chore: remove initrd host key generation script, this is a simple oneliner anyways

2025-10-11 07:10:39 +02:00 · 2023-05-30 02:45:39 +02:00 · 2023-05-30 02:45:39 +02:00 · ece9554e76
commit ece9554e76
parent 04305e5968
4 changed files with 5 additions and 27 deletions
--- a/modules/wireguard.nix
+++ b/modules/wireguard.nix
@ -214,7 +214,7 @@
                PresharedKeyFile = config.rekey.secrets.${peerPresharedKeySecret nodeName clientNode}.path;
                AllowedIPs = map (net.cidr.make 128) clientCfg.addresses;
              }
-              // optionalAttrs clientCfg.keepalive {
+              // optionalAttrs clientCfg.client.keepalive {
                PersistentKeepalive = 25;
              };
          })
--- a/nix/apps/default.nix
+++ b/nix/apps/default.nix
@ -13,7 +13,6 @@
  apps = [
    ./draw-graph.nix
    ./format-secrets.nix
-    ./generate-initrd-keys.nix
    ./generate-wireguard-keys.nix
    ./show-wireguard-qr.nix
  ];
--- a/nix/apps/generate-initrd-keys.nix
+++ b/nix/apps/generate-initrd-keys.nix
@ -1,25 +0,0 @@
-{
-  self,
-  pkgs,
-  ...
-}: let
-  inherit
-    (pkgs.lib)
-    escapeShellArg
-    concatStringsSep
-    mapAttrsToList
-    ;
-  mapAttrsToLines = f: attrs: concatStringsSep "\n" (mapAttrsToList f attrs);
-  generateHostKey = node: ''
-    if [[ ! -f ${escapeShellArg node.config.rekey.secrets.initrd_host_ed25519_key.file} ]]; then
-      echo TODOOOOO
-      exit 1
-      ssh-keygen -t ed25519 -N "" -f /tmp/1
-      TODO
-    fi
-  '';
-in
-  pkgs.writeShellScript "generate-initrd-keys" ''
-    set -euo pipefail
-    ${mapAttrsToLines generateHostKey self.nodes}
-  ''
--- a/nix/apps/generate-wireguard-keys.nix
+++ b/nix/apps/generate-wireguard-keys.nix
@ -49,6 +49,8 @@
        echo "$privkey" | ${pkgs.wireguard-tools}/bin/wg pubkey > ${pubkeyFile}
        ${pkgs.rage}/bin/rage -e ${rageEncryptArgs} <<< "$privkey" > ${privkeyFile} \
          || { echo "[1;31merror:[m Failed to encrypt wireguard private key for peer ${peerName} on network ${wgName}!" >&2; exit 1; }
+      else
+        echo "[90mSkipping existing "${keyBasename}".{age,pub}[m"
      fi
    '';

@ -65,6 +67,8 @@
        psk=$(${pkgs.wireguard-tools}/bin/wg genpsk)
        ${pkgs.rage}/bin/rage -e ${rageEncryptArgs} <<< "$psk" > ${pskFile} \
          || { echo "[1;31merror:[m Failed to encrypt wireguard psk for peers ${peer1} and ${peer2} on network ${wgName}!" >&2; exit 1; }
+      else
+        echo "[90mSkipping existing "${pskFile}"[m"
      fi
    '';