Merge pull request 'zerotier: backup identity on change' (#2536) from DavHau/clan-core:DavHau-docs into main
This commit is contained in:
clan-bot
@@ -110,8 +110,16 @@ in
|
|||||||
|
|
||||||
systemd.services.zerotierone.serviceConfig.ExecStartPre = [
|
systemd.services.zerotierone.serviceConfig.ExecStartPre = [
|
||||||
"+${pkgs.writeShellScript "init-zerotier" ''
|
"+${pkgs.writeShellScript "init-zerotier" ''
|
||||||
cp ${config.clan.core.facts.services.zerotier.secret.zerotier-identity-secret.path} /var/lib/zerotier-one/identity.secret
|
# compare hashes of the current identity secret and the one in the config
|
||||||
zerotier-idtool getpublic /var/lib/zerotier-one/identity.secret > /var/lib/zerotier-one/identity.public
|
hash1=$(sha256sum /var/lib/zerotier-one/identity.secret | cut -d ' ' -f 1)
|
||||||
|
hash2=$(sha256sum ${config.clan.core.facts.services.zerotier.secret.zerotier-identity-secret.path} | cut -d ' ' -f 1)
|
||||||
|
if [[ "$hash1" != "$hash2" ]]; then
|
||||||
|
echo "Identity secret has changed, backing up old identity to /var/lib/zerotier-one/identity.secret.bac"
|
||||||
|
cp /var/lib/zerotier-one/identity.secret /var/lib/zerotier-one/identity.secret.bac
|
||||||
|
cp /var/lib/zerotier-one/identity.public /var/lib/zerotier-one/identity.public.bac
|
||||||
|
cp ${config.clan.core.facts.services.zerotier.secret.zerotier-identity-secret.path} /var/lib/zerotier-one/identity.secret
|
||||||
|
zerotier-idtool getpublic /var/lib/zerotier-one/identity.secret > /var/lib/zerotier-one/identity.public
|
||||||
|
fi
|
||||||
|
|
||||||
${lib.optionalString (cfg.controller.enable) ''
|
${lib.optionalString (cfg.controller.enable) ''
|
||||||
mkdir -p /var/lib/zerotier-one/controller.d/network
|
mkdir -p /var/lib/zerotier-one/controller.d/network
|
||||||
|
|||||||
Reference in New Issue
Block a user