feat: remove generate-wireguard-keys in favor of agenix-rekey generators

2023-06-09 23:21:18 +02:00 · 2023-06-09 23:21:18 +02:00 · cfb7c88862
commit cfb7c88862
parent dec790c589
7 changed files with 62 additions and 163 deletions
--- a/modules/wireguard.nix
+++ b/modules/wireguard.nix
@ -158,7 +158,7 @@
          ${peerPresharedKeySecret nodeName other} = {
            rekeyFile = peerPresharedKeyPath nodeName other;
            owner = "systemd-network";
-            # TODO gen func
+            generator.script = {pkgs, ...}: "${pkgs.wireguard-tools}/bin/wg genpsk";
          };
        })
        neededPeers)
@ -166,7 +166,15 @@
        ${peerPrivateKeySecret nodeName} = {
          rekeyFile = peerPrivateKeyPath nodeName;
          owner = "systemd-network";
-          # TODO gen func
+          generator.script = {
+            pkgs,
+            file,
+            ...
+          }: ''
+            ${pkgs.wireguard-tools}/bin/wg genkey \
+              | tee /dev/stdout \
+              | ${pkgs.wireguard-tools}/bin/wg pubkey > ${lib.escapeShellArg (lib.removeSuffix ".age" file + ".pub")}
+          '';
        };
      };