=$PASSWORD" >> "$KEYS_FILE"
|
||
echo "Generated new password for $SERVER_DOMAIN."
|
||
fi
|
||
|
||
# Упаковываем и шифруем архив
|
||
#tar -czf - -C "$DOMAIN_DIR" . | openssl enc -aes-256-cbc -e -out "$ARCHIVE_FILE" -pass pass:"$PASSWORD"
|
||
|
||
tar -czf - -C "$DOMAIN_DIR" . | openssl enc -aes-256-cbc -e -out "$ARCHIVE_FILE" -pass pass:"$PASSWORD" -pbkdf2 -iter 100000
|
||
|
||
trap - ERR
|
||
echo "Encrypted archive created at $ARCHIVE_FILE" |