Replace deploy_wg by a NixOS activation script
This commit is contained in:
parent
cc70cdc660
commit
b47334d7d7
2 changed files with 9 additions and 6 deletions
|
@ -1,6 +0,0 @@
|
||||||
#!/usr/bin/env ./sshtool
|
|
||||||
|
|
||||||
cmd 'nix-env -i wireguard-tools'
|
|
||||||
cmd 'mkdir -p /var/lib/deuxfleurs/wireguard-keys'
|
|
||||||
cmd 'test -f /var/lib/deuxfleurs/wireguard-keys/private || (wg genkey > /var/lib/deuxfleurs/wireguard-keys/private; chmod 600 /var/lib/deuxfleurs/wireguard-keys/private)'
|
|
||||||
cmd 'echo "Public key: $(wg pubkey < /var/lib/deuxfleurs/wireguard-keys/private)"'
|
|
|
@ -248,6 +248,15 @@ in
|
||||||
}) cfg.cluster_nodes;
|
}) cfg.cluster_nodes;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
system.activationScripts.generate_df_wg_key = ''
|
||||||
|
if [ ! -f /var/lib/deuxfleurs/wireguard-keys/private ]; then
|
||||||
|
mkdir -p /var/lib/deuxfleurs/wireguard-keys
|
||||||
|
(umask 077; ${pkgs.wireguard-tools}/bin/wg genkey > /var/lib/deuxfleurs/wireguard-keys/private)
|
||||||
|
echo "New Wireguard key was generated."
|
||||||
|
echo "This node's Wireguard public key is: $(${pkgs.wireguard-tools}/bin/wg pubkey < /var/lib/deuxfleurs/wireguard-keys/private)"
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
|
||||||
# Configure /etc/hosts to link all hostnames to their Wireguard IP
|
# Configure /etc/hosts to link all hostnames to their Wireguard IP
|
||||||
networking.extraHosts = builtins.concatStringsSep "\n" (map
|
networking.extraHosts = builtins.concatStringsSep "\n" (map
|
||||||
({ hostname, IP, ...}: "${IP} ${hostname}")
|
({ hostname, IP, ...}: "${IP} ${hostname}")
|
||||||
|
|
Loading…
Reference in a new issue