enableRollback = true;
};
- # FIXME: improve purity by enforcing sandbox = true in
- # /etc/nix/nix.conf (need to do something about environment variables
- # before)
-
- # Full backup:
- # The star after /var/lib/* avoids deleting all folders in case of problem
- # rsync -e "ssh -i /root/.ssh/id_charon_vpn" -aAXvz --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* immae@immae.eu:
eldiron = { config, pkgs, mylibs, myconfig, ... }:
with mylibs;
{
_module.args = {
mylibs = import ../libs.nix;
myconfig = {
+ env = import ./environment.nix;
ips = {
main = "176.9.151.89";
production = "176.9.151.154";
deployment = {
targetEnv = "hetzner";
hetzner = {
- #robotUser = "defined in HETZNER_ROBOT_USER";
- #robotPass = "defined in HETZNER_ROBOT_PASS";
+ robotUser = myconfig.env.hetzner.user;
+ robotPass = myconfig.env.hetzner.pass;
mainIPv4 = myconfig.ips.main;
partitions = ''
clearpart --all --initlabel --drives=sda,sdb
environment.etc."ssh/ldap_authorized_keys" = let
ldap_authorized_keys =
- assert checkEnv "NIXOPS_SSHD_LDAP_PASSWORD";
wrap {
name = "ldap_authorized_keys";
file = ./ldap_authorized_keys.sh;
vars = {
- LDAP_PASS = builtins.getEnv "NIXOPS_SSHD_LDAP_PASSWORD";
+ LDAP_PASS = myconfig.env.sshd.ldap.password;
GITOLITE_SHELL = "${pkgs.gitolite}/bin/gitolite-shell";
ECHO = "${pkgs.coreutils}/bin/echo";
};