#!/bin/bash
-RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Mes_Sites/Paul"
-NixChannelUrl='https://releases.nixos.org/nixos/18.09/nixos-18.09.1834.9d608a6f592'
-NixChannelName='immaeNixpkgs'
+set -euxo pipefail
+
+RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Sites"
DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf"
if ! which nix 2>/dev/null >/dev/null; then
The key to access private git repositories (websites hosted by the
server) needs to be accessible to nix builders. It will be put in
/etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that)
- > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
- > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
+ > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
+ > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
> sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops
> sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
Continue? [y/N]
mask=$(umask)
umask 0777
# Don’t forward it directly to tee, it would break ncurse pinentry
- key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey)
+ key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey)
echo "$key" | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
sudo chmod u=r,go=- /etc/ssh/ssh_rsa_key_nixops
- pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub)
+ pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub)
echo "$pubkey" | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
sudo chmod a=r /etc/ssh/ssh_rsa_key_nixops.pub
sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
fi
fi
-if ! nix-channel --list | grep -q "$NixChannelName $NixChannelUrl"; then
- cat <<-EOF
- A new nix channel will be installed (or upgraded) to freeze the packages
- version:
- $NixChannelName $NixChannelUrl
- > nix-channel --add $NixChannelUrl $NixChannelName
- > nix-channel --update
- If this step fail, you may have to disable sandboxing in
- /etc/nix/nix.conf and rerun
- > nix-channel --update
- manually.
- Continue? [y/N]
- EOF
- read y
- if [ "$y" = "y" -o "$y" = "Y" ]; then
- nix-channel --add $NixChannelUrl $NixChannelName
- nix-channel --update
- else
- echo "Aborting"
- exit 1
- fi
-fi
-
if ! which nixops 2>/dev/null >/dev/null; then
cat <<-EOF
nixops is needed:
EOF
read y
if [ "$y" = "y" -o "$y" = "Y" ]; then
- deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment)
+ deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment)
echo "$deployment" | nixops import
nixops modify "$(dirname $DIR)/eldiron.nix"