]>
git.immae.eu Git - perso/Immae/Config/Nix.git/blob - nixops/scripts/setup
3 RemoteRepo
="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Mes_Sites/Paul"
4 NixChannelUrl
='https://releases.nixos.org/nixos/18.09/nixos-18.09.1834.9d608a6f592'
5 NixChannelName
='immaeNixpkgs'
6 DeploymentUuid
="cef694f3-081d-11e9-b31f-0242ec186adf"
8 if ! which nix
2>/dev
/null
>/dev
/null
; then
10 nix is needed, please install it:
11 > curl https://nixos.org/nix/install | sh
12 (or any other way handled by your distribution)
17 if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" \
18 -o -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
20 Two environment variables are needed to setup the password store:
21 NIXOPS_CONFIG_PASS_SUBTREE_PATH : path where the subtree will be imported
22 NIXOPS_CONFIG_PASS_SUBTREE_REMOTE : remote name to give to the repository
27 if ! pass
$NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev
/null
2>/dev
/null
; then
29 /!\ This will modify your password store to add and import a subtree
30 with the specific passwords files. Choose a path that doesn’t exist
31 yet in your password store.
32 > pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo
33 > pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
34 Later, you can use pull_environment and push_environment scripts to
35 update the passwords when needed
39 if [ "$y" = "y" -o "$y" = "Y" ]; then
40 pass git remote add
$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo
41 pass git subtree add
--prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
48 if [ ! -f /etc
/ssh
/ssh_rsa_key_nixops
]; then
50 The key to access private git repositories (websites hosted by the
51 server) needs to be accessible to nix builders. It will be put in
52 /etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that)
53 > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
54 > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
55 > sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops
56 > sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
60 if [ "$y" = "y" -o "$y" = "Y" ]; then
61 if ! id
-u nixbld1
2>/dev
/null
>/dev
/null
; then
62 echo "User nixbld1 seems inexistant, did you install nix?"
67 # Don’t forward it directly to tee, it would break ncurse pinentry
68 key
=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey)
69 echo "$key" | sudo
tee /etc
/ssh
/ssh_rsa_key_nixops
> /dev
/null
70 sudo
chmod u
=r
,go
=- /etc
/ssh
/ssh_rsa_key_nixops
71 pubkey
=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub)
72 echo "$pubkey" | sudo
tee /etc
/ssh
/ssh_rsa_key_nixops.pub
> /dev
/null
73 sudo
chmod a
=r
/etc
/ssh
/ssh_rsa_key_nixops.pub
74 sudo chown nixbld1
:nixbld
/etc
/ssh
/ssh_rsa_key_nixops
/etc
/ssh
/ssh_rsa_key_nixops.pub
82 if ! nix
-channel --list | grep -q "$NixChannelName $NixChannelUrl"; then
84 A new nix channel will be installed (or upgraded) to freeze the packages
86 $NixChannelName $NixChannelUrl
87 > nix-channel --add $NixChannelUrl $NixChannelName
88 > nix-channel --update
89 If this step fail, you may have to disable sandboxing in
90 /etc/nix/nix.conf and rerun
91 > nix-channel --update
96 if [ "$y" = "y" -o "$y" = "Y" ]; then
97 nix
-channel --add $NixChannelUrl $NixChannelName
105 if ! which nixops
2>/dev
/null
>/dev
/null
; then
109 If it fails, please check that $HOME/.nix-profile/bin is in your PATH.
113 if [ "$y" = "y" -o "$y" = "Y" ]; then
115 if ! which nixops
2>/dev
/null
>/dev
/null
; then
116 echo "Installation failed, please check that $HOME/.nix-profile/bin is in your path."
125 DIR
="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev
/null
2>&1 && pwd )"
126 export NIXOPS_STATE="$(dirname $DIR)/state
/eldiron.nixops
"
127 export NIXOPS_DEPLOYMENT="$DeploymentUuid"
129 if ! nixops info 2>/dev/null >/dev/null; then
131 Importing deployment file into nixops:
135 if [ "$y" = "y
" -o "$y" = "Y
" ]; then
136 deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment)
137 echo "$deployment" | nixops import
139 nixops modify "$(dirname $DIR)/eldiron.nix
"
148 Please make sure you’re using scripts/nixops_wrap when deploying