andrewmcveigh/gist:8958263

## gistfile1.clj
(defplan remote-directory-content []
  (let [nv (exec-script "ls /etc/openvpn/keys/*.crt -1")]
    (return-value-expr
      [nv]
      (let [c (:out nv)]
        (remove ["ca" "openvpn"]
                (-> c
                    (string/split #"\n")
                    string/trim
                    (string/replace #"^/etc/openvpn/keys/" "")
                    (string/replace #"\.crt$" "")))))))

(defplan gen-openssl-client-certs []
  (let [remote-hosts (set (remote-directory-content))
        local-hosts #{"client-1"
                      "client-2"
                      "client-3"}]
    (doseq [host (set/difference remote-hosts local-hosts)]
      (exec-script ~(format "openssl ca -revoke /etc/openvpn/keys/%1.crt \\
                            -keyfile /etc/openvpn/keys/ca.key \\
                            -cert /etc/openvpn/keys/ca.crt"
                            host)))
    (doseq [host (set/difference local-hosts remote-hosts)]
      (remote-file (format "/etc/openvpn/keys/%s.crt" host)
                   :template "..."
                   :values {:cn host})
      (exec-script ~(format ".......%s" host)))))
	(defplan remote-directory-content []
	(let [nv (exec-script "ls /etc/openvpn/keys/*.crt -1")]
	(return-value-expr
	[nv]
	(let [c (:out nv)]
	(remove ["ca" "openvpn"]
	(-> c
	(string/split #"\n")
	string/trim
	(string/replace #"^/etc/openvpn/keys/" "")
	(string/replace #"\.crt$" "")))))))

	(defplan gen-openssl-client-certs []
	(let [remote-hosts (set (remote-directory-content))
	local-hosts #{"client-1"
	"client-2"
	"client-3"}]
	(doseq [host (set/difference remote-hosts local-hosts)]
	(exec-script ~(format "openssl ca -revoke /etc/openvpn/keys/%1.crt \\
	-keyfile /etc/openvpn/keys/ca.key \\
	-cert /etc/openvpn/keys/ca.crt"
	host)))
	(doseq [host (set/difference local-hosts remote-hosts)]
	(remote-file (format "/etc/openvpn/keys/%s.crt" host)
	:template "..."
	:values {:cn host})
	(exec-script ~(format ".......%s" host)))))