nix-dotfiles/hosts/tsuki/services/gitlab/genfiles.sh

26 lines
496 B
Bash
Executable File

#!/usr/bin/env bash
if [ "$EUID" -ne 0 ]; then
echo "Please run as root"
exit 1
fi
KEYDIR='/var/keys/gitlab'
umask u=rwx,g=,o=
mkdir -p $KEYDIR
chmod 755 '/var/keys'
for FILE in secretFile dbFile otpFile pages_secret; do
tr -dc A-Za-z0-9 < /dev/random | head -c 128 > $KEYDIR/$FILE
done
nix-shell -p openssl --run "openssl genrsa 2048 > $KEYDIR/jwsFile"
chmod 600 $KEYDIR/jwsFile
read -s -p "Root password: " ROOTPASS
echo $ROOTPASS > $KEYDIR/root_password
chown -R git:git $KEYDIR