Use password store to store environment

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-01-31 18:32:10 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-01-31 18:43:48 +0100
commit: 5f5efa6fa5a5b7d299998be410a278a7ff396504 (patch)
tree: 0e894e3cf4f2907ff0d7279abab1c96f5addc094
parent: f759f52e50c1099724c0a172cbebfdcb0823a25f (diff)
download: Nix-5f5efa6fa5a5b7d299998be410a278a7ff396504.tar.gz
Nix-5f5efa6fa5a5b7d299998be410a278a7ff396504.tar.zst
Nix-5f5efa6fa5a5b7d299998be410a278a7ff396504.zip
4 files changed, 51 insertions, 1 deletions
diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix
index 2893335..ecc65cc 100644
--- a/nixops/eldiron.nix
+++ b/nixops/eldiron.nix
@@ -1,3 +1,4 @@
+{ environment ? ./environment.nix }:
 {
  network = {
    description = "Immae's network";
@@ -10,7 +11,7 @@
    _module.args = {
      mylibs = import ../libs.nix;
      myconfig = {
-        env = import ./environment.nix;
+        env = import environment;
        ips = {
          main = "176.9.151.89";
          production = "176.9.151.154";
@@ -93,6 +94,8 @@
    services.cron = {
      enable = true;
+      # Doesn't work, need to be a user
+      mailto = "cron+eldiron@immae.eu";
      systemCronJobs = [
        ''
          # The star after /var/lib/* avoids deleting all folders in case of problem
diff --git a/nixops/scripts/nixops_wrap b/nixops/scripts/nixops_wrap
new file mode 100755
index 0000000..c23d308
--- /dev/null
+++ b/nixops/scripts/nixops_wrap
@@ -0,0 +1,21 @@
+#!/bin/bash
+if [ -z "$NIXOPS_CONFIG_PASS_PATH" ]; then
+  echo "Please set NIXOPS_CONFIG_PASS_PATH to the password-store environment file path"
+  exit 1;
+fi
+TEMP=$(mktemp /tmp/XXXXXX-environment.nix)
+chmod go-rwx $TEMP
+finish() {
+  rm -f "$TEMP"
+  nixops set-args --unset environment
+}
+trap finish EXIT
+pass show "$NIXOPS_CONFIG_PASS_PATH" >> $TEMP
+nixops set-args --argstr environment "$TEMP"
+nixops "$@"
diff --git a/nixops/scripts/pull_environment b/nixops/scripts/pull_environment
new file mode 100755
index 0000000..e508a2e
--- /dev/null
+++ b/nixops/scripts/pull_environment
@@ -0,0 +1,13 @@
+#!/bin/bash
+if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
+  echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path"
+  exit 1;
+fi
+if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" ]; then
+  echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name"
+  exit 1;
+fi
+pass git subtree pull --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
diff --git a/nixops/scripts/push_environment b/nixops/scripts/push_environment
new file mode 100755
index 0000000..8b59240
--- /dev/null
+++ b/nixops/scripts/push_environment
@@ -0,0 +1,13 @@
+#!/bin/bash
+if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
+  echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path"
+  exit 1;
+fi
+if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" ]; then
+  echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name"
+  exit 1;
+fi
+pass git subtree push --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-01-31 18:32:10 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-01-31 18:43:48 +0100
commit	5f5efa6fa5a5b7d299998be410a278a7ff396504 (patch)
tree	0e894e3cf4f2907ff0d7279abab1c96f5addc094
parent	f759f52e50c1099724c0a172cbebfdcb0823a25f (diff)
download	Nix-5f5efa6fa5a5b7d299998be410a278a7ff396504.tar.gz Nix-5f5efa6fa5a5b7d299998be410a278a7ff396504.tar.zst Nix-5f5efa6fa5a5b7d299998be410a278a7ff396504.zip

diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix index 2893335..ecc65cc 100644 --- a/nixops/eldiron.nix +++ b/nixops/eldiron.nix
@@ -1,3 +1,4 @@
		1	{ environment ? ./environment.nix }:
1	{	2	{
2	network = {	3	network = {
3	description = "Immae's network";	4	description = "Immae's network";
@@ -10,7 +11,7 @@
10	_module.args = {	11	_module.args = {
11	mylibs = import ../libs.nix;	12	mylibs = import ../libs.nix;
12	myconfig = {	13	myconfig = {
13	env = import ./environment.nix;	14	env = import environment;
14	ips = {	15	ips = {
15	main = "176.9.151.89";	16	main = "176.9.151.89";
16	production = "176.9.151.154";	17	production = "176.9.151.154";
@@ -93,6 +94,8 @@
93		94
94	services.cron = {	95	services.cron = {
95	enable = true;	96	enable = true;
		97	# Doesn't work, need to be a user
		98	mailto = "cron+eldiron@immae.eu";
96	systemCronJobs = [	99	systemCronJobs = [
97	''	100	''
98	# The star after /var/lib/* avoids deleting all folders in case of problem	101	# The star after /var/lib/* avoids deleting all folders in case of problem


diff --git a/nixops/scripts/nixops_wrap b/nixops/scripts/nixops_wrap new file mode 100755 index 0000000..c23d308 --- /dev/null +++ b/nixops/scripts/nixops_wrap
@@ -0,0 +1,21 @@
		1	#!/bin/bash
		2
		3	if [ -z "$NIXOPS_CONFIG_PASS_PATH" ]; then
		4	echo "Please set NIXOPS_CONFIG_PASS_PATH to the password-store environment file path"
		5	exit 1;
		6	fi
		7
		8	TEMP=$(mktemp /tmp/XXXXXX-environment.nix)
		9	chmod go-rwx $TEMP
		10
		11	finish() {
		12	rm -f "$TEMP"
		13	nixops set-args --unset environment
		14	}
		15
		16	trap finish EXIT
		17
		18	pass show "$NIXOPS_CONFIG_PASS_PATH" >> $TEMP
		19	nixops set-args --argstr environment "$TEMP"
		20
		21	nixops "$@"


diff --git a/nixops/scripts/pull_environment b/nixops/scripts/pull_environment new file mode 100755 index 0000000..e508a2e --- /dev/null +++ b/nixops/scripts/pull_environment
@@ -0,0 +1,13 @@
		1	#!/bin/bash
		2
		3	if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
		4	echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path"
		5	exit 1;
		6	fi
		7
		8	if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" ]; then
		9	echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name"
		10	exit 1;
		11	fi
		12
		13	pass git subtree pull --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master


diff --git a/nixops/scripts/push_environment b/nixops/scripts/push_environment new file mode 100755 index 0000000..8b59240 --- /dev/null +++ b/nixops/scripts/push_environment
@@ -0,0 +1,13 @@
		1	#!/bin/bash
		2
		3	if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
		4	echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path"
		5	exit 1;
		6	fi
		7
		8	if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" ]; then
		9	echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name"
		10	exit 1;
		11	fi
		12
		13	pass git subtree push --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master