Move private files in a better layout

diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix
index 8dc8c4d8273a8e09e624fc26e64d51f403f9a460..5dff7d4674203b58c7af6f5be83e8aea93b23f77 100644 (file)
--- a/nixops/eldiron.nix
+++ b/nixops/eldiron.nix
@@ -1,4 +1,4 @@
-{ environment ? ./environment.nix }:
+{ privateFiles ? ./. }:
 {
   network = {
     description = "Immae's network";
@@ -12,7 +12,8 @@
       mylibs = import ../libs.nix;
       mypkgs = import ../default.nix;
       myconfig = {
-        env = import environment;
+        inherit privateFiles;
+        env = import "${privateFiles}/environment.nix";
         ips = {
           main = "176.9.151.89";
           production = "176.9.151.154";

diff --git a/nixops/scripts/nixops_wrap b/nixops/scripts/nixops_wrap
index 24b838181e22f1c2d5e27d81fad7f02508f61e63..561bf6e814bef24514948ff2155d3332a01a5d0a 100755 (executable)
--- a/nixops/scripts/nixops_wrap
+++ b/nixops/scripts/nixops_wrap
@@ -6,12 +6,12 @@ if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
   exit 1;
 fi
 
-TEMP=$(mktemp /tmp/XXXXXX-environment.nix)
+TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files)
 chmod go-rwx $TEMP
 
 finish() {
-  rm -f "$TEMP"
-  nixops set-args --unset environment
+  rm -rf "$TEMP"
+  nixops set-args --unset privateFiles
 }
 
 trap finish EXIT
@@ -20,8 +20,13 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
 export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
 export NIXOPS_DEPLOYMENT="$DeploymentUuid"
 
-pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixConfig" >> $TEMP
-nixops set-args --argstr environment "$TEMP"
+# pass cannot "just" list files in a directory without showing a tree :(
+files=$(pass ls $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files | sed -e '1d' -e 's/^.* //')
+
+for file in $files; do
+  pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files/$file" > $TEMP/$file
+done
+nixops set-args --argstr privateFiles "$TEMP"
 
 export NIX_PATH="ssh-config-file=$(dirname $DIR)/ssh/config:nixpkgs=$HOME/.nix-defexpr/channels/immaeNixpkgs"
 nixops "$@"

diff --git a/nixops/scripts/pull_deployment b/nixops/scripts/pull_deployment
index 796ff9bb2951c99c7370032a1cc0f3b9f1198a8f..8ee9b75aac9b01a6f36824f5efafcfdd49ce7c87 100755 (executable)
--- a/nixops/scripts/pull_deployment
+++ b/nixops/scripts/pull_deployment
@@ -24,7 +24,7 @@ EOF
   fi
 fi
 
-deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment)
+deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment)
 
 echo "$deployment" | nixops import
 

diff --git a/nixops/scripts/push_deployment b/nixops/scripts/push_deployment
index 07a804eb4d726c5ee2869cca1aab64dc0ba2d254..e43b6be0fd9c443171151f509c2919cb7747df00 100755 (executable)
--- a/nixops/scripts/push_deployment
+++ b/nixops/scripts/push_deployment
@@ -11,4 +11,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
 export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
 export NIXOPS_DEPLOYMENT="$DeploymentUuid"
 
-nixops export | pass insert -m $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment
+nixops export | pass insert -m $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment

diff --git a/nixops/scripts/setup b/nixops/scripts/setup
index bb433babbdf13fafc6dfb5a15d5a93a9b9494667..c94b72b7e7a54b26eb06147bab1c1d6ebbdba813 100755 (executable)
--- a/nixops/scripts/setup
+++ b/nixops/scripts/setup
@@ -50,8 +50,8 @@ if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then
        The key to access private git repositories (websites hosted by the
        server) needs to be accessible to nix builders. It will be put in
        /etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that)
-       > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
-       > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
+       > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
+       > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
        > sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops
        > sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
        Continue? [y/N]
@@ -65,10 +65,10 @@ if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then
     mask=$(umask)
     umask 0777
     # Don’t forward it directly to tee, it would break ncurse pinentry
-    key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey)
+    key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey)
     echo "$key" | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
     sudo chmod u=r,go=- /etc/ssh/ssh_rsa_key_nixops
-    pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub)
+    pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub)
     echo "$pubkey" | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
     sudo chmod a=r /etc/ssh/ssh_rsa_key_nixops.pub
     sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
@@ -133,7 +133,7 @@ if ! nixops info 2>/dev/null >/dev/null; then
        EOF
   read y
   if [ "$y" = "y" -o "$y" = "Y" ]; then
-    deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment)
+    deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment)
     echo "$deployment" | nixops import
 
     nixops modify "$(dirname $DIR)/eldiron.nix"