diff --git a/.drone.yml b/.drone.yml index 8c38b13..82e4fc8 100644 --- a/.drone.yml +++ b/.drone.yml @@ -11,8 +11,11 @@ steps: from_secret: serverctl_access_key SECRET_KEY: from_secret: serverctl_secret_key + SSH_ZIP_KEY: + from_secret: serverctl_ssh_zip_key commands: - - apk --update add curl + - apk --update add curl zip + - cd infrastructure && unzip-ssh-keys "$SSH_ZIP_KEY" && cd .. - curl --silent --output terraform.zip "https://releases.hashicorp.com/terraform/1.1.6/terraform_1.1.6_linux_amd64.zip" - unzip terraform.zip ; rm -f terraform.zip; chmod +x terraform - mkdir -p ${HOME}/bin ; export PATH=${PATH}:${HOME}/bin; mv terraform ${HOME}/bin/ @@ -20,4 +23,4 @@ steps: - cd infrastructure/create-resources - terraform init -backend-config="access_key=$ACCESS_KEY" -backend-config="secret_key=$SECRET_KEY" - terraform validate - - terraform apply -auto-approve -var "hcloud_token=$HCLOUD_TOKEN" + - terraform apply -auto-approve -var "hcloud_token=$HCLOUD_TOKEN" -var "pvt_key='../ssh_keys/id_ed25519'" -var "pub_key='../ssh_keys/id_ed25519.pub'" diff --git a/infrastructure/.gitignore b/infrastructure/.gitignore new file mode 100644 index 0000000..ac5629f --- /dev/null +++ b/infrastructure/.gitignore @@ -0,0 +1 @@ +ssh_keys/ diff --git a/infrastructure/ssh_keys.zip b/infrastructure/ssh_keys.zip new file mode 100644 index 0000000..74ba427 Binary files /dev/null and b/infrastructure/ssh_keys.zip differ diff --git a/infrastructure/unzip-ssh-keys.sh b/infrastructure/unzip-ssh-keys.sh new file mode 100755 index 0000000..dfdd31e --- /dev/null +++ b/infrastructure/unzip-ssh-keys.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +ZIP_KEY=$1 + +unzip -P "$ZIP_KEY" ssh_keys.zip + +echo "unzip done!" diff --git a/infrastructure/zip-ssh-keys.sh b/infrastructure/zip-ssh-keys.sh new file mode 100755 index 0000000..c5ea919 --- /dev/null +++ b/infrastructure/zip-ssh-keys.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +ZIP_KEY=$(openssl rand -hex 30) + +mkdir -p ssh_keys/ + +cp -f ~/.ssh/id_ed25519* ssh_keys/ + +zip -r --password $ZIP_KEY ssh_keys.zip ssh_keys/ + +echo "zip done!" +echo "Zip key: $ZIP_KEY"