aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-12-14 18:02:30 +0100
committerAlex Auvolat <alex@adnab.me>2022-12-14 18:02:30 +0100
commitb47334d7d7d458dd394001ec69b43578854cb66e (patch)
treed029da0e2d01d77a3d1d559129cbd20a7b4a0748
parentcc70cdc660ff648772eda78cfd3bfb766b3fa5b3 (diff)
downloadnixcfg-b47334d7d7d458dd394001ec69b43578854cb66e.tar.gz
nixcfg-b47334d7d7d458dd394001ec69b43578854cb66e.zip
Replace deploy_wg by a NixOS activation script
-rwxr-xr-xdeploy_wg6
-rw-r--r--nix/deuxfleurs.nix9
2 files changed, 9 insertions, 6 deletions
diff --git a/deploy_wg b/deploy_wg
deleted file mode 100755
index 0bef5d6..0000000
--- a/deploy_wg
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/usr/bin/env ./sshtool
-
-cmd 'nix-env -i wireguard-tools'
-cmd 'mkdir -p /var/lib/deuxfleurs/wireguard-keys'
-cmd 'test -f /var/lib/deuxfleurs/wireguard-keys/private || (wg genkey > /var/lib/deuxfleurs/wireguard-keys/private; chmod 600 /var/lib/deuxfleurs/wireguard-keys/private)'
-cmd 'echo "Public key: $(wg pubkey < /var/lib/deuxfleurs/wireguard-keys/private)"'
diff --git a/nix/deuxfleurs.nix b/nix/deuxfleurs.nix
index 7c7c6d3..14085c1 100644
--- a/nix/deuxfleurs.nix
+++ b/nix/deuxfleurs.nix
@@ -248,6 +248,15 @@ in
}) cfg.cluster_nodes;
};
+ system.activationScripts.generate_df_wg_key = ''
+ if [ ! -f /var/lib/deuxfleurs/wireguard-keys/private ]; then
+ mkdir -p /var/lib/deuxfleurs/wireguard-keys
+ (umask 077; ${pkgs.wireguard-tools}/bin/wg genkey > /var/lib/deuxfleurs/wireguard-keys/private)
+ echo "New Wireguard key was generated."
+ echo "This node's Wireguard public key is: $(${pkgs.wireguard-tools}/bin/wg pubkey < /var/lib/deuxfleurs/wireguard-keys/private)"
+ fi
+ '';
+
# Configure /etc/hosts to link all hostnames to their Wireguard IP
networking.extraHosts = builtins.concatStringsSep "\n" (map
({ hostname, IP, ...}: "${IP} ${hostname}")