[perso/Immae/Config/Nix.git] / nixops / scripts / setup

#!/bin/bash

RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Mes_Sites/Paul"
DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf"

if ! which nix 2>/dev/null >/dev/null; then
  cat <<-EOF
	nix is needed, please install it:
	> curl https://nixos.org/nix/install | sh
	(or any other way handled by your distribution)
	EOF
  exit 1
fi

if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" \
    -o -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
  cat <<-EOF
	Two environment variables are needed to setup the password store:
	NIXOPS_CONFIG_PASS_SUBTREE_PATH : path where the subtree will be imported
	NIXOPS_CONFIG_PASS_SUBTREE_REMOTE : remote name to give to the repository
	EOF
  exit 1
fi

if ! pass $NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev/null 2>/dev/null; then
  cat <<-EOF
	/!\ This will modify your password store to add and import a subtree
	with the specific passwords files. Choose a path that doesn’t exist
	yet in your password store.
	> pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo
	> pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
	Later, you can use pull_environment and push_environment scripts to
	update the passwords when needed
	Continue? [y/N]
	EOF
  read y
  if [ "$y" = "y" -o "$y" = "Y" ]; then
    pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo
    pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
  else
    echo "Aborting"
    exit 1
  fi
fi

if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then
  cat <<-EOF
	The key to access private git repositories (websites hosted by the
	server) needs to be accessible to nix builders. It will be put in
	/etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that)
	> pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
	> pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
	> sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops
	> sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
	Continue? [y/N]
	EOF
  read y
  if [ "$y" = "y" -o "$y" = "Y" ]; then
    if ! id -u nixbld1 2>/dev/null >/dev/null; then
      echo "User nixbld1 seems inexistant, did you install nix?"
      exit 1
    fi
    mask=$(umask)
    umask 0777
    # Don’t forward it directly to tee, it would break ncurse pinentry
    key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey)
    echo "$key" | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
    sudo chmod u=r,go=- /etc/ssh/ssh_rsa_key_nixops
    pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub)
    echo "$pubkey" | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
    sudo chmod a=r /etc/ssh/ssh_rsa_key_nixops.pub
    sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
    umask $mask
  else
    echo "Aborting"
    exit 1
  fi
fi

if ! which nixops 2>/dev/null >/dev/null; then
  cat <<-EOF
	nixops is needed:
	> nix-env -i nixops
	If it fails, please check that $HOME/.nix-profile/bin is in your PATH.
	Continue? [y/N]
	EOF
  read y
  if [ "$y" = "y" -o "$y" = "Y" ]; then
    nix-env -i nixops
    if ! which nixops 2>/dev/null >/dev/null; then
      echo "Installation failed, please check that $HOME/.nix-profile/bin is in your path."
      exit 1
    fi
  else
    echo "Aborting"
    exit 1
  fi
fi

DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
export NIXOPS_DEPLOYMENT="$DeploymentUuid"

if ! nixops info 2>/dev/null >/dev/null; then
  cat <<-EOF
	Importing deployment file into nixops:
	Continue? [y/N]
	EOF
  read y
  if [ "$y" = "y" -o "$y" = "Y" ]; then
    deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment)
    echo "$deployment" | nixops import

    nixops modify "$(dirname $DIR)/eldiron.nix"
  else
    echo "Aborting"
    exit 1
  fi
fi

