From 46e3930f263d9c1bcc35a838563bb168e7c58d0f Mon Sep 17 00:00:00 2001 From: DavHau Date: Mon, 2 Dec 2024 17:37:09 +0700 Subject: [PATCH] zerotier: backup identity on change This prevents users from loosing their identity after enabling the zerotier clan module when they were previously using zerotier via nixos. --- nixosModules/clanCore/zerotier/default.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/nixosModules/clanCore/zerotier/default.nix b/nixosModules/clanCore/zerotier/default.nix index 0b8094d9d..5fd8fcb08 100644 --- a/nixosModules/clanCore/zerotier/default.nix +++ b/nixosModules/clanCore/zerotier/default.nix @@ -110,8 +110,16 @@ in systemd.services.zerotierone.serviceConfig.ExecStartPre = [ "+${pkgs.writeShellScript "init-zerotier" '' - cp ${config.clan.core.facts.services.zerotier.secret.zerotier-identity-secret.path} /var/lib/zerotier-one/identity.secret - zerotier-idtool getpublic /var/lib/zerotier-one/identity.secret > /var/lib/zerotier-one/identity.public + # compare hashes of the current identity secret and the one in the config + hash1=$(sha256sum /var/lib/zerotier-one/identity.secret | cut -d ' ' -f 1) + hash2=$(sha256sum ${config.clan.core.facts.services.zerotier.secret.zerotier-identity-secret.path} | cut -d ' ' -f 1) + if [[ "$hash1" != "$hash2" ]]; then + echo "Identity secret has changed, backing up old identity to /var/lib/zerotier-one/identity.secret.bac" + cp /var/lib/zerotier-one/identity.secret /var/lib/zerotier-one/identity.secret.bac + cp /var/lib/zerotier-one/identity.public /var/lib/zerotier-one/identity.public.bac + cp ${config.clan.core.facts.services.zerotier.secret.zerotier-identity-secret.path} /var/lib/zerotier-one/identity.secret + zerotier-idtool getpublic /var/lib/zerotier-one/identity.secret > /var/lib/zerotier-one/identity.public + fi ${lib.optionalString (cfg.controller.enable) '' mkdir -p /var/lib/zerotier-one/controller.d/network