#
# ASRockRack IPMI TLS certificate
#

TOFU_CERT := ipmi-https-cert.pem

ipmi-https-fingerprint:
	@echo Fingerprints of the certificate first presented by the IPMI web interface:
	@echo
	@for hash in sha1 sha256; do \
		echo -n '  '; \
		openssl x509 -fingerprint -$${hash} -in $(TOFU_CERT) | grep Fingerprint; \
	done
	@echo

#
# Riseup IPMI jumphost forwarding
# See: https://we.riseup.net/riseup+colo/ipmi-jumphost-user-docs
#

IPMI_USER := tails2

ipmi-power:
	ssh -p 4422 -o UserKnownHostsFile=./known_hosts.ipmi $(IPMI_USER)@magpie.riseup.net power

ipmi-console:
	ssh -p 4422 -o UserKnownHostsFile=./known_hosts.ipmi -t $(IPMI_USER)@magpie.riseup.net console

ipmi-https: ipmi-https-fingerprint
	@echo "IPMI web at https://localhost:8443  Hit ctrl-c when done"
	ssh -p 4422 -o UserKnownHostsFile=./known_hosts.ipmi -L 8443:$(IPMI_USER)-ipmi:443 -N -T $(IPMI_USER)@magpie.riseup.net

#ipmi-http:
#	echo "ipmi web at http://localhost:8080  Hit ctrl-c when done"
#	ssh -p 4422 -L 8080:$(IPMI_USER)-ipmi:80 -N -T $(IPMI_USER)@magpie.riseup.net

#
# Dropbear
#

dropbear-fingerprints:
	ssh-keygen -F iguana.tails.net -f ./known_hosts.dropbear -l

dropbear-ssh:
	ssh -o UserKnownHostsFile=./known_hosts.dropbear root@iguana.tails.net -p 22

dropbear-unlock:
	ssh -o UserKnownHostsFile=./known_hosts.dropbear -t root@iguana.tails.net -p 22 \
	  cryptroot-unlock

#
# SSH
#

ssh-fingerprints:
	ssh-keygen -F iguana.tails.net -f ./known_hosts.ssh -l

ssh-as-root:
	ssh -o UserKnownHostsFile=./known_hosts.ssh root@iguana.tails.net -p 22
