chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

add wg-gen-conf-${hostName}

Browse source
This commit is contained in:
chaos 2023-10-07 11:28:12 +01:00
parent 5e3b4d25a1
commit 003708485c
No known key found for this signature in database
4 changed files with 36 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
data/internalCAIntermediate.crt Normal file
View file

2
home/dev/all/extra.nix
View file

@ -9,8 +9,8 @@
file file
python3 python3
binutils # for strings binutils # for strings
qrencode
# (pkgs.busybox.override {enableAppletSymlinks = false;})
# This saves a rebuild of already cached busybox # This saves a rebuild of already cached busybox
(pkgs.runCommand "busybox-no-applets" {} '' (pkgs.runCommand "busybox-no-applets" {} ''
mkdir -p $out/bin mkdir -p $out/bin

35
lib/internalWireGuardLib.nix
View file

@ -5,7 +5,7 @@
}: let }: let
inherit (pkgs) writeShellScriptBin; inherit (pkgs) writeShellScriptBin;
inherit (lib.lists) forEach; inherit (lib.lists) forEach;
inherit (lib.strings) concatStringsSep; inherit (lib.strings) concatStringsSep optionalString;
inherit (builtins) attrNames; inherit (builtins) attrNames;
wireguardData = import ../data/wireguard/chaosInternalWireGuard.nix; wireguardData = import ../data/wireguard/chaosInternalWireGuard.nix;
@ -63,4 +63,37 @@ in rec {
${jq} ".\"${systemHostName}\" = \"$PUBLIC\"" "$PUBKEYS_FILE" | ${sponge} "$PUBKEYS_FILE" ${jq} ".\"${systemHostName}\" = \"$PUBLIC\"" "$PUBKEYS_FILE" | ${sponge} "$PUBKEYS_FILE"
'')); ''));
genConfScript = systemHostName: (writeShellScriptBin "wg-gen-conf-${systemHostName}" (let
vault = "${pkgs.vault-bin}/bin/vault";
jq = "${pkgs.jq}/bin/jq";
currentHostConfig = wireguardHosts.${systemHostName};
in ''
set -euo pipefail
getPrivateKey() {
${vault} kv get -format=json "/private-public-keys/wireguard/chaos-internal/$1" | ${jq} -r ".data.data.private" | tr -d '\n'
}
cat << EOF
[interface]
Address = ${currentHostConfig.ip}/24
${optionalString (currentHostConfig ? "listenAddress") "ListenAddress = ${toString currentHostConfig.listenAddress}"}
PrivateKey = $(getPrivateKey ${systemHostName})
${concatStringsSep "\n" (forEach (attrNames wireguardHosts) (hostName: (let
hostConfig = wireguardHosts.${hostName};
in ''
[Peer]
PublicKey = ${hostConfig.public}
${optionalString (hostConfig ? "endpoint") "Endpoint = ${hostConfig.endpoint}"}
AllowedIPs = ${
if hostConfig ? "allowedIPs"
then concatStringsSep "," hostConfig.allowedIPs
else "${hostConfig.ip}/32"
}
'')))}
EOF
''));
} }

1
outputs.nix
View file

@ -85,6 +85,7 @@ in
(mergeAttrsList ( (mergeAttrsList (
forEach hostsWithWireGuard (hostName: { forEach hostsWithWireGuard (hostName: {
"wg-keys-init-${hostName}" = internalWireGuardLib.genInitScript hostName; "wg-keys-init-${hostName}" = internalWireGuardLib.genInitScript hostName;
"wg-gen-conf-${hostName}" = internalWireGuardLib.genConfScript hostName;
}) })
)) ))
{ {