Replace deploy_wg by a NixOS activation script

2 files changed, 9 insertions, 6 deletions

diff --git a/deploy_wg b/deploy_wg
deleted file mode 100755
index 0bef5d6..0000000
--- a/deploy_wg
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/usr/bin/env ./sshtool
-
-cmd 'nix-env -i wireguard-tools'
-cmd 'mkdir -p /var/lib/deuxfleurs/wireguard-keys'
-cmd 'test -f /var/lib/deuxfleurs/wireguard-keys/private || (wg genkey > /var/lib/deuxfleurs/wireguard-keys/private; chmod 600 /var/lib/deuxfleurs/wireguard-keys/private)'
-cmd 'echo "Public key: $(wg pubkey < /var/lib/deuxfleurs/wireguard-keys/private)"'
diff --git a/nix/deuxfleurs.nix b/nix/deuxfleurs.nix
index 7c7c6d3..14085c1 100644
--- a/nix/deuxfleurs.nix
+++ b/nix/deuxfleurs.nix
@@ -248,6 +248,15 @@ in
       }) cfg.cluster_nodes;
     };
 
+    system.activationScripts.generate_df_wg_key = ''
+      if [ ! -f /var/lib/deuxfleurs/wireguard-keys/private ]; then
+        mkdir -p /var/lib/deuxfleurs/wireguard-keys
+        (umask 077; ${pkgs.wireguard-tools}/bin/wg genkey > /var/lib/deuxfleurs/wireguard-keys/private)
+        echo "New Wireguard key was generated."
+        echo "This node's Wireguard public key is: $(${pkgs.wireguard-tools}/bin/wg pubkey < /var/lib/deuxfleurs/wireguard-keys/private)"
+      fi
+    '';
+
     # Configure /etc/hosts to link all hostnames to their Wireguard IP
     networking.extraHosts = builtins.concatStringsSep "\n" (map
       ({ hostname, IP, ...}: "${IP} ${hostname}")