]>
git.immae.eu Git - perso/Immae/Config/Nix.git/blob - nixops/scripts/setup
3 RemoteRepo
="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Mes_Sites/Paul"
5 if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" \
6 -o -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
8 Two environment variables are needed to setup the password store:
9 NIXOPS_CONFIG_PASS_SUBTREE_PATH : path where the subtree will be imported
10 NIXOPS_CONFIG_PASS_SUBTREE_REMOTE : remote name to give to the repository
15 if ! pass
$NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev
/null
2>/dev
/null
; then
17 /!\ This will modify your password store to add and import a subtree
18 with the specific passwords files. Choose a path that doesn’t exist
19 yet in your password store.
20 > pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo
21 > pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
22 Later, you can use pull_environment and push_environment scripts to
23 update the passwords when needed
27 if [ "$y" = "y" -o "$y" = "Y" ]; then
28 pass git remote add
$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo
29 pass git subtree add
--prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
36 if [ ! -f /etc
/ssh
/ssh_rsa_key_nixops
]; then
38 The key to access private git repositories (websites hosted by the
39 server) needs to be accessible to nix builders. It will be put in
40 /etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that)
41 > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
42 > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
43 > sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops
44 > sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
48 if [ "$y" = "y" -o "$y" = "Y" ]; then
49 if ! id
-u nixbld1
2>/dev
/null
>/dev
/null
; then
50 echo "User nixbld1 seems inexistant, did you install nix?"
55 # Don’t forward it directly to tee, it would break ncurse pinentry
56 key
=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey)
57 echo "$key" | sudo
tee /etc
/ssh
/ssh_rsa_key_nixops
> /dev
/null
58 sudo
chmod u
=r
,go
=- /etc
/ssh
/ssh_rsa_key_nixops
59 pubkey
=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub)
60 echo "$pubkey" | sudo
tee /etc
/ssh
/ssh_rsa_key_nixops.pub
> /dev
/null
61 sudo
chmod a
=r
/etc
/ssh
/ssh_rsa_key_nixops.pub
62 sudo chown nixbld1
:nixbld
/etc
/ssh
/ssh_rsa_key_nixops
/etc
/ssh
/ssh_rsa_key_nixops.pub
70 DIR
="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev
/null
2>&1 && pwd )"
71 nix_config="ssh-config-file=$(dirname $DIR)/ssh
/config
"
72 if echo "$NIX_PATH" | grep -q "$nix_config"; then
78 All set up, please add
79 ssh-config-file=$(dirname $DIR)/ssh/config
80 to your NIX_PATH environment variable (colon-separated)