blob: 381553540296cff702883e7d9678bd2dd4f205bc (
plain) (
tree)
|
|
#!/bin/bash
RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Mes_Sites/Paul"
DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf"
if ! which nix 2>/dev/null >/dev/null; then
cat <<-EOF
nix is needed, please install it:
> curl https://nixos.org/nix/install | sh
(or any other way handled by your distribution)
EOF
exit 1
fi
if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" \
-o -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
cat <<-EOF
Two environment variables are needed to setup the password store:
NIXOPS_CONFIG_PASS_SUBTREE_PATH : path where the subtree will be imported
NIXOPS_CONFIG_PASS_SUBTREE_REMOTE : remote name to give to the repository
EOF
exit 1
fi
if ! pass $NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev/null 2>/dev/null; then
cat <<-EOF
/!\ This will modify your password store to add and import a subtree
with the specific passwords files. Choose a path that doesn’t exist
yet in your password store.
> pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo
> pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
Later, you can use pull_environment and push_environment scripts to
update the passwords when needed
Continue? [y/N]
EOF
read y
if [ "$y" = "y" -o "$y" = "Y" ]; then
pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo
pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
else
echo "Aborting"
exit 1
fi
fi
if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then
cat <<-EOF
The key to access private git repositories (websites hosted by the
server) needs to be accessible to nix builders. It will be put in
/etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that)
> pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
> pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
> sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops
> sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
Continue? [y/N]
EOF
read y
if [ "$y" = "y" -o "$y" = "Y" ]; then
if ! id -u nixbld1 2>/dev/null >/dev/null; then
echo "User nixbld1 seems inexistant, did you install nix?"
exit 1
fi
mask=$(umask)
umask 0777
# Don’t forward it directly to tee, it would break ncurse pinentry
key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey)
echo "$key" | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
sudo chmod u=r,go=- /etc/ssh/ssh_rsa_key_nixops
pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub)
echo "$pubkey" | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
sudo chmod a=r /etc/ssh/ssh_rsa_key_nixops.pub
sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
umask $mask
else
echo "Aborting"
exit 1
fi
fi
if ! which nixops 2>/dev/null >/dev/null; then
cat <<-EOF
nixops is needed:
> nix-env -i nixops
If it fails, please check that $HOME/.nix-profile/bin is in your PATH.
Continue? [y/N]
EOF
read y
if [ "$y" = "y" -o "$y" = "Y" ]; then
nix-env -i nixops
if ! which nixops 2>/dev/null >/dev/null; then
echo "Installation failed, please check that $HOME/.nix-profile/bin is in your path."
exit 1
fi
else
echo "Aborting"
exit 1
fi
fi
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
export NIXOPS_DEPLOYMENT="$DeploymentUuid"
if ! nixops info 2>/dev/null >/dev/null; then
cat <<-EOF
Importing deployment file into nixops:
Continue? [y/N]
EOF
read y
if [ "$y" = "y" -o "$y" = "Y" ]; then
deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment)
echo "$deployment" | nixops import
nixops modify "$(dirname $DIR)/eldiron.nix"
else
echo "Aborting"
exit 1
fi
fi
cat <<-EOF
All set up.
Please make sure you’re using scripts/nixops_wrap when deploying
EOF
|