Let's add the creds to override.conf, actually. And it is safe to run systemd-creds setup, since it doesn't rewrite an existing key.

2023-05-25 00:52:51 +04:00 · 2023-05-25 00:52:51 +04:00 · cf7e240e8a
commit cf7e240e8a
parent 705a4ede76
1 changed files with 10 additions and 1 deletions
--- a/tools/gen-salt.sh
+++ b/tools/gen-salt.sh
@ -5,11 +5,20 @@ if [[ $EUID -ne 0 ]]; then
    exit 1
 fi

+# It will create a new encription key if it doesn't exists.
+systemd-creds setup
+
 if [[ $1 ]]; then
    char_num=$1;
 else
    char_num=64;
 fi

+service_override=$(pkg-config systemd --variable=systemdsystemconfdir)/dwelling-upload.service.d/override.conf
+
+if [ ! -f $service_override ]; then
+    echo "[Service]" > $service_override;
+fi
+
 cat /dev/urandom | tr -dc 'a-zA-Z0-9!@#$%^&*' | fold -w $char_num | head -n 1 \
-    | systemd-creds encrypt -qp --name=salt - - 2> /dev/null
+    | systemd-creds encrypt -qp --name=salt - - 2> /dev/null >> $service_override;