mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

chore: remove initrd host key generation script, this is a simple oneliner anyways

Browse source
This commit is contained in:
oddlama 2023-05-30 02:45:39 +02:00
parent 04305e5968
commit ece9554e76
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
4 changed files with 5 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/wireguard.nix
View file

@ -214,7 +214,7 @@
PresharedKeyFile = config.rekey.secrets.${peerPresharedKeySecret nodeName clientNode}.path; PresharedKeyFile = config.rekey.secrets.${peerPresharedKeySecret nodeName clientNode}.path;
AllowedIPs = map (net.cidr.make 128) clientCfg.addresses; AllowedIPs = map (net.cidr.make 128) clientCfg.addresses;
} }
// optionalAttrs clientCfg.keepalive { // optionalAttrs clientCfg.client.keepalive {
PersistentKeepalive = 25; PersistentKeepalive = 25;
}; };
}) })

1
nix/apps/default.nix
View file

@ -13,7 +13,6 @@
apps = [ apps = [
./draw-graph.nix ./draw-graph.nix
./format-secrets.nix ./format-secrets.nix
./generate-initrd-keys.nix
./generate-wireguard-keys.nix ./generate-wireguard-keys.nix
./show-wireguard-qr.nix ./show-wireguard-qr.nix
]; ];

25
nix/apps/generate-initrd-keys.nix
View file

@ -1,25 +0,0 @@
{
self,
pkgs,
...
}: let
inherit
(pkgs.lib)
escapeShellArg
concatStringsSep
mapAttrsToList
;
mapAttrsToLines = f: attrs: concatStringsSep "\n" (mapAttrsToList f attrs);
generateHostKey = node: ''
if [[ ! -f ${escapeShellArg node.config.rekey.secrets.initrd_host_ed25519_key.file} ]]; then
echo TODOOOOO
exit 1
ssh-keygen -t ed25519 -N "" -f /tmp/1
TODO
fi
'';
in
pkgs.writeShellScript "generate-initrd-keys" ''
set -euo pipefail
${mapAttrsToLines generateHostKey self.nodes}
''

4
nix/apps/generate-wireguard-keys.nix
View file

@ -49,6 +49,8 @@
echo "$privkey" | ${pkgs.wireguard-tools}/bin/wg pubkey > ${pubkeyFile} echo "$privkey" | ${pkgs.wireguard-tools}/bin/wg pubkey > ${pubkeyFile}
${pkgs.rage}/bin/rage -e ${rageEncryptArgs} <<< "$privkey" > ${privkeyFile} \ ${pkgs.rage}/bin/rage -e ${rageEncryptArgs} <<< "$privkey" > ${privkeyFile} \
|| { echo "error: Failed to encrypt wireguard private key for peer ${peerName} on network ${wgName}!" >&2; exit 1; } || { echo "error: Failed to encrypt wireguard private key for peer ${peerName} on network ${wgName}!" >&2; exit 1; }
else
echo "Skipping existing "${keyBasename}".{age,pub}"
fi fi
''; '';
@ -65,6 +67,8 @@
psk=$(${pkgs.wireguard-tools}/bin/wg genpsk) psk=$(${pkgs.wireguard-tools}/bin/wg genpsk)
${pkgs.rage}/bin/rage -e ${rageEncryptArgs} <<< "$psk" > ${pskFile} \ ${pkgs.rage}/bin/rage -e ${rageEncryptArgs} <<< "$psk" > ${pskFile} \
|| { echo "error: Failed to encrypt wireguard psk for peers ${peer1} and ${peer2} on network ${wgName}!" >&2; exit 1; } || { echo "error: Failed to encrypt wireguard psk for peers ${peer1} and ${peer2} on network ${wgName}!" >&2; exit 1; }
else
echo "Skipping existing "${pskFile}""
fi fi
''; '';