-{ environment ? ./environment.nix }:
+{ privateFiles ? ./. }:
{
network = {
description = "Immae's network";
mylibs = import ../libs.nix;
mypkgs = import ../default.nix;
myconfig = {
- env = import environment;
+ inherit privateFiles;
+ env = import "${privateFiles}/environment.nix";
ips = {
main = "176.9.151.89";
production = "176.9.151.154";
exit 1;
fi
-TEMP=$(mktemp /tmp/XXXXXX-environment.nix)
+TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files)
chmod go-rwx $TEMP
finish() {
- rm -f "$TEMP"
- nixops set-args --unset environment
+ rm -rf "$TEMP"
+ nixops set-args --unset privateFiles
}
trap finish EXIT
export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
export NIXOPS_DEPLOYMENT="$DeploymentUuid"
-pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixConfig" >> $TEMP
-nixops set-args --argstr environment "$TEMP"
+# pass cannot "just" list files in a directory without showing a tree :(
+files=$(pass ls $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files | sed -e '1d' -e 's/^.* //')
+
+for file in $files; do
+ pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files/$file" > $TEMP/$file
+done
+nixops set-args --argstr privateFiles "$TEMP"
export NIX_PATH="ssh-config-file=$(dirname $DIR)/ssh/config:nixpkgs=$HOME/.nix-defexpr/channels/immaeNixpkgs"
nixops "$@"
The key to access private git repositories (websites hosted by the
server) needs to be accessible to nix builders. It will be put in
/etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that)
- > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
- > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
+ > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
+ > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
> sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops
> sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
Continue? [y/N]
mask=$(umask)
umask 0777
# Don’t forward it directly to tee, it would break ncurse pinentry
- key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey)
+ key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey)
echo "$key" | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
sudo chmod u=r,go=- /etc/ssh/ssh_rsa_key_nixops
- pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub)
+ pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub)
echo "$pubkey" | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
sudo chmod a=r /etc/ssh/ssh_rsa_key_nixops.pub
sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
EOF
read y
if [ "$y" = "y" -o "$y" = "Y" ]; then
- deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment)
+ deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment)
echo "$deployment" | nixops import
nixops modify "$(dirname $DIR)/eldiron.nix"