chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity
nixfiles/lib/internalWireGuardLib.nix
chaos 6980726541
fix up some path names
2023-09-20 18:17:50 +01:00

67 lines
1.9 KiB
Nix
Raw Blame History

{
lib,
pkgs,
...
}: let
inherit (pkgs) writeShellScriptBin;
inherit (lib.lists) forEach;
inherit (lib.strings) concatStringsSep;
inherit (builtins) attrNames;
wireguardData = import ../data/wireguard/chaosInternalWireGuard.nix;
wireguardHosts = wireguardData.hosts;
kvPathForHost = host: "/private-public-keys/wireguard/chaos-internal/${host}";
in rec {
initAllScript = writeShellScriptBin "wg-keys-init-all" (let
vault = "${pkgs.vault-bin}/bin/vault";
in ''
PUBKEYS_FILE=$1
if [ -z "$PUBKEYS_FILE" ]; then
echo "please provide path to file with pubkeys"
exit 1
fi
${concatStringsSep "\n" (forEach (attrNames wireguardHosts) (hostName: ''
echo "{}" | ${vault} kv put "${kvPathForHost hostName}" - 2>/dev/null
''))}
${concatStringsSep "\n" (forEach (attrNames wireguardHosts) (hostName: ''
echo "Deploying keys for ${hostName}"
"${genInitScript hostName}/bin/wg-keys-init-${hostName}" "$PUBKEYS_FILE"
''))}
'');
genInitScript = systemHostName: (writeShellScriptBin "wg-keys-init-${systemHostName}" (let
vault = "${pkgs.vault-bin}/bin/vault";
jq = "${pkgs.jq}/bin/jq";
wg = "${pkgs.wireguard-tools}/bin/wg";
sponge = "${pkgs.moreutils}/bin/sponge";
in ''
PUBKEYS_FILE=$1
if [ -z "$PUBKEYS_FILE" ]; then
echo "please provide path to file with pubkeys"
exit 1
fi
PRIVATE=$(${wg} genkey)
PUBLIC=$(echo "$PRIVATE" | ${wg} pubkey)
TMP_DIR=$(mktemp -d)
pushd "$TMP_DIR"
echo "{}" > currentHost.json
${jq} ".public = \"$PUBLIC\"" currentHost.json | ${sponge} currentHost.json
${jq} ".private = \"$PRIVATE\"" currentHost.json | ${sponge} currentHost.json
cat currentHost.json | ${vault} kv put "${kvPathForHost systemHostName}" - 2>/dev/null
cat currentHost.json | jq
popd
rm -rf "$TMP_DIR"
${jq} ".\"${systemHostName}\" = \"$PUBLIC\"" "$PUBKEYS_FILE" | ${sponge} "$PUBKEYS_FILE"
''));
}
Reference in a new issue View git blame Copy permalink