aboutsummaryrefslogtreecommitdiff
path: root/nixops/scripts/setup
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-02-01 14:39:59 +0100
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-02-01 15:25:15 +0100
commit568d4240fa2d4b1f29cc1dd6d943a2da941ef46e (patch)
tree68b11be24313a2cb964fe8a2ce2d61bb154f3c9d /nixops/scripts/setup
parent34c5871481ec3d8e8ceaf0b63a006bb5b2d8e8c8 (diff)
downloadNix-568d4240fa2d4b1f29cc1dd6d943a2da941ef46e.tar.gz
Nix-568d4240fa2d4b1f29cc1dd6d943a2da941ef46e.tar.zst
Nix-568d4240fa2d4b1f29cc1dd6d943a2da941ef46e.zip
Complete setup script to import deployment file
Diffstat (limited to 'nixops/scripts/setup')
-rwxr-xr-xnixops/scripts/setup132
1 files changed, 93 insertions, 39 deletions
diff --git a/nixops/scripts/setup b/nixops/scripts/setup
index d9d4258..bb433ba 100755
--- a/nixops/scripts/setup
+++ b/nixops/scripts/setup
@@ -3,28 +3,38 @@
3RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Mes_Sites/Paul" 3RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Mes_Sites/Paul"
4NixChannelUrl='https://releases.nixos.org/nixos/18.09/nixos-18.09.1834.9d608a6f592' 4NixChannelUrl='https://releases.nixos.org/nixos/18.09/nixos-18.09.1834.9d608a6f592'
5NixChannelName='immaeNixpkgs' 5NixChannelName='immaeNixpkgs'
6DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf"
7
8if ! which nix 2>/dev/null >/dev/null; then
9 cat <<-EOF
10 nix is needed, please install it:
11 > curl https://nixos.org/nix/install | sh
12 (or any other way handled by your distribution)
13 EOF
14 exit 1
15fi
6 16
7if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" \ 17if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" \
8 -o -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then 18 -o -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
9 cat <<-EOF 19 cat <<-EOF
10Two environment variables are needed to setup the password store: 20 Two environment variables are needed to setup the password store:
11NIXOPS_CONFIG_PASS_SUBTREE_PATH : path where the subtree will be imported 21 NIXOPS_CONFIG_PASS_SUBTREE_PATH : path where the subtree will be imported
12NIXOPS_CONFIG_PASS_SUBTREE_REMOTE : remote name to give to the repository 22 NIXOPS_CONFIG_PASS_SUBTREE_REMOTE : remote name to give to the repository
13EOF 23 EOF
14 exit 1 24 exit 1
15fi 25fi
16 26
17if ! pass $NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev/null 2>/dev/null; then 27if ! pass $NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev/null 2>/dev/null; then
18 cat <<-EOF 28 cat <<-EOF
19/!\ This will modify your password store to add and import a subtree 29 /!\ This will modify your password store to add and import a subtree
20with the specific passwords files. Choose a path that doesn’t exist 30 with the specific passwords files. Choose a path that doesn’t exist
21yet in your password store. 31 yet in your password store.
22> pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo 32 > pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo
23> pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master 33 > pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
24Later, you can use pull_environment and push_environment scripts to 34 Later, you can use pull_environment and push_environment scripts to
25update the passwords when needed 35 update the passwords when needed
26Continue? [y/N] 36 Continue? [y/N]
27EOF 37 EOF
28 read y 38 read y
29 if [ "$y" = "y" -o "$y" = "Y" ]; then 39 if [ "$y" = "y" -o "$y" = "Y" ]; then
30 pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo 40 pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo
@@ -36,16 +46,16 @@ EOF
36fi 46fi
37 47
38if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then 48if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then
39 cat <<EOF 49 cat <<-EOF
40The key to access private git repositories (websites hosted by the 50 The key to access private git repositories (websites hosted by the
41server) needs to be accessible to nix builders. It will be put in 51 server) needs to be accessible to nix builders. It will be put in
42/etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that) 52 /etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that)
43> pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null 53 > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
44> pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null 54 > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
45> sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops 55 > sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops
46> sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub 56 > sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
47Continue? [y/N] 57 Continue? [y/N]
48EOF 58 EOF
49 read y 59 read y
50 if [ "$y" = "y" -o "$y" = "Y" ]; then 60 if [ "$y" = "y" -o "$y" = "Y" ]; then
51 if ! id -u nixbld1 2>/dev/null >/dev/null; then 61 if ! id -u nixbld1 2>/dev/null >/dev/null; then
@@ -70,26 +80,70 @@ EOF
70fi 80fi
71 81
72if ! nix-channel --list | grep -q "$NixChannelName $NixChannelUrl"; then 82if ! nix-channel --list | grep -q "$NixChannelName $NixChannelUrl"; then
73cat <<EOF 83 cat <<-EOF
74A new nix channel will be installed (or upgraded) to freeze the packages 84 A new nix channel will be installed (or upgraded) to freeze the packages
75version: 85 version:
76$NixChannelName $NixChannelUrl 86 $NixChannelName $NixChannelUrl
77> nix-channel --add $NixChannelUrl $NixChannelName 87 > nix-channel --add $NixChannelUrl $NixChannelName
78> nix-channel --update 88 > nix-channel --update
79If this step fail, you may have to disable sandboxing in 89 If this step fail, you may have to disable sandboxing in
80/etc/nix/nix.conf and rerun 90 /etc/nix/nix.conf and rerun
81> nix-channel --update 91 > nix-channel --update
82manually. 92 manually.
83Continue? [y/N] 93 Continue? [y/N]
84EOF 94 EOF
85 read y 95 read y
86 if [ "$y" = "y" -o "$y" = "Y" ]; then 96 if [ "$y" = "y" -o "$y" = "Y" ]; then
87 nix-channel --add $NixChannelUrl $NixChannelName 97 nix-channel --add $NixChannelUrl $NixChannelName
88 nix-channel --update 98 nix-channel --update
99 else
100 echo "Aborting"
101 exit 1
102 fi
103fi
104
105if ! which nixops 2>/dev/null >/dev/null; then
106 cat <<-EOF
107 nixops is needed:
108 > nix-env -i nixops
109 If it fails, please check that $HOME/.nix-profile/bin is in your PATH.
110 Continue? [y/N]
111 EOF
112 read y
113 if [ "$y" = "y" -o "$y" = "Y" ]; then
114 nix-env -i nixops
115 if ! which nixops 2>/dev/null >/dev/null; then
116 echo "Installation failed, please check that $HOME/.nix-profile/bin is in your path."
117 exit 1
118 fi
119 else
120 echo "Aborting"
121 exit 1
122 fi
123fi
124
125DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
126export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
127export NIXOPS_DEPLOYMENT="$DeploymentUuid"
128
129if ! nixops info 2>/dev/null >/dev/null; then
130 cat <<-EOF
131 Importing deployment file into nixops:
132 Continue? [y/N]
133 EOF
134 read y
135 if [ "$y" = "y" -o "$y" = "Y" ]; then
136 deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment)
137 echo "$deployment" | nixops import
138
139 nixops modify "$(dirname $DIR)/eldiron.nix"
140 else
141 echo "Aborting"
142 exit 1
89 fi 143 fi
90fi 144fi
91 145
92cat <<EOF 146cat <<-EOF
93All set up. 147 All set up.
94Please make sure you’re using scripts/nixops_wrap when deploying 148 Please make sure you’re using scripts/nixops_wrap when deploying
95EOF 149 EOF
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-19 12:44:45 +0000