SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-23 20:08:28 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: SebastianStork:1a78e2b1f0e9b895ca000b4c5dbe7c38ca6cb45f
Branches Tags
SebastianStork:main
SebastianStork:dependabot/github_actions/cachix/cachix-action-17
SebastianStork:deploy
SebastianStork:deployed/srv-core
SebastianStork:deployed/vps-ns
SebastianStork:deployed/vps-www
SebastianStork:testing-srv-core
..
compare: SebastianStork:caebd6e24187e5f699979424c104a0b9abda9e63
Branches Tags
SebastianStork:dependabot/github_actions/cachix/cachix-action-17
SebastianStork:deploy
SebastianStork:deployed/srv-core
SebastianStork:deployed/vps-ns
SebastianStork:deployed/vps-www
SebastianStork:main
SebastianStork:testing-srv-core

No commits in common. "1a78e2b1f0e9b895ca000b4c5dbe7c38ca6cb45f" and "caebd6e24187e5f699979424c104a0b9abda9e63" have entirely different histories.
1a78e2b1f0 ... caebd6e241

2 changed files with 10 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

4
external-hosts/fairphone/default.nix
View file

@ -15,8 +15,8 @@
services = { services = {
nebula = { nebula = {
publicKeyFile = toString ./keys/nebula.pub; publicKeyFile = ./keys/nebula.pub;
certificateFile = toString ./keys/nebula.crt; certificateFile = ./keys/nebula.crt;
}; };
syncthing = { syncthing = {

23
scripts/nebula/recert-host.nix
View file

@ -7,16 +7,16 @@
text = '' text = ''
if [[ $# -lt 1 ]] || [[ $# -gt 2 ]]; then if [[ $# -lt 1 ]] || [[ $# -gt 2 ]]; then
echo "Usage: $0 <hostname> [<ca-key-path>]" echo "Usage: $0 <host> [<ca-key-path>]"
exit 1 exit 1
fi fi
hostname="$1" host="$1"
address="$(nix eval --raw ".#allHosts.$hostname.config.custom.networking.overlay.cidr")" address="$(nix eval --raw ".#allHosts.$host.config.custom.networking.overlay.cidr")"
groups="$(nix eval --raw ".#allHosts.$hostname.config.custom.services.nebula.groups" --apply 'builtins.concatStringsSep ","')" groups="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.groups" --apply 'builtins.concatStringsSep ","')"
ca_cert="$(nix eval --raw ".#allHosts.$hostname.config.custom.services.nebula.caCertificateFile")" ca_cert='modules/system/services/nebula/ca.crt'
host_pub="$(nix eval --raw ".#allHosts.$hostname.config.custom.services.nebula.publicKeyFile")" host_pub="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.publicKeyFile")"
host_cert="$(nix eval --raw ".#allHosts.$hostname.config.custom.services.nebula.certificateFile")" host_cert="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.certificateFile")"
host_cert="''${host_cert#*-source/}" host_cert="''${host_cert#*-source/}"
if [[ $# -eq 2 ]]; then if [[ $# -eq 2 ]]; then
@ -34,13 +34,6 @@
fi fi
rm -f "$host_cert" rm -f "$host_cert"
nebula-cert sign \ nebula-cert sign -name "$host" -networks "$address" -groups "$groups" -ca-crt "$ca_cert" -ca-key "$ca_key" -in-pub "$host_pub" -out-crt "$host_cert"
-name "$hostname" \
-networks "$address" \
-groups "$groups" \
-ca-crt "$ca_cert" \
-ca-key "$ca_key" \
-in-pub "$host_pub" \
-out-crt "$host_cert"
''; '';
} }