diff options
-rwxr-xr-x | deploy_wg | 6 | ||||
-rw-r--r-- | nix/deuxfleurs.nix | 9 |
2 files changed, 9 insertions, 6 deletions
diff --git a/deploy_wg b/deploy_wg deleted file mode 100755 index 0bef5d6..0000000 --- a/deploy_wg +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env ./sshtool - -cmd 'nix-env -i wireguard-tools' -cmd 'mkdir -p /var/lib/deuxfleurs/wireguard-keys' -cmd 'test -f /var/lib/deuxfleurs/wireguard-keys/private || (wg genkey > /var/lib/deuxfleurs/wireguard-keys/private; chmod 600 /var/lib/deuxfleurs/wireguard-keys/private)' -cmd 'echo "Public key: $(wg pubkey < /var/lib/deuxfleurs/wireguard-keys/private)"' diff --git a/nix/deuxfleurs.nix b/nix/deuxfleurs.nix index 7c7c6d3..14085c1 100644 --- a/nix/deuxfleurs.nix +++ b/nix/deuxfleurs.nix @@ -248,6 +248,15 @@ in }) cfg.cluster_nodes; }; + system.activationScripts.generate_df_wg_key = '' + if [ ! -f /var/lib/deuxfleurs/wireguard-keys/private ]; then + mkdir -p /var/lib/deuxfleurs/wireguard-keys + (umask 077; ${pkgs.wireguard-tools}/bin/wg genkey > /var/lib/deuxfleurs/wireguard-keys/private) + echo "New Wireguard key was generated." + echo "This node's Wireguard public key is: $(${pkgs.wireguard-tools}/bin/wg pubkey < /var/lib/deuxfleurs/wireguard-keys/private)" + fi + ''; + # Configure /etc/hosts to link all hostnames to their Wireguard IP networking.extraHosts = builtins.concatStringsSep "\n" (map ({ hostname, IP, ...}: "${IP} ${hostname}") |