]>
git.immae.eu Git - perso/Immae/Config/Nix.git/blob - nixops/scripts/setup
3 RemoteRepo
="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Mes_Sites/Paul"
4 NixChannelUrl
='https://releases.nixos.org/nixos/18.09/nixos-18.09.1834.9d608a6f592'
5 NixChannelName
='immaeNixpkgs'
7 if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" \
8 -o -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
10 Two environment variables are needed to setup the password store:
11 NIXOPS_CONFIG_PASS_SUBTREE_PATH : path where the subtree will be imported
12 NIXOPS_CONFIG_PASS_SUBTREE_REMOTE : remote name to give to the repository
17 if ! pass
$NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev
/null
2>/dev
/null
; then
19 /!\ This will modify your password store to add and import a subtree
20 with the specific passwords files. Choose a path that doesn’t exist
21 yet in your password store.
22 > pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo
23 > pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
24 Later, you can use pull_environment and push_environment scripts to
25 update the passwords when needed
29 if [ "$y" = "y" -o "$y" = "Y" ]; then
30 pass git remote add
$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo
31 pass git subtree add
--prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
38 if [ ! -f /etc
/ssh
/ssh_rsa_key_nixops
]; then
40 The key to access private git repositories (websites hosted by the
41 server) needs to be accessible to nix builders. It will be put in
42 /etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that)
43 > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
44 > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
45 > sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops
46 > sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
50 if [ "$y" = "y" -o "$y" = "Y" ]; then
51 if ! id
-u nixbld1
2>/dev
/null
>/dev
/null
; then
52 echo "User nixbld1 seems inexistant, did you install nix?"
57 # Don’t forward it directly to tee, it would break ncurse pinentry
58 key
=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey)
59 echo "$key" | sudo
tee /etc
/ssh
/ssh_rsa_key_nixops
> /dev
/null
60 sudo
chmod u
=r
,go
=- /etc
/ssh
/ssh_rsa_key_nixops
61 pubkey
=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub)
62 echo "$pubkey" | sudo
tee /etc
/ssh
/ssh_rsa_key_nixops.pub
> /dev
/null
63 sudo
chmod a
=r
/etc
/ssh
/ssh_rsa_key_nixops.pub
64 sudo chown nixbld1
:nixbld
/etc
/ssh
/ssh_rsa_key_nixops
/etc
/ssh
/ssh_rsa_key_nixops.pub
72 if ! nix
-channel --list | grep -q "$NixChannelName $NixChannelUrl"; then
74 A new nix channel will be installed (or upgraded) to freeze the packages
76 $NixChannelName $NixChannelUrl
77 > nix-channel --add $NixChannelUrl $NixChannelName
78 > nix-channel --update
79 If this step fail, you may have to disable sandboxing in
80 /etc/nix/nix.conf and rerun
81 > nix-channel --update
86 if [ "$y" = "y" -o "$y" = "Y" ]; then
87 nix
-channel --add $NixChannelUrl $NixChannelName
94 Please make sure you’re using scripts/nixops_wrap when deploying