X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fscripts%2Fsetup;h=758cc34e584f7b00a0f49c1d6590e4351781f0b8;hb=05ec81385609e0cd1aeef7b1e18cce38e773a3d8;hp=bb433babbdf13fafc6dfb5a15d5a93a9b9494667;hpb=568d4240fa2d4b1f29cc1dd6d943a2da941ef46e;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/nixops/scripts/setup b/nixops/scripts/setup index bb433ba..758cc34 100755 --- a/nixops/scripts/setup +++ b/nixops/scripts/setup @@ -1,8 +1,8 @@ #!/bin/bash -RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Mes_Sites/Paul" -NixChannelUrl='https://releases.nixos.org/nixos/18.09/nixos-18.09.1834.9d608a6f592' -NixChannelName='immaeNixpkgs' +set -euxo pipefail + +RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Sites" DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" if ! which nix 2>/dev/null >/dev/null; then @@ -50,8 +50,8 @@ if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then The key to access private git repositories (websites hosted by the server) needs to be accessible to nix builders. It will be put in /etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that) - > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null - > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null + > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null + > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null > sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops > sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub Continue? [y/N] @@ -65,10 +65,10 @@ if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then mask=$(umask) umask 0777 # Don’t forward it directly to tee, it would break ncurse pinentry - key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey) + key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey) echo "$key" | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null sudo chmod u=r,go=- /etc/ssh/ssh_rsa_key_nixops - pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub) + pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub) echo "$pubkey" | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null sudo chmod a=r /etc/ssh/ssh_rsa_key_nixops.pub sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub @@ -79,29 +79,6 @@ if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then fi fi -if ! nix-channel --list | grep -q "$NixChannelName $NixChannelUrl"; then - cat <<-EOF - A new nix channel will be installed (or upgraded) to freeze the packages - version: - $NixChannelName $NixChannelUrl - > nix-channel --add $NixChannelUrl $NixChannelName - > nix-channel --update - If this step fail, you may have to disable sandboxing in - /etc/nix/nix.conf and rerun - > nix-channel --update - manually. - Continue? [y/N] - EOF - read y - if [ "$y" = "y" -o "$y" = "Y" ]; then - nix-channel --add $NixChannelUrl $NixChannelName - nix-channel --update - else - echo "Aborting" - exit 1 - fi -fi - if ! which nixops 2>/dev/null >/dev/null; then cat <<-EOF nixops is needed: @@ -133,7 +110,7 @@ if ! nixops info 2>/dev/null >/dev/null; then EOF read y if [ "$y" = "y" -o "$y" = "Y" ]; then - deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment) + deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment) echo "$deployment" | nixops import nixops modify "$(dirname $DIR)/eldiron.nix"