103 lines
3.7 KiB
Nix
103 lines
3.7 KiB
Nix
{ pkgs ? import <nixpkgs> {} }:
|
|
|
|
let
|
|
agenixSrc = fetchTarball {
|
|
url = "https://github.com/ryantm/agenix/archive/main.tar.gz";
|
|
sha256 = "103slb8xy5sb68zxjjbb9d0svq8xz751a7yrg6vrz5rh4374bzgl";
|
|
};
|
|
in
|
|
pkgs.mkShell {
|
|
buildInputs = [
|
|
(pkgs.callPackage "${agenixSrc}/pkgs/agenix.nix" {})
|
|
];
|
|
packages = with pkgs; [
|
|
deploy-rs
|
|
nano
|
|
wireguard-tools
|
|
];
|
|
|
|
EDITOR="nano";
|
|
|
|
shellHook = ''
|
|
rungcall() {
|
|
echo "Running nix-collect-garbage -d on all nodes..."
|
|
while read ip; do
|
|
echo "============================================"
|
|
echo "Running garbage collection on $ip"
|
|
echo "============================================"
|
|
ssh "$ip" "sudo nix-collect-garbage -d" < /dev/null 2>&1 | \
|
|
while IFS= read -r line; do
|
|
echo "[$ip] $line"
|
|
done
|
|
echo ""
|
|
done < <(grep -o 'ip4 = "[0-9.]*/' nodes.nix | sed 's/ip4 = "//; s/\/.*//')
|
|
}
|
|
runrebootall() {
|
|
echo "This will reboot ALL nodes in the network!"
|
|
echo "Nodes to be rebooted:"
|
|
grep -o 'ip4 = "[0-9.]*/' nodes.nix | \
|
|
sed 's/ip4 = "//; s/\/.*//' | \
|
|
while read ip; do
|
|
echo " - $ip"
|
|
done
|
|
echo ""
|
|
|
|
read -p "Are you sure you want to reboot all these nodes? (yes/no): " confirm
|
|
|
|
if [ "$confirm" = "yes" ]; then
|
|
echo "Rebooting all nodes..."
|
|
while read ip; do
|
|
echo "Rebooting $ip..."
|
|
# Calling systemctl bypass molly-guard
|
|
ssh "$ip" "sudo systemctl reboot" < /dev/null 2>&1 || echo "Yup, that failed"
|
|
done < <(grep -o 'ip4 = "[0-9.]*/' nodes.nix | sed 's/ip4 = "//; s/\/.*//')
|
|
echo "Reboot commands sent to all nodes."
|
|
else
|
|
echo "Reboot cancelled."
|
|
fi
|
|
}
|
|
getallhk() {
|
|
echo "Collecting SSH Ed25519 host keys from all nodes..."
|
|
echo ""
|
|
|
|
while read ip; do
|
|
ssh "$ip" "cat /etc/ssh/ssh_host_ed25519_key.pub" < /dev/null 2>&1 || echo "Failed to get host key from $ip"
|
|
done < <(grep -o 'ip4 = "[0-9.]*/' nodes.nix | sed 's/ip4 = "//; s/\/.*//')
|
|
}
|
|
genwgkey() {
|
|
echo "Generating WireGuard key pair..."
|
|
umask 077
|
|
local timestamp=$(date +%s%N)
|
|
local private_key_file="/tmp/wg_private_$timestamp"
|
|
local public_key_file="/tmp/wg_public_$timestamp"
|
|
wg genkey > "$private_key_file"
|
|
wg pubkey < "$private_key_file" > "$public_key_file"
|
|
|
|
echo ""
|
|
echo "============================================"
|
|
echo "WireGuard Key Pair Generated:"
|
|
echo "============================================"
|
|
echo "Private Key:"
|
|
cat "$private_key_file"
|
|
echo ""
|
|
echo "Public Key:"
|
|
cat "$public_key_file"
|
|
echo ""
|
|
echo "============================================"
|
|
|
|
shred -vfz -n 3 "$private_key_file" "$public_key_file" 2>/dev/null || {
|
|
echo "Warning: shred not available, using rm..."
|
|
rm -f "$private_key_file" "$public_key_file"
|
|
}
|
|
echo "Tpm Key files shreded."
|
|
}
|
|
|
|
|
|
export -f rungcall
|
|
export -f runrebootall
|
|
export -f getallhk
|
|
export -f genwgkey
|
|
|
|
echo "Welcome to Federez-LaSuite network deploy-rs shell environment!"
|
|
'';
|
|
}
|