44 lines
1.3 KiB
Makefile
44 lines
1.3 KiB
Makefile
# Ansible Vault encrypted files installer
|
|
# Usage: make install PASSWORD=yourpassword
|
|
|
|
PASSWORD ?=
|
|
PASSWORD_FILE = .vault_password
|
|
|
|
.PHONY: install decrypt clean
|
|
|
|
|
|
_init_password_file:
|
|
@if [ ! -f $(PASSWORD_FILE) ]; then \
|
|
echo "$(PASSWORD)" > $(PASSWORD_FILE); \
|
|
chmod 600 $(PASSWORD_FILE); \
|
|
fi
|
|
|
|
|
|
_destroy_password_file:
|
|
@if [ -f $(PASSWORD_FILE) ]; then \
|
|
rm -f $(PASSWORD_FILE); \
|
|
fi
|
|
|
|
|
|
_install:
|
|
@mkdir -p $(HOME)/.ssh $(HOME)/.gnupg
|
|
@echo "$(PASSWORD)" | ansible-vault decrypt --output $(HOME)/.ssh/id_ed25519 id_ed25519 --vault-password-file=$(PASSWORD_FILE)
|
|
@chmod 600 $(HOME)/.ssh/id_ed25519
|
|
@echo "$(PASSWORD)" | ansible-vault decrypt --output $(HOME)/.gnupg/private.gpg private.gpg --vault-password-file=$(PASSWORD_FILE)
|
|
@chmod 600 $(HOME)/.gnupg/private.gpg
|
|
@echo "Keys installed successfully"
|
|
|
|
install: _init_password_file _install _destroy_password_file
|
|
|
|
# Decrypt files to current directory (for inspection)
|
|
_decrypt:
|
|
@ansible-vault decrypt --output id_ed25519.decrypted id_ed25519 --vault-password-file=$(PASSWORD_FILE)
|
|
@ansible-vault decrypt --output private.gpg.decrypted private.gpg --vault-password-file=$(PASSWORD_FILE)
|
|
@chmod 600 id_ed25519.decrypted private.gpg.decrypted
|
|
|
|
decrypt: _init_password_file _decrypt _destroy_password_file
|
|
|
|
|
|
clean:
|
|
@rm -f *.decrypted
|