#!/usr/bin/env bash set -euo pipefail # === METADATA === SCRIPT_NAME="$(basename "$0")" # === CONFIGURATION === : "${NODE_NAME:=node-a}" : "${OPERATOR_EMAIL:=}" # === FUNCTIONS === log_info() { echo "[INFO] $(date -Iseconds) $*"; } log_warn() { echo "[WARN] $(date -Iseconds) $*" >&2; } log_error() { echo "[ERROR] $(date -Iseconds) $*" >&2; } main() { log_info "Starting $SCRIPT_NAME - ROLLBACK identity..." echo "" echo "============================================" echo " IDENTITY ROLLBACK" echo " WARNING: This will remove GPG and SSH keys!" echo "============================================" echo "" echo "This will:" echo " - Remove SSH keys: ~/.ssh/id_*_${NODE_NAME}*" echo " - Restore SSH config from backup" if [[ -n "$OPERATOR_EMAIL" ]]; then echo " - Prompt for GPG key removal (manual step)" fi echo "" read -p "Type 'CONFIRM' to proceed: " confirm if [[ "$confirm" != "CONFIRM" ]]; then log_info "Aborted - no changes made" exit 0 fi # Remove SSH keys log_info "Removing SSH keys..." rm -f "$HOME/.ssh/id_ed25519_${NODE_NAME}" rm -f "$HOME/.ssh/id_ed25519_${NODE_NAME}.pub" rm -f "$HOME/.ssh/id_rsa_${NODE_NAME}" rm -f "$HOME/.ssh/id_rsa_${NODE_NAME}.pub" log_info "SSH keys removed" # Restore SSH config backup local latest_backup latest_backup=$(ls -t "$HOME/.ssh/config.bak."* 2>/dev/null | head -1 || true) if [[ -n "$latest_backup" ]]; then cp "$latest_backup" "$HOME/.ssh/config" log_info "SSH config restored from $latest_backup" else log_warn "No SSH config backup found" fi # GPG key removal guidance if [[ -n "$OPERATOR_EMAIL" ]]; then echo "" echo "============================================" echo " GPG KEY REMOVAL (MANUAL STEP)" echo "============================================" echo "" echo "To remove the GPG key, run these commands:" echo "" echo " gpg --delete-secret-keys $OPERATOR_EMAIL" echo " gpg --delete-keys $OPERATOR_EMAIL" echo "" log_warn "GPG key requires manual removal for safety" fi log_info "Completed $SCRIPT_NAME" } [[ "${BASH_SOURCE[0]}" == "$0" ]] && main "$@"