From f4d821da7e189a0b4b5d1201b9e61ee9e2b994ff Mon Sep 17 00:00:00 2001
From: Aleksander Cynarski <aleksander@cynarski.pl>
Date: Fri, 20 Nov 2020 23:47:50 +0100
Subject: [PATCH] CHANGELOG

Code formatting

Improvments
---
 CHANGELOG.md |  5 +++++
 install.sh   | 26 ++++++++++++++++++++++----
 2 files changed, 27 insertions(+), 4 deletions(-)
 create mode 100644 CHANGELOG.md

diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..86383e5
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,5 @@
+## [v1.0.0](https://git.cynarski.pl/devOps/trust-ca-ssh/releases/tag/v1.0.0) - 2020-11-20
+
+* INNE
+  * Pobieranie trusted CA z Vault (#2)
+  * Sprawdzanie konfiguracji ssh, czy posiada TrustedUserCAKeys (#1)
diff --git a/install.sh b/install.sh
index 4c56371..05e9076 100755
--- a/install.sh
+++ b/install.sh
@@ -1,14 +1,32 @@
 #!/bin/bash
 
+set -o errexit
+set -o nounset
+set -o pipefail
+
+#
+# Helper functions
+#
+declare -i term_width=120
+
+h2() {
+    printf '\e[1;33m==>\e[37;1m %s\e[0m\n' "$*"
+}
+
 SSHD_CONFIG=/etc/ssh/sshd_config
 CA_FILE=/etc/ssh/trusted-ca.pem
 VAULT_CERT="https://vlt.cynarski.dev/v1/ssh-test/public_key"
 
 if !(grep -q "TrustedUserCAKeys" $SSHD_CONFIG); then
-     curl -o $CA_FILE $VAULT_CERT
-     echo "TrustedUserCAKeys ${CA_FILE}" | tee -a $SSHD_CONFIG
+	h2 "Add new TrustedUserCAKeys"
+	curl -s -o $CA_FILE $VAULT_CERT
+	echo "TrustedUserCAKeys ${CA_FILE}" | tee -a $SSHD_CONFIG
 else 
 	CA_FILE=$(grep "TrustedUserCAKeys" $SSHD_CONFIG|cut -d' ' -f2)
-	echo $CA_FILE
-	curl $VAULT_CERT >> $CA_FILE	
+	h2 "Attach trusted CA to ${CA_FILE}"
+	curl -s $VAULT_CERT >> $CA_FILE	
 fi
+
+h2 "Restart sshd service"
+systemctl restart sshd
+h2 "Done."