summaryrefslogtreecommitdiffstats
path: root/makefu/5pkgs/stockholm-new-host/default.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2023-06-03 15:44:44 +0200
committermakefu <github@syntax-fehler.de>2023-06-03 15:44:44 +0200
commite488cfc13ba8beb6fe1f79032288d47079a73f72 (patch)
tree81182db4f4d9bd4cf3fdb6d07c15f5944975a2e1 /makefu/5pkgs/stockholm-new-host/default.nix
parent6369bae6d9a3061841106400e59af5b2be825343 (diff)
ma pkgs.stockholm-new-host: init fork of lassulus script to add new host
Diffstat (limited to 'makefu/5pkgs/stockholm-new-host/default.nix')
-rw-r--r--makefu/5pkgs/stockholm-new-host/default.nix50
1 files changed, 50 insertions, 0 deletions
diff --git a/makefu/5pkgs/stockholm-new-host/default.nix b/makefu/5pkgs/stockholm-new-host/default.nix
new file mode 100644
index 000000000..39e08808b
--- /dev/null
+++ b/makefu/5pkgs/stockholm-new-host/default.nix
@@ -0,0 +1,50 @@
+{ pkgs }:
+pkgs.writers.writeDashBin "sthockholm-new-host" ''
+ set -eu
+ PATH=${lib.makePathBin with pkgs;[ mkpasswd pwqgen sshd coreutils openssh tinc_pre pass ]}:$PATH
+ HOSTNAME=$1
+ STOCKHOLM=~/stockholm
+ KARTEI=$STOCKHOLM/kartei/makefu
+ export PASSWORD_STORE_DIR=$HOME/.secrets-pass
+ TMPDIR=$(mktemp -d)
+
+ PASSWORD=$(pwqgen)
+ HASHED_PASSWORD=$(echo $PASSWORD | mkpasswd -m sha-512 -s)
+
+ cd "$TMPDIR"
+ cat <<EOF > hashedPasswords.nix
+ {
+ root = "$HASHED_PASSWORD";
+ }
+ EOF
+
+ tinc --config "$PWD" generate-keys 4096
+ mv ed25519_key.priv retiolum.ed25519_key.priv
+ mv rsa_key.priv retiolum.rsa_key.priv
+ mv ed25519_key.pub retiolum.ed25519_key.pub
+ mv rsa_key.pub retiolum.rsa_key.pub
+
+ ssh-keygen -t ed25519 -f ssh_host_ed25519_key -P ""
+ ssh-keygen -t rsa -f ssh_host_rsa_key -P ""
+
+ wg genkey > wireguard.key
+ wg pubkey < wireguard.key > wireguard.pub
+
+ for i in *;do
+ cat "$i" | pass insert -m "$HOSTNAME/$i"
+ done
+
+ cp retiolum.ed25519_key.pub "$KARTEI/retiolum/$HOSTNAME_ed25519.pub"
+ cp retiolum.rsa_key.pub "$KARTEI/retiolum/$HOSTNAME.pub"
+ cp ssh_host_ed25519_key.pub "$KARTEI/sshd/$HOSTNAME.pub"
+ echo "$PASSWORD" | pass insert -m "$HOSTNAME/root"
+
+
+ cat <<EOF
+ # add to $KARTEI/default.nix
+ # then git add $KARTEI && git commit -m "ma $HOSTNAME.r: add to kartei"
+ $HOSTNAME = {
+ nets.retiolum.ipv4.addr = "10.243.12.XXX";
+ };
+ EOF
+''