git.delta.rocks / jrsonnet / refs/commits / 2a9ff813e781

65      '';65      '';
66    };66    };
6767
68  mkGarage = {}: {mkSecretGenerator, ...}: mkSecretGenerator {68  mkX25519 = {encoding ? null}: {mkSecretGenerator, ...}:
69    mkSecretGenerator {
69    script = ''70      script = ''
70      mkdir $out71        mkdir $out
71      gh generate ed25519 -p $out/public -s $out/secret72        gh generate x25519 -p $out/public -s $out/secret \
72      gh decode -i $out/public | gh public -e hex -o $out/node_id73          ${optionalString (encoding != null) "--encoding=${encoding}"}
73    '';74      '';
74  };75    };
76
77  mkRsa = {size ? 4096}: {
78    openssl,
79    mkSecretGenerator,
80    ...
81  }:
82    mkSecretGenerator {
83      script = ''
84        mkdir $out
85
86        ${openssl}/bin/openssl genrsa -out rsa_private.key ${toString size}
87        ${openssl}/bin/openssl rsa -in rsa_private.key -pubout -out rsa_public.key
88
89        cat rsa_private.key | gh private -o $out/secret
90        cat rsa_public.key | gh public -o $out/public
91      '';
92    };
7593
76  mkX25519 = {encoding ? null}: {mkSecretGenerator, ...}:94  mkBytes = {
95    count ? 32,
96    encoding,
97    noNuls ? false,
98  }: {mkSecretGenerator, ...}:
77    mkSecretGenerator {99    mkSecretGenerator {
78      script = ''100      script = ''
79        mkdir $out101        mkdir $out
80        gh generate x25519 -p $out/public -s $out/secret \102        gh generate bytes --count=${toString count} --encoding=${encoding} -s $out/secret \
81          ${optionalString (encoding != null) "--encoding=${encoding}"}103          ${optionalString noNuls "--no-nuls"}
82      '';104      '';
83    };105    };
84
85  mkWireguard = {}: mkX25519 {encoding = "base64";};106  mkHexBytes = {count ? 32}:
86107    mkBytes {
108      inherit count;
109      encoding = "hex";
110    };
87  mkRsa = {size ? 4096}: {111  mkBase64Bytes = {count ? 32}:
88    openssl,
89    mkSecretGenerator,
90    ...
91  }:
92    mkSecretGenerator {112    mkBytes {
113      inherit count;
93      script = ''114      encoding = "base64";
94        mkdir $out
95
96        ${openssl}/bin/openssl genrsa -out rsa_private.key ${toString size}
97        ${openssl}/bin/openssl rsa -in rsa_private.key -pubout -out rsa_public.key
98
99        cat rsa_private.key | gh private -o $out/secret
100        cat rsa_public.key | gh public -o $out/public
101      '';
102    };115    };
116
117  # Wireguard
118  # mkWireguard = {}: mkX25519 {encoding = "base64";};
119  # mkWireguardPsk = {}: mkBase64Bytes {count = 32;};
103}120}
104121