From e488cfc13ba8beb6fe1f79032288d47079a73f72 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 3 Jun 2023 15:44:44 +0200 Subject: [PATCH] ma pkgs.stockholm-new-host: init fork of lassulus script to add new host --- makefu/5pkgs/stockholm-new-host/default.nix | 50 +++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 makefu/5pkgs/stockholm-new-host/default.nix diff --git a/makefu/5pkgs/stockholm-new-host/default.nix b/makefu/5pkgs/stockholm-new-host/default.nix new file mode 100644 index 000000000..39e08808b --- /dev/null +++ b/makefu/5pkgs/stockholm-new-host/default.nix @@ -0,0 +1,50 @@ +{ pkgs }: +pkgs.writers.writeDashBin "sthockholm-new-host" '' + set -eu + PATH=${lib.makePathBin with pkgs;[ mkpasswd pwqgen sshd coreutils openssh tinc_pre pass ]}:$PATH + HOSTNAME=$1 + STOCKHOLM=~/stockholm + KARTEI=$STOCKHOLM/kartei/makefu + export PASSWORD_STORE_DIR=$HOME/.secrets-pass + TMPDIR=$(mktemp -d) + + PASSWORD=$(pwqgen) + HASHED_PASSWORD=$(echo $PASSWORD | mkpasswd -m sha-512 -s) + + cd "$TMPDIR" + cat < hashedPasswords.nix + { + root = "$HASHED_PASSWORD"; + } + EOF + + tinc --config "$PWD" generate-keys 4096 + mv ed25519_key.priv retiolum.ed25519_key.priv + mv rsa_key.priv retiolum.rsa_key.priv + mv ed25519_key.pub retiolum.ed25519_key.pub + mv rsa_key.pub retiolum.rsa_key.pub + + ssh-keygen -t ed25519 -f ssh_host_ed25519_key -P "" + ssh-keygen -t rsa -f ssh_host_rsa_key -P "" + + wg genkey > wireguard.key + wg pubkey < wireguard.key > wireguard.pub + + for i in *;do + cat "$i" | pass insert -m "$HOSTNAME/$i" + done + + cp retiolum.ed25519_key.pub "$KARTEI/retiolum/$HOSTNAME_ed25519.pub" + cp retiolum.rsa_key.pub "$KARTEI/retiolum/$HOSTNAME.pub" + cp ssh_host_ed25519_key.pub "$KARTEI/sshd/$HOSTNAME.pub" + echo "$PASSWORD" | pass insert -m "$HOSTNAME/root" + + + cat <