#
# ASRockRack IPMI TLS certificate
#

TOFU_CERT := ipmi-https-cert.pem

ipmi-https-fingerprint:
	@echo Fingerprints of the certificate first presented by the IPMI web interface:
	@echo
	@for hash in sha1 sha256; do \
		echo -n '  '; \
		openssl x509 -fingerprint -$${hash} -in $(TOFU_CERT) | grep Fingerprint; \
	done
	@echo

#
# Coloclue IPMI VPN
# TODO: set this up
#
# Note: this target needs to be run as root so that openvpn is able to setup
# networking
#
vpn:
	@echo check credentials in our password-store, username: groente
	openvpn ./dcg-oob-TCP-1194.ovpn

IPMI_USER := ADMIN

ipmi-console:
	ssh -o UserKnownHostsFile=./known_hosts.ipmi $(IPMI_USER)@chameleon-oob.tails.net

ipmi-https: ipmi-https-fingerprint
	@echo "IPMI web at https://chameleon-oob.tails.net"

dropbear-fingerprints:
	ssh-keygen -F chameleon.tails.net -f ./known_hosts.dropbear -l

dropbear-ssh:
	ssh -o UserKnownHostsFile=./known_hosts.dropbear root@chameleon.tails.net -p 22

dropbear-unlock:
	ssh -o UserKnownHostsFile=./known_hosts.dropbear -t root@chameleon.tails.net -p 22 cryptroot-unlock

#
# SSH
#

ssh-fingerprints:
	ssh-keygen -F chameleon.tails.net -f ./known_hosts.ssh -l

ssh-as-root:
	ssh -o UserKnownHostsFile=./known_hosts.ssh root@chameleon.tails.net -p 22
