SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-22 23:29:08 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

scripts: Let nebula-regen-host-cert optionally accept the ca key as an argument

Browse source
This commit is contained in:
SebastianStork 2026-02-05 21:59:54 +01:00
parent a96b31d4e1
commit d45f8cd297
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
1 changed files with 14 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

8
scripts/nebula-regen-host-cert.nix
View file

@ -8,8 +8,8 @@ pkgs.writeShellApplication {
]; ];
text = '' text = ''
if [[ $# -ne 1 ]]; then if [[ $# -lt 1 ]] || [[ $# -gt 2 ]]; then
echo "Usage: $0 <host>" echo "Usage: $0 <host> [<ca-key-path>]"
exit 1 exit 1
fi fi
@ -20,6 +20,9 @@ pkgs.writeShellApplication {
host_cert="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.services.nebula.certificatePath")" host_cert="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.services.nebula.certificatePath")"
host_cert="''${host_cert#*-source/}" host_cert="''${host_cert#*-source/}"
if [[ $# -eq 2 ]]; then
ca_key="$2"
else
if ! declare -px BW_SESSION >/dev/null 2>&1; then if ! declare -px BW_SESSION >/dev/null 2>&1; then
BW_SESSION="$(bw unlock --raw || bw login --raw)" BW_SESSION="$(bw unlock --raw || bw login --raw)"
export BW_SESSION export BW_SESSION
@ -29,6 +32,7 @@ pkgs.writeShellApplication {
chmod 600 "$ca_key" chmod 600 "$ca_key"
trap 'rm -f "$ca_key"' EXIT trap 'rm -f "$ca_key"' EXIT
bw get notes 'nebula ca-key' > "$ca_key" bw get notes 'nebula ca-key' > "$ca_key"
fi
rm -f "$host_cert" rm -f "$host_cert"
nebula-cert sign -name "$host" -networks "$address" -ca-crt "$ca_cert" -ca-key "$ca_key" -in-pub "$host_pub" -out-crt "$host_cert" nebula-cert sign -name "$host" -networks "$address" -ca-crt "$ca_cert" -ca-key "$ca_key" -in-pub "$host_pub" -out-crt "$host_cert"