SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-22 17:49:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

scripts: Add nebula-regen-all-host-certs

Browse source
This commit is contained in:
SebastianStork 2026-02-05 22:08:33 +01:00
parent d45f8cd297
commit 2c76d23692
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
5 changed files with 40 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
flake-parts/dev-shells.nix
View file

@ -30,6 +30,7 @@ _: {
pkgs.nebula pkgs.nebula
pkgs.bitwarden-cli pkgs.bitwarden-cli
self'.packages.nebula-regen-host-cert self'.packages.nebula-regen-host-cert
self'.packages.nebula-regen-all-host-certs
]; ];
shellHook = '' shellHook = ''

9
flake-parts/scripts.nix
View file

@ -1,13 +1,18 @@
{ self, ... }: { self, ... }:
{ {
perSystem = perSystem =
{ pkgs, lib, ... }: {
self',
pkgs,
lib,
...
}:
{ {
packages = packages =
"${self}/scripts" "${self}/scripts"
|> builtins.readDir |> builtins.readDir
|> lib.attrNames |> lib.attrNames
|> lib.map (name: name |> lib.removeSuffix ".nix") |> lib.map (name: name |> lib.removeSuffix ".nix")
|> self.lib.genAttrs (name: import "${self}/scripts/${name}.nix" { inherit pkgs; }); |> self.lib.genAttrs (name: import "${self}/scripts/${name}.nix" { inherit self' pkgs lib; });
}; };
} }

2
scripts/install-anywhere.nix
View file

@ -1,4 +1,4 @@
{ pkgs }: { pkgs , ...}:
pkgs.writeShellApplication { pkgs.writeShellApplication {
name = "install-anywhere"; name = "install-anywhere";

30
scripts/nebula-regen-all-host-certs.nix Normal file
View file

@ -0,0 +1,30 @@
{ self', pkgs, lib, ... }:
pkgs.writeShellApplication {
name = "nebula-regen-all-host-certs";
runtimeInputs = [
pkgs.bitwarden-cli
pkgs.jq
];
text = ''
hosts="$(nix eval .#nixosConfigurations --apply 'builtins.attrNames' --json | jq -r '.[]')"
if ! declare -px BW_SESSION >/dev/null 2>&1; then
BW_SESSION="$(bw unlock --raw || bw login --raw)"
export BW_SESSION
fi
ca_key="$(mktemp)"
chmod 600 "$ca_key"
trap 'rm -f "$ca_key"' EXIT
bw get notes 'nebula ca-key' > "$ca_key"
for host in $hosts; do
echo "Regenerating certificate for $host..."
${lib.getExe self'.packages.nebula-regen-host-cert} "$host" "$ca_key"
done
echo "Done!"
'';
}

2
scripts/nebula-regen-host-cert.nix
View file

@ -1,4 +1,4 @@
{ pkgs }: { pkgs, ... }:
pkgs.writeShellApplication { pkgs.writeShellApplication {
name = "nebula-regen-host-cert"; name = "nebula-regen-host-cert";