mirror of
https://github.com/numtide/nixos-anywhere.git
synced 2024-10-26 12:57:16 +03:00
terraform/all-in-one: fix zfs decrypt example
This commit is contained in:
parent
8b907bb53c
commit
1fdbe4cdcd
@ -48,7 +48,7 @@ mkdir -p etc/ssh var/lib/secrets
|
||||
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
|
||||
|
||||
umask 0177
|
||||
sops --extract '["initrd_ssh_key"]' -d "$SCRIPT_DIR/secrets.yaml" >./var/lib/secrets/initrd_ssh_key
|
||||
sops --extract '["initrd_ssh_key"]' --decrypt "$SCRIPT_DIR/secrets.yaml" >./var/lib/secrets/initrd_ssh_key
|
||||
|
||||
# restore umask
|
||||
umask 0022
|
||||
@ -59,7 +59,7 @@ for keyname in ssh_host_rsa_key ssh_host_rsa_key.pub ssh_host_ed25519_key ssh_ho
|
||||
else
|
||||
umask 0177
|
||||
fi
|
||||
sops --extract '["'$keyname'"]' -d "$SCRIPT_DIR/secrets.yaml" >"./etc/ssh/$keyname"
|
||||
sops --extract '["'$keyname'"]' --decrypt "$SCRIPT_DIR/secrets.yaml" >"./etc/ssh/$keyname"
|
||||
done
|
||||
```
|
||||
|
||||
@ -72,7 +72,7 @@ set -euo pipefail
|
||||
|
||||
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
|
||||
cd "$SCRIPT_DIR"
|
||||
sops --extract '["zfs-key"]' -d "$SCRIPT_DIR/secrets.yaml" >"./etc/ssh/$keyname"
|
||||
sops --extract '["zfs-key"]' --decrypt "$SCRIPT_DIR/secrets.yaml"
|
||||
```
|
||||
|
||||
## See also
|
||||
|
Loading…
Reference in New Issue
Block a user