]>
Commit | Line | Data |
---|---|---|
9f5da6d7 IB |
1 | #!/bin/bash |
2 | ||
3 | RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Mes_Sites/Paul" | |
4 | ||
5 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" \ | |
6 | -o -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then | |
7 | cat <<-EOF | |
8 | Two environment variables are needed to setup the password store: | |
9 | NIXOPS_CONFIG_PASS_SUBTREE_PATH : path where the subtree will be imported | |
10 | NIXOPS_CONFIG_PASS_SUBTREE_REMOTE : remote name to give to the repository | |
11 | EOF | |
12 | exit 1 | |
13 | fi | |
14 | ||
15 | if ! pass $NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev/null 2>/dev/null; then | |
16 | cat <<-EOF | |
17 | /!\ This will modify your password store to add and import a subtree | |
18 | with the specific passwords files. Choose a path that doesn’t exist | |
19 | yet in your password store. | |
20 | > pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo | |
21 | > pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master | |
22 | Later, you can use pull_environment and push_environment scripts to | |
23 | update the passwords when needed | |
24 | Continue? [y/N] | |
25 | EOF | |
26 | read y | |
27 | if [ "$y" = "y" -o "$y" = "Y" ]; then | |
28 | pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo | |
29 | pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master | |
30 | else | |
31 | echo "Aborting" | |
32 | exit 1 | |
33 | fi | |
34 | fi | |
35 | ||
36 | if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then | |
37 | cat <<EOF | |
38 | The key to access private git repositories (websites hosted by the | |
39 | server) needs to be accessible to nix builders. It will be put in | |
40 | /etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that) | |
41 | > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null | |
42 | > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null | |
43 | > sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops | |
44 | > sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub | |
45 | Continue? [y/N] | |
46 | EOF | |
47 | read y | |
48 | if [ "$y" = "y" -o "$y" = "Y" ]; then | |
49 | if ! id -u nixbld1 2>/dev/null >/dev/null; then | |
50 | echo "User nixbld1 seems inexistant, did you install nix?" | |
51 | exit 1 | |
52 | fi | |
53 | mask=$(umask) | |
54 | umask 0777 | |
55 | # Don’t forward it directly to tee, it would break ncurse pinentry | |
56 | key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey) | |
57 | echo "$key" | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null | |
58 | sudo chmod u=r,go=- /etc/ssh/ssh_rsa_key_nixops | |
59 | pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub) | |
60 | echo "$pubkey" | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null | |
61 | sudo chmod a=r /etc/ssh/ssh_rsa_key_nixops.pub | |
62 | sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub | |
63 | umask $mask | |
64 | else | |
65 | echo "Aborting" | |
66 | exit 1 | |
67 | fi | |
68 | fi | |
69 | ||
70 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" | |
71 | nix_config="ssh-config-file=$(dirname $DIR)/ssh/config" | |
72 | if echo "$NIX_PATH" | grep -q "$nix_config"; then | |
73 | cat <<EOF | |
74 | All set up | |
75 | EOF | |
76 | else | |
77 | cat <<EOF | |
78 | All set up, please add | |
79 | ssh-config-file=$(dirname $DIR)/ssh/config | |
80 | to your NIX_PATH environment variable (colon-separated) | |
81 | EOF | |
82 | fi |