]> git.immae.eu Git - perso/Immae/Config/Nix.git/commitdiff
projects / perso / Immae / Config / Nix.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f759f52)
Use password store to store environment
authorIsmaël Bouya <ismael.bouya@normalesup.org>
Thu, 31 Jan 2019 17:32:10 +0000 (18:32 +0100)
committerIsmaël Bouya <ismael.bouya@normalesup.org>
Thu, 31 Jan 2019 17:43:48 +0000 (18:43 +0100)
nixops/eldiron.nix patch | blob | blame | history
nixops/scripts/nixops_wrap [new file with mode: 0755] patch | blob
nixops/scripts/pull_environment [new file with mode: 0755] patch | blob
nixops/scripts/push_environment [new file with mode: 0755] patch | blob

diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix
index 289333534a4fbfab0facc833c1214bb9c84f73e1..ecc65cc3f0082b3af970f4df7658910078b21d88 100644 (file)
--- a/nixops/eldiron.nix
+++ b/nixops/eldiron.nix
@@ -1,3 +1,4 @@
+{ environment ? ./environment.nix }:
 {
   network = {
     description = "Immae's network";
@@ -10,7 +11,7 @@
     _module.args = {
       mylibs = import ../libs.nix;
       myconfig = {
-        env = import ./environment.nix;
+        env = import environment;
         ips = {
           main = "176.9.151.89";
           production = "176.9.151.154";
@@ -93,6 +94,8 @@
 
     services.cron = {
       enable = true;
+      # Doesn't work, need to be a user
+      mailto = "cron+eldiron@immae.eu";
       systemCronJobs = [
         ''
           # The star after /var/lib/* avoids deleting all folders in case of problem
diff --git a/nixops/scripts/nixops_wrap b/nixops/scripts/nixops_wrap
new file mode 100755 (executable)
index 0000000..c23d308
--- /dev/null
+++ b/nixops/scripts/nixops_wrap
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+if [ -z "$NIXOPS_CONFIG_PASS_PATH" ]; then
+  echo "Please set NIXOPS_CONFIG_PASS_PATH to the password-store environment file path"
+  exit 1;
+fi
+
+TEMP=$(mktemp /tmp/XXXXXX-environment.nix)
+chmod go-rwx $TEMP
+
+finish() {
+  rm -f "$TEMP"
+  nixops set-args --unset environment
+}
+
+trap finish EXIT
+
+pass show "$NIXOPS_CONFIG_PASS_PATH" >> $TEMP
+nixops set-args --argstr environment "$TEMP"
+
+nixops "$@"
diff --git a/nixops/scripts/pull_environment b/nixops/scripts/pull_environment
new file mode 100755 (executable)
index 0000000..e508a2e
--- /dev/null
+++ b/nixops/scripts/pull_environment
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
+  echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path"
+  exit 1;
+fi
+
+if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" ]; then
+  echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name"
+  exit 1;
+fi
+
+pass git subtree pull --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
diff --git a/nixops/scripts/push_environment b/nixops/scripts/push_environment
new file mode 100755 (executable)
index 0000000..8b59240
--- /dev/null
+++ b/nixops/scripts/push_environment
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
+  echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path"
+  exit 1;
+fi
+
+if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" ]; then
+  echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name"
+  exit 1;
+fi
+
+pass git subtree push --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
My infrastructure configuration