From b47334d7d7d458dd394001ec69b43578854cb66e Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Wed, 14 Dec 2022 18:02:30 +0100
Subject: [PATCH] Replace deploy_wg by a NixOS activation script

---
 deploy_wg          | 6 ------
 nix/deuxfleurs.nix | 9 +++++++++
 2 files changed, 9 insertions(+), 6 deletions(-)
 delete mode 100755 deploy_wg

diff --git a/deploy_wg b/deploy_wg
deleted file mode 100755
index 0bef5d6..0000000
--- a/deploy_wg
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/usr/bin/env ./sshtool
-
-cmd 'nix-env -i wireguard-tools'
-cmd 'mkdir -p /var/lib/deuxfleurs/wireguard-keys'
-cmd 'test -f /var/lib/deuxfleurs/wireguard-keys/private || (wg genkey > /var/lib/deuxfleurs/wireguard-keys/private; chmod 600 /var/lib/deuxfleurs/wireguard-keys/private)'
-cmd 'echo "Public key: $(wg pubkey < /var/lib/deuxfleurs/wireguard-keys/private)"'
diff --git a/nix/deuxfleurs.nix b/nix/deuxfleurs.nix
index 7c7c6d3..14085c1 100644
--- a/nix/deuxfleurs.nix
+++ b/nix/deuxfleurs.nix
@@ -248,6 +248,15 @@ in
       }) cfg.cluster_nodes;
     };
 
+    system.activationScripts.generate_df_wg_key = ''
+      if [ ! -f /var/lib/deuxfleurs/wireguard-keys/private ]; then
+        mkdir -p /var/lib/deuxfleurs/wireguard-keys
+        (umask 077; ${pkgs.wireguard-tools}/bin/wg genkey > /var/lib/deuxfleurs/wireguard-keys/private)
+        echo "New Wireguard key was generated."
+        echo "This node's Wireguard public key is: $(${pkgs.wireguard-tools}/bin/wg pubkey < /var/lib/deuxfleurs/wireguard-keys/private)"
+      fi
+    '';
+
     # Configure /etc/hosts to link all hostnames to their Wireguard IP
     networking.extraHosts = builtins.concatStringsSep "\n" (map
       ({ hostname, IP, ...}: "${IP} ${hostname}")