makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions 1 Packages Projects Releases Wiki Activity

l gen-secrets: add wirelum keys

Browse source
This commit is contained in:
lassulus 2018-12-09 17:26:41 +01:00
parent 30772247c0
commit dc64ec0307
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
lass/5pkgs/l-gen-secrets/default.nix
View file

@ -8,6 +8,8 @@ pkgs.writeDashBin "l-gen-secrets" ''
${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null
${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null
${pkgs.wireguard}/bin/wg genkey > $TMPDIR/wirelum.key
${pkgs.coreutils}/bin/cat $TMPDIR/wirelum.key | ${pkgs.wireguard}/bin/wg pubkey > $TMPDIR/wirelum.pub
cat <<EOF > $TMPDIR/hashedPasswords.nix
{
root = "$HASHED_PASSWORD";
@ -35,6 +37,15 @@ pkgs.writeDashBin "l-gen-secrets" ''
$(cat $TMPDIR/retiolum.rsa_key.pub)
${"''"};
};
wirelum = {
ip6.addr = (wip6 "changeme").address;
aliases = [
"$HOSTNAME.w"
];
wireguard.pubkey = ${"''"}
$(cat $TMPDIR/wirelum.pub)
${"''"};
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)";