From 5f5efa6fa5a5b7d299998be410a278a7ff396504 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Thu, 31 Jan 2019 18:32:10 +0100 Subject: [PATCH] Use password store to store environment --- nixops/eldiron.nix | 5 ++++- nixops/scripts/nixops_wrap | 21 +++++++++++++++++++++ nixops/scripts/pull_environment | 13 +++++++++++++ nixops/scripts/push_environment | 13 +++++++++++++ 4 files changed, 51 insertions(+), 1 deletion(-) create mode 100755 nixops/scripts/nixops_wrap create mode 100755 nixops/scripts/pull_environment create mode 100755 nixops/scripts/push_environment diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix index 2893335..ecc65cc 100644 --- a/nixops/eldiron.nix +++ b/nixops/eldiron.nix @@ -1,3 +1,4 @@ +{ environment ? ./environment.nix }: { network = { description = "Immae's network"; @@ -10,7 +11,7 @@ _module.args = { mylibs = import ../libs.nix; myconfig = { - env = import ./environment.nix; + env = import environment; ips = { main = "176.9.151.89"; production = "176.9.151.154"; @@ -93,6 +94,8 @@ services.cron = { enable = true; + # Doesn't work, need to be a user + mailto = "cron+eldiron@immae.eu"; systemCronJobs = [ '' # The star after /var/lib/* avoids deleting all folders in case of problem diff --git a/nixops/scripts/nixops_wrap b/nixops/scripts/nixops_wrap new file mode 100755 index 0000000..c23d308 --- /dev/null +++ b/nixops/scripts/nixops_wrap @@ -0,0 +1,21 @@ +#!/bin/bash + +if [ -z "$NIXOPS_CONFIG_PASS_PATH" ]; then + echo "Please set NIXOPS_CONFIG_PASS_PATH to the password-store environment file path" + exit 1; +fi + +TEMP=$(mktemp /tmp/XXXXXX-environment.nix) +chmod go-rwx $TEMP + +finish() { + rm -f "$TEMP" + nixops set-args --unset environment +} + +trap finish EXIT + +pass show "$NIXOPS_CONFIG_PASS_PATH" >> $TEMP +nixops set-args --argstr environment "$TEMP" + +nixops "$@" diff --git a/nixops/scripts/pull_environment b/nixops/scripts/pull_environment new file mode 100755 index 0000000..e508a2e --- /dev/null +++ b/nixops/scripts/pull_environment @@ -0,0 +1,13 @@ +#!/bin/bash + +if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then + echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" + exit 1; +fi + +if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" ]; then + echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name" + exit 1; +fi + +pass git subtree pull --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master diff --git a/nixops/scripts/push_environment b/nixops/scripts/push_environment new file mode 100755 index 0000000..8b59240 --- /dev/null +++ b/nixops/scripts/push_environment @@ -0,0 +1,13 @@ +#!/bin/bash + +if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then + echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" + exit 1; +fi + +if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" ]; then + echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name" + exit 1; +fi + +pass git subtree push --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master -- 2.41.0