Skip to main content

generate-ssh-key.sh

generate-ssh-key.sh

Sets up a new project on the Services VM for CI/CD deployment. Creates the project directory, deploy script, and SSH key pair.

Location: Services VM (10.0.0.2, SSH port 22102)

Prerequisites:

  • Must be run as the services user

Usage:

sudo su services
./generate-ssh-key.sh <project_name>

Example:

./generate-ssh-key.sh litreoir

This will:

  1. Create project directory at /home/services/<project_name>
  2. Create deploy script at /home/services/<project_name>/deploy-<project_name>.sh
  3. Generate an ed25519 key pair at ~/.ssh/<project_name>_ed25519
  4. Add the public key to ~/.ssh/authorized_keys
  5. Print the private key for copying to GitHub

After running, copy the printed private key and set it as the SSH_PRIVATE_KEY secret in GitHub:

gh secret set SSH_PRIVATE_KEY --env prod -R phonlab-tcd/<project_name>
#!/bin/bash
set -e

PROJECT_NAME="$1"

if [[ -z "$PROJECT_NAME" ]]; then
  echo "Usage: $0 <project_name>"
  exit 1
fi

PROJECT_DIR="/home/services/$PROJECT_NAME"
DEPLOY_SCRIPT="$PROJECT_DIR/deploy-$PROJECT_NAME.sh"
KEY_PATH="$HOME/.ssh/${PROJECT_NAME}_ed25519"
AUTH_KEYS="$HOME/.ssh/authorized_keys"

# Check if project directory already exists
if [[ -d "$PROJECT_DIR" ]]; then
  echo "Error: Project directory already exists at $PROJECT_DIR"
  exit 1
fi

# Check if key already exists
if [[ -f "$KEY_PATH" ]]; then
  echo "Error: Key already exists at $KEY_PATH"
  exit 1
fi

# Create project directory
echo "Creating project directory at $PROJECT_DIR..."
mkdir -p "$PROJECT_DIR"

# Create deploy script
echo "Creating deploy script at $DEPLOY_SCRIPT..."
cat > "$DEPLOY_SCRIPT" << 'EOF'
#!/bin/bash

# Login to our private registry
docker login 10.0.0.2:5000 -u admin -p KiVGdGsRnMNcrmgt822w

# Store the original working directory
original_directory="$(pwd)"

# Switch to the project's working directory
cd /home/services/PROJECT_NAME_PLACEHOLDER

# Create volumes if they don't exist
if [ ! -d "$(pwd)/data" ]; then
    mkdir "$(pwd)/data"
fi

# Remove the existing containers and network
docker compose down

# Pull the new version of the containers
docker compose pull

# Run the containers in daemon mode (in the background)
docker compose up -d

# Go back to the original directory
cd "$original_directory"
EOF

# Replace placeholder with actual project name
sed -i "s/PROJECT_NAME_PLACEHOLDER/$PROJECT_NAME/g" "$DEPLOY_SCRIPT"

# Make deploy script executable
chmod +x "$DEPLOY_SCRIPT"

# Generate the key pair
echo "Generating SSH key pair for $PROJECT_NAME..."
ssh-keygen -t ed25519 -a 100 -f "$KEY_PATH" -C "$PROJECT_NAME Github Action" -N ""

# Add public key to authorized_keys
echo "Adding public key to authorized_keys..."
cat "${KEY_PATH}.pub" >> "$AUTH_KEYS"

echo ""
echo "Done!"
echo "  - Project dir:   $PROJECT_DIR"
echo "  - Deploy script: $DEPLOY_SCRIPT"
echo "  - Private key:   $KEY_PATH"
echo "  - Public key:    ${KEY_PATH}.pub"
echo "  - Added to:      $AUTH_KEYS"
echo ""
echo "================= PRIVATE KEY (copy this to GitHub) ================="
echo ""
cat "$KEY_PATH"
echo ""
echo "====================================================================="
echo ""
echo "Set this as SSH_PRIVATE_KEY in GitHub:"
echo "  gh secret set SSH_PRIVATE_KEY --env prod -R phonlab-tcd/$PROJECT_NAME"