lasuite-federez/nix
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

prov user & wg secrets

Browse source
This commit is contained in:
asyncnomi 2025-07-21 01:38:05 +02:00
parent 013d69e674
commit eeef2a7338
29 changed files with 1454 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

34
shell.nix
View file

@ -22,9 +22,9 @@ pkgs.mkShell {
rungcall() {
echo "Running nix-collect-garbage -d on all nodes..."
while read ip; do
echo "=========================================="
echo "============================================"
echo "Running garbage collection on $ip"
echo "=========================================="
echo "============================================"
ssh "$ip" "sudo nix-collect-garbage -d" < /dev/null 2>&1 | \
while IFS= read -r line; do
echo "[$ip] $line"
@ -64,9 +64,39 @@ pkgs.mkShell {
ssh "$ip" "cat /etc/ssh/ssh_host_ed25519_key.pub" < /dev/null 2>&1 || echo "Failed to get host key from $ip"
done < <(grep -o 'ip4 = "[0-9.]*/' nodes.nix | sed 's/ip4 = "//; s/\/.*//')
}
genwgkey() {
echo "Generating WireGuard key pair..."
umask 077
local timestamp=$(date +%s%N)
local private_key_file="/tmp/wg_private_$timestamp"
local public_key_file="/tmp/wg_public_$timestamp"
wg genkey > "$private_key_file"
wg pubkey < "$private_key_file" > "$public_key_file"
echo ""
echo "============================================"
echo "WireGuard Key Pair Generated:"
echo "============================================"
echo "Private Key:"
cat "$private_key_file"
echo ""
echo "Public Key:"
cat "$public_key_file"
echo ""
echo "============================================"
shred -vfz -n 3 "$private_key_file" "$public_key_file" 2>/dev/null || {
echo "Warning: shred not available, using rm..."
rm -f "$private_key_file" "$public_key_file"
}
echo "Tpm Key files shreded."
}
export -f rungcall
export -f runrebootall
export -f getallhk
export -f genwgkey
echo "Welcome to Federez-LaSuite network deploy-rs shell environment!"
'';