diff --git a/flake-parts/dev-shells.nix b/flake-parts/dev-shells.nix index ebc5ad8..6d8ac6a 100644 --- a/flake-parts/dev-shells.nix +++ b/flake-parts/dev-shells.nix @@ -30,7 +30,6 @@ _: { pkgs.nebula pkgs.bitwarden-cli self'.packages.nebula-regen-host-cert - self'.packages.nebula-regen-all-host-certs ]; shellHook = '' diff --git a/flake-parts/scripts.nix b/flake-parts/scripts.nix index c2a0782..62fecf0 100644 --- a/flake-parts/scripts.nix +++ b/flake-parts/scripts.nix @@ -1,18 +1,13 @@ { self, ... }: { perSystem = - { - self', - pkgs, - lib, - ... - }: + { pkgs, lib, ... }: { packages = "${self}/scripts" |> builtins.readDir |> lib.attrNames |> lib.map (name: name |> lib.removeSuffix ".nix") - |> self.lib.genAttrs (name: import "${self}/scripts/${name}.nix" { inherit self' pkgs lib; }); + |> self.lib.genAttrs (name: import "${self}/scripts/${name}.nix" { inherit pkgs; }); }; } diff --git a/scripts/install-anywhere.nix b/scripts/install-anywhere.nix index 17e5c0b..10be289 100644 --- a/scripts/install-anywhere.nix +++ b/scripts/install-anywhere.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs }: pkgs.writeShellApplication { name = "install-anywhere"; @@ -17,7 +17,6 @@ pkgs.writeShellApplication { host="$1" destination="$2" root="$(mktemp --directory)" - trap 'rm -rf "$root"' EXIT impermanence="$(nix eval ".#nixosConfigurations.$host.config.custom.persistence.enable")" if [ "$impermanence" = true ]; then @@ -52,5 +51,7 @@ pkgs.writeShellApplication { --extra-files "$root" \ --flake ".#$host" \ --target-host "$destination" + + rm -rf "$root" ''; } diff --git a/scripts/nebula-regen-all-host-certs.nix b/scripts/nebula-regen-all-host-certs.nix deleted file mode 100644 index 469d25b..0000000 --- a/scripts/nebula-regen-all-host-certs.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - self', - pkgs, - lib, - ... -}: -pkgs.writeShellApplication { - name = "nebula-regen-all-host-certs"; - - runtimeInputs = [ - pkgs.bitwarden-cli - pkgs.jq - ]; - - text = '' - hosts="$(nix eval .#nixosConfigurations --apply 'builtins.attrNames' --json | jq -r '.[]')" - - if ! declare -px BW_SESSION >/dev/null 2>&1; then - BW_SESSION="$(bw unlock --raw || bw login --raw)" - export BW_SESSION - fi - - ca_key="$(mktemp)" - chmod 600 "$ca_key" - trap 'rm -f "$ca_key"' EXIT - bw get notes 'nebula ca-key' > "$ca_key" - - for host in $hosts; do - echo "Regenerating certificate for $host..." - ${lib.getExe self'.packages.nebula-regen-host-cert} "$host" "$ca_key" - done - - echo "Done!" - ''; -} diff --git a/scripts/nebula-regen-host-cert.nix b/scripts/nebula-regen-host-cert.nix index bfac5c8..1d6e75d 100644 --- a/scripts/nebula-regen-host-cert.nix +++ b/scripts/nebula-regen-host-cert.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs }: pkgs.writeShellApplication { name = "nebula-regen-host-cert"; @@ -8,8 +8,8 @@ pkgs.writeShellApplication { ]; text = '' - if [[ $# -lt 1 ]] || [[ $# -gt 2 ]]; then - echo "Usage: $0 []" + if [[ $# -ne 1 ]]; then + echo "Usage: $0 " exit 1 fi @@ -20,20 +20,16 @@ pkgs.writeShellApplication { host_cert="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.services.nebula.certificatePath")" host_cert="''${host_cert#*-source/}" - if [[ $# -eq 2 ]]; then - ca_key="$2" - else - if ! declare -px BW_SESSION >/dev/null 2>&1; then - BW_SESSION="$(bw unlock --raw || bw login --raw)" - export BW_SESSION - fi - - ca_key="$(mktemp)" - chmod 600 "$ca_key" - trap 'rm -f "$ca_key"' EXIT - bw get notes 'nebula ca-key' > "$ca_key" + if ! declare -px BW_SESSION >/dev/null 2>&1; then + BW_SESSION="$(bw unlock --raw || bw login --raw)" + export BW_SESSION fi + ca_key="$(mktemp)" + chmod 600 "$ca_key" + trap 'rm -f "$ca_key"' EXIT + bw get notes 'nebula ca-key' > "$ca_key" + rm -f "$host_cert" nebula-cert sign -name "$host" -networks "$address" -ca-crt "$ca_cert" -ca-key "$ca_key" -in-pub "$host_pub" -out-crt "$host_cert" '';