diff options
author | Alex Auvolat <alex@adnab.me> | 2022-12-14 18:02:30 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-12-14 18:02:30 +0100 |
commit | b47334d7d7d458dd394001ec69b43578854cb66e (patch) | |
tree | d029da0e2d01d77a3d1d559129cbd20a7b4a0748 /nix | |
parent | cc70cdc660ff648772eda78cfd3bfb766b3fa5b3 (diff) | |
download | nixcfg-b47334d7d7d458dd394001ec69b43578854cb66e.tar.gz nixcfg-b47334d7d7d458dd394001ec69b43578854cb66e.zip |
Replace deploy_wg by a NixOS activation script
Diffstat (limited to 'nix')
-rw-r--r-- | nix/deuxfleurs.nix | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/nix/deuxfleurs.nix b/nix/deuxfleurs.nix index 7c7c6d3..14085c1 100644 --- a/nix/deuxfleurs.nix +++ b/nix/deuxfleurs.nix @@ -248,6 +248,15 @@ in }) cfg.cluster_nodes; }; + system.activationScripts.generate_df_wg_key = '' + if [ ! -f /var/lib/deuxfleurs/wireguard-keys/private ]; then + mkdir -p /var/lib/deuxfleurs/wireguard-keys + (umask 077; ${pkgs.wireguard-tools}/bin/wg genkey > /var/lib/deuxfleurs/wireguard-keys/private) + echo "New Wireguard key was generated." + echo "This node's Wireguard public key is: $(${pkgs.wireguard-tools}/bin/wg pubkey < /var/lib/deuxfleurs/wireguard-keys/private)" + fi + ''; + # Configure /etc/hosts to link all hostnames to their Wireguard IP networking.extraHosts = builtins.concatStringsSep "\n" (map ({ hostname, IP, ...}: "${IP} ${hostname}") |