commit 74a61a6483f6cbbb73e5bb4f4933fdf5827e77eb · matrixfurry.com/scripts

-6

README.md

··· 3 3 4 4 Various scripts and Nushell modules that I maintain or use. 5 5 6 - # Nushell Modules 7 - 8 - ## Nebula 9 - Wrapper to make setting up new hosts in a nebula network easier. 10 - 11 - 12 6 # Scripts 13 7 14 8 ## Nushell

-44

nushell/nebula/mod.nu

··· 1 - # SPDX-License-Identifier: AGPL-3.0-only 2 - # SPDX-FileCopyrightText: 2025 Shiloh Fen <shiloh@shilohfen.com> 3 - 4 - const path_data: path = "~/.local/share/nebula" | path expand 5 - const path_ca_cert: path = $path_data | path join "ca.crt" 6 - const path_ca_key: path = $path_data | path join "ca.key" 7 - const path_state: path = $path_data | path join "state.nuon" 8 - 9 - export def sign [ 10 - name: string 11 - groups: list<string> 12 - ]: nothing -> record<path_cert: path, path_key: path> { 13 - if not ($path_ca_key | path exists) { 14 - error make { 15 - text: "No CA key found." 16 - help: "Run submodule `ca` to generate a CA before attempting to sign a device cert." 17 - } 18 - } 19 - 20 - let tmp = mktemp -td "nebula-XXXXX" 21 - let path_device_cert = $tmp | path join $"($name).crt" 22 - let path_device_key = $tmp | path join $"($name).key" 23 - let ip_part = (open $path_state | get last_ip) + 1 24 - 25 - nebula-cert sign -name $name -ca-crt $path_ca_cert -ca-key $path_ca_key -ip $"192.168.100.($ip_part)/24" -groups ($groups | str join ",") -out-crt $path_device_cert -out-key $path_device_key 26 - 27 - {last_ip: $ip_part} | save -f $path_state 28 - 29 - { 30 - path_cert: $path_device_cert 31 - path_key: $path_device_key 32 - } 33 - } 34 - 35 - export def ca [ 36 - name: string 37 - ] { 38 - mkdir $path_data 39 - nebula-cert ca -name $name -out-crt $path_ca_cert -out-key $path_ca_key -encrypt 40 - 41 - print "Certificate will be valid for one year. Be sure to set up an alert or calendar event to rotate your CA and certificates before then to ensure continued connectivity!" 42 - 43 - {last_ip: 0} | save -f $path_state 44 - }