From: Ismaël Bouya <ismael.bouya@normalesup.org>
Date: Thu, 31 Jan 2019 17:32:10 +0000 (+0100)
Subject: Use password store to store environment
X-Git-Tag: nur_publish~266
X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=commitdiff_plain;h=5f5efa6fa5a5b7d299998be410a278a7ff396504

Use password store to store environment
---

diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix
index 2893335..ecc65cc 100644
--- a/nixops/eldiron.nix
+++ b/nixops/eldiron.nix
@@ -1,3 +1,4 @@
+{ environment ? ./environment.nix }:
 {
   network = {
     description = "Immae's network";
@@ -10,7 +11,7 @@
     _module.args = {
       mylibs = import ../libs.nix;
       myconfig = {
-        env = import ./environment.nix;
+        env = import environment;
         ips = {
           main = "176.9.151.89";
           production = "176.9.151.154";
@@ -93,6 +94,8 @@
 
     services.cron = {
       enable = true;
+      # Doesn't work, need to be a user
+      mailto = "cron+eldiron@immae.eu";
       systemCronJobs = [
         ''
           # The star after /var/lib/* avoids deleting all folders in case of problem
diff --git a/nixops/scripts/nixops_wrap b/nixops/scripts/nixops_wrap
new file mode 100755
index 0000000..c23d308
--- /dev/null
+++ b/nixops/scripts/nixops_wrap
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+if [ -z "$NIXOPS_CONFIG_PASS_PATH" ]; then
+  echo "Please set NIXOPS_CONFIG_PASS_PATH to the password-store environment file path"
+  exit 1;
+fi
+
+TEMP=$(mktemp /tmp/XXXXXX-environment.nix)
+chmod go-rwx $TEMP
+
+finish() {
+  rm -f "$TEMP"
+  nixops set-args --unset environment
+}
+
+trap finish EXIT
+
+pass show "$NIXOPS_CONFIG_PASS_PATH" >> $TEMP
+nixops set-args --argstr environment "$TEMP"
+
+nixops "$@"
diff --git a/nixops/scripts/pull_environment b/nixops/scripts/pull_environment
new file mode 100755
index 0000000..e508a2e
--- /dev/null
+++ b/nixops/scripts/pull_environment
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
+  echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path"
+  exit 1;
+fi
+
+if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" ]; then
+  echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name"
+  exit 1;
+fi
+
+pass git subtree pull --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
diff --git a/nixops/scripts/push_environment b/nixops/scripts/push_environment
new file mode 100755
index 0000000..8b59240
--- /dev/null
+++ b/nixops/scripts/push_environment
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
+  echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path"
+  exit 1;
+fi
+
+if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" ]; then
+  echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name"
+  exit 1;
+fi
+
+pass git subtree push --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master