cat <<-EOF
	All set up.
	Please make sure you’re using scripts/nixops_wrap when deploying
	EOF
Commit	Line	Data
9f5da6d7 IB	1	#!/bin/bash
	2
	3	RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Mes_Sites/Paul"
568d4240 IB	4	DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf"
	5
	6	if ! which nix 2>/dev/null >/dev/null; then
	7	cat <<-EOF
	8	nix is needed, please install it:
	9	> curl https://nixos.org/nix/install \| sh
	10	(or any other way handled by your distribution)
	11	EOF
	12	exit 1
	13	fi
9f5da6d7 IB	14
	15	if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" \
	16	-o -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
	17	cat <<-EOF
568d4240 IB	18	Two environment variables are needed to setup the password store:
	19	NIXOPS_CONFIG_PASS_SUBTREE_PATH : path where the subtree will be imported
	20	NIXOPS_CONFIG_PASS_SUBTREE_REMOTE : remote name to give to the repository
	21	EOF
9f5da6d7 IB	22	exit 1
	23	fi
	24
	25	if ! pass $NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev/null 2>/dev/null; then
	26	cat <<-EOF
568d4240 IB	27	/!\ This will modify your password store to add and import a subtree
	28	with the specific passwords files. Choose a path that doesn’t exist
	29	yet in your password store.
	30	> pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo
	31	> pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
	32	Later, you can use pull_environment and push_environment scripts to
	33	update the passwords when needed
	34	Continue? [y/N]
	35	EOF
9f5da6d7 IB	36	read y
	37	if [ "$y" = "y" -o "$y" = "Y" ]; then
	38	pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo
	39	pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
	40	else
	41	echo "Aborting"
	42	exit 1
	43	fi
	44	fi
	45
	46	if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then
568d4240 IB	47	cat <<-EOF
	48	The key to access private git repositories (websites hosted by the
	49	server) needs to be accessible to nix builders. It will be put in
	50	/etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that)
9690acd9 IB	51	> pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey \| sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
9690acd9 IB	52	> pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub \| sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
568d4240 IB	53	> sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops
	54	> sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
	55	Continue? [y/N]
	56	EOF
9f5da6d7 IB	57	read y
	58	if [ "$y" = "y" -o "$y" = "Y" ]; then
	59	if ! id -u nixbld1 2>/dev/null >/dev/null; then
	60	echo "User nixbld1 seems inexistant, did you install nix?"
	61	exit 1
	62	fi
	63	mask=$(umask)
	64	umask 0777
	65	# Don’t forward it directly to tee, it would break ncurse pinentry
9690acd9	66	key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey)
9f5da6d7 IB	67	echo "$key" \| sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
9f5da6d7 IB	68	sudo chmod u=r,go=- /etc/ssh/ssh_rsa_key_nixops
9690acd9	69	pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub)
9f5da6d7 IB	70	echo "$pubkey" \| sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
	71	sudo chmod a=r /etc/ssh/ssh_rsa_key_nixops.pub
	72	sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
	73	umask $mask
	74	else
	75	echo "Aborting"
	76	exit 1
	77	fi
	78	fi
	79
568d4240 IB	80	if ! which nixops 2>/dev/null >/dev/null; then
	81	cat <<-EOF
	82	nixops is needed:
	83	> nix-env -i nixops
	84	If it fails, please check that $HOME/.nix-profile/bin is in your PATH.
	85	Continue? [y/N]
	86	EOF
	87	read y
	88	if [ "$y" = "y" -o "$y" = "Y" ]; then
	89	nix-env -i nixops
	90	if ! which nixops 2>/dev/null >/dev/null; then
	91	echo "Installation failed, please check that $HOME/.nix-profile/bin is in your path."
	92	exit 1
	93	fi
	94	else
	95	echo "Aborting"
	96	exit 1
	97	fi
	98	fi
	99
	100	DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
	101	export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
	102	export NIXOPS_DEPLOYMENT="$DeploymentUuid"
	103
	104	if ! nixops info 2>/dev/null >/dev/null; then
	105	cat <<-EOF
	106	Importing deployment file into nixops:
	107	Continue? [y/N]
	108	EOF
	109	read y
	110	if [ "$y" = "y" -o "$y" = "Y" ]; then
9690acd9	111	deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment)
568d4240 IB	112	echo "$deployment" \| nixops import
	113
	114	nixops modify "$(dirname $DIR)/eldiron.nix"
	115	else
	116	echo "Aborting"
	117	exit 1
34c58714	118	fi
9f5da6d7	119	fi
34c58714	120
568d4240 IB	121	cat <<-EOF
	122	All set up.
	123	Please make sure you’re using scripts/nixops_wrap when deploying
	124	EOF