Move private files in a better layout

diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix
index 8dc8c4d8273a8e09e624fc26e64d51f403f9a460..5dff7d4674203b58c7af6f5be83e8aea93b23f77 100644 (file)
--- a/nixops/eldiron.nix
+++ b/nixops/eldiron.nix
@@ -1,4 +1,4 @@
-{ environment ? ./environment.nix }:
+{ privateFiles ? ./. }:

 {
   network = {
     description = "Immae's network";
 {
   network = {
     description = "Immae's network";


@@ -12,7 +12,8 @@
       mylibs = import ../libs.nix;
       mypkgs = import ../default.nix;
       myconfig = {
       mylibs = import ../libs.nix;
       mypkgs = import ../default.nix;
       myconfig = {

-        env = import environment;
+        inherit privateFiles;
+        env = import "${privateFiles}/environment.nix";

         ips = {
           main = "176.9.151.89";
           production = "176.9.151.154";
         ips = {
           main = "176.9.151.89";
           production = "176.9.151.154";

diff --git a/nixops/scripts/nixops_wrap b/nixops/scripts/nixops_wrap
index 24b838181e22f1c2d5e27d81fad7f02508f61e63..561bf6e814bef24514948ff2155d3332a01a5d0a 100755 (executable)
--- a/nixops/scripts/nixops_wrap
+++ b/nixops/scripts/nixops_wrap
@@ -6,12 +6,12 @@ if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
   exit 1;
 fi
 
   exit 1;
 fi
 

-TEMP=$(mktemp /tmp/XXXXXX-environment.nix)
+TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files)

 chmod go-rwx $TEMP
 
 finish() {
 chmod go-rwx $TEMP
 
 finish() {

-  rm -f "$TEMP"
-  nixops set-args --unset environment
+  rm -rf "$TEMP"
+  nixops set-args --unset privateFiles

 }
 
 trap finish EXIT
 }
 
 trap finish EXIT


@@ -20,8 +20,13 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
 export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
 export NIXOPS_DEPLOYMENT="$DeploymentUuid"
 
 export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
 export NIXOPS_DEPLOYMENT="$DeploymentUuid"
 

-pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixConfig" >> $TEMP
-nixops set-args --argstr environment "$TEMP"
+# pass cannot "just" list files in a directory without showing a tree :(
+files=$(pass ls $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files | sed -e '1d' -e 's/^.* //')
+
+for file in $files; do
+  pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files/$file" > $TEMP/$file
+done
+nixops set-args --argstr privateFiles "$TEMP"

 
 export NIX_PATH="ssh-config-file=$(dirname $DIR)/ssh/config:nixpkgs=$HOME/.nix-defexpr/channels/immaeNixpkgs"
 nixops "$@"
 
 export NIX_PATH="ssh-config-file=$(dirname $DIR)/ssh/config:nixpkgs=$HOME/.nix-defexpr/channels/immaeNixpkgs"
 nixops "$@"

diff --git a/nixops/scripts/pull_deployment b/nixops/scripts/pull_deployment
index 796ff9bb2951c99c7370032a1cc0f3b9f1198a8f..8ee9b75aac9b01a6f36824f5efafcfdd49ce7c87 100755 (executable)
--- a/nixops/scripts/pull_deployment
+++ b/nixops/scripts/pull_deployment
@@ -24,7 +24,7 @@ EOF
   fi
 fi
 
   fi
 fi
 

-deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment)
+deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment)

 
 echo "$deployment" | nixops import
 
 
 echo "$deployment" | nixops import
 

diff --git a/nixops/scripts/push_deployment b/nixops/scripts/push_deployment
index 07a804eb4d726c5ee2869cca1aab64dc0ba2d254..e43b6be0fd9c443171151f509c2919cb7747df00 100755 (executable)
--- a/nixops/scripts/push_deployment
+++ b/nixops/scripts/push_deployment
@@ -11,4 +11,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
 export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
 export NIXOPS_DEPLOYMENT="$DeploymentUuid"
 
 export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
 export NIXOPS_DEPLOYMENT="$DeploymentUuid"
 

-nixops export | pass insert -m $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment
+nixops export | pass insert -m $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment

diff --git a/nixops/scripts/setup b/nixops/scripts/setup
index bb433babbdf13fafc6dfb5a15d5a93a9b9494667..c94b72b7e7a54b26eb06147bab1c1d6ebbdba813 100755 (executable)
--- a/nixops/scripts/setup
+++ b/nixops/scripts/setup
@@ -50,8 +50,8 @@ if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then
        The key to access private git repositories (websites hosted by the
        server) needs to be accessible to nix builders. It will be put in
        /etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that)
        The key to access private git repositories (websites hosted by the
        server) needs to be accessible to nix builders. It will be put in
        /etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that)

-       > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
-       > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
+       > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
+       > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null

        > sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops
        > sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
        Continue? [y/N]
        > sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops
        > sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
        Continue? [y/N]


@@ -65,10 +65,10 @@ if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then
     mask=$(umask)
     umask 0777
     # Don’t forward it directly to tee, it would break ncurse pinentry
     mask=$(umask)
     umask 0777
     # Don’t forward it directly to tee, it would break ncurse pinentry

-    key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey)
+    key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey)

     echo "$key" | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
     sudo chmod u=r,go=- /etc/ssh/ssh_rsa_key_nixops
     echo "$key" | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
     sudo chmod u=r,go=- /etc/ssh/ssh_rsa_key_nixops

-    pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub)
+    pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub)

     echo "$pubkey" | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
     sudo chmod a=r /etc/ssh/ssh_rsa_key_nixops.pub
     sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
     echo "$pubkey" | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
     sudo chmod a=r /etc/ssh/ssh_rsa_key_nixops.pub
     sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub


@@ -133,7 +133,7 @@ if ! nixops info 2>/dev/null >/dev/null; then
        EOF
   read y
   if [ "$y" = "y" -o "$y" = "Y" ]; then
        EOF
   read y
   if [ "$y" = "y" -o "$y" = "Y" ]; then

-    deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment)
+    deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment)

     echo "$deployment" | nixops import
 
     nixops modify "$(dirname $DIR)/eldiron.nix"
     echo "$deployment" | nixops import
 
     nixops modify "$(dirname $DIR)/eldiron.nix"