diff options
-rw-r--r-- | nixops/eldiron.nix | 5 | ||||
-rwxr-xr-x | nixops/scripts/nixops_wrap | 15 | ||||
-rwxr-xr-x | nixops/scripts/pull_deployment | 2 | ||||
-rwxr-xr-x | nixops/scripts/push_deployment | 2 | ||||
-rwxr-xr-x | nixops/scripts/setup | 10 |
5 files changed, 20 insertions, 14 deletions
diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix index 8dc8c4d..5dff7d4 100644 --- a/nixops/eldiron.nix +++ b/nixops/eldiron.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { environment ? ./environment.nix }: | 1 | { privateFiles ? ./. }: |
2 | { | 2 | { |
3 | network = { | 3 | network = { |
4 | description = "Immae's network"; | 4 | description = "Immae's network"; |
@@ -12,7 +12,8 @@ | |||
12 | mylibs = import ../libs.nix; | 12 | mylibs = import ../libs.nix; |
13 | mypkgs = import ../default.nix; | 13 | mypkgs = import ../default.nix; |
14 | myconfig = { | 14 | myconfig = { |
15 | env = import environment; | 15 | inherit privateFiles; |
16 | env = import "${privateFiles}/environment.nix"; | ||
16 | ips = { | 17 | ips = { |
17 | main = "176.9.151.89"; | 18 | main = "176.9.151.89"; |
18 | production = "176.9.151.154"; | 19 | production = "176.9.151.154"; |
diff --git a/nixops/scripts/nixops_wrap b/nixops/scripts/nixops_wrap index 24b8381..561bf6e 100755 --- a/nixops/scripts/nixops_wrap +++ b/nixops/scripts/nixops_wrap | |||
@@ -6,12 +6,12 @@ if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then | |||
6 | exit 1; | 6 | exit 1; |
7 | fi | 7 | fi |
8 | 8 | ||
9 | TEMP=$(mktemp /tmp/XXXXXX-environment.nix) | 9 | TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files) |
10 | chmod go-rwx $TEMP | 10 | chmod go-rwx $TEMP |
11 | 11 | ||
12 | finish() { | 12 | finish() { |
13 | rm -f "$TEMP" | 13 | rm -rf "$TEMP" |
14 | nixops set-args --unset environment | 14 | nixops set-args --unset privateFiles |
15 | } | 15 | } |
16 | 16 | ||
17 | trap finish EXIT | 17 | trap finish EXIT |
@@ -20,8 +20,13 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" | |||
20 | export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" | 20 | export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" |
21 | export NIXOPS_DEPLOYMENT="$DeploymentUuid" | 21 | export NIXOPS_DEPLOYMENT="$DeploymentUuid" |
22 | 22 | ||
23 | pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixConfig" >> $TEMP | 23 | # pass cannot "just" list files in a directory without showing a tree :( |
24 | nixops set-args --argstr environment "$TEMP" | 24 | files=$(pass ls $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files | sed -e '1d' -e 's/^.* //') |
25 | |||
26 | for file in $files; do | ||
27 | pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files/$file" > $TEMP/$file | ||
28 | done | ||
29 | nixops set-args --argstr privateFiles "$TEMP" | ||
25 | 30 | ||
26 | export NIX_PATH="ssh-config-file=$(dirname $DIR)/ssh/config:nixpkgs=$HOME/.nix-defexpr/channels/immaeNixpkgs" | 31 | export NIX_PATH="ssh-config-file=$(dirname $DIR)/ssh/config:nixpkgs=$HOME/.nix-defexpr/channels/immaeNixpkgs" |
27 | nixops "$@" | 32 | nixops "$@" |
diff --git a/nixops/scripts/pull_deployment b/nixops/scripts/pull_deployment index 796ff9b..8ee9b75 100755 --- a/nixops/scripts/pull_deployment +++ b/nixops/scripts/pull_deployment | |||
@@ -24,7 +24,7 @@ EOF | |||
24 | fi | 24 | fi |
25 | fi | 25 | fi |
26 | 26 | ||
27 | deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment) | 27 | deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment) |
28 | 28 | ||
29 | echo "$deployment" | nixops import | 29 | echo "$deployment" | nixops import |
30 | 30 | ||
diff --git a/nixops/scripts/push_deployment b/nixops/scripts/push_deployment index 07a804e..e43b6be 100755 --- a/nixops/scripts/push_deployment +++ b/nixops/scripts/push_deployment | |||
@@ -11,4 +11,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" | |||
11 | export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" | 11 | export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" |
12 | export NIXOPS_DEPLOYMENT="$DeploymentUuid" | 12 | export NIXOPS_DEPLOYMENT="$DeploymentUuid" |
13 | 13 | ||
14 | nixops export | pass insert -m $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment | 14 | nixops export | pass insert -m $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment |
diff --git a/nixops/scripts/setup b/nixops/scripts/setup index bb433ba..c94b72b 100755 --- a/nixops/scripts/setup +++ b/nixops/scripts/setup | |||
@@ -50,8 +50,8 @@ if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then | |||
50 | The key to access private git repositories (websites hosted by the | 50 | The key to access private git repositories (websites hosted by the |
51 | server) needs to be accessible to nix builders. It will be put in | 51 | server) needs to be accessible to nix builders. It will be put in |
52 | /etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that) | 52 | /etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that) |
53 | > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null | 53 | > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null |
54 | > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null | 54 | > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null |
55 | > sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops | 55 | > sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops |
56 | > sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub | 56 | > sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub |
57 | Continue? [y/N] | 57 | Continue? [y/N] |
@@ -65,10 +65,10 @@ if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then | |||
65 | mask=$(umask) | 65 | mask=$(umask) |
66 | umask 0777 | 66 | umask 0777 |
67 | # Don’t forward it directly to tee, it would break ncurse pinentry | 67 | # Don’t forward it directly to tee, it would break ncurse pinentry |
68 | key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey) | 68 | key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey) |
69 | echo "$key" | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null | 69 | echo "$key" | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null |
70 | sudo chmod u=r,go=- /etc/ssh/ssh_rsa_key_nixops | 70 | sudo chmod u=r,go=- /etc/ssh/ssh_rsa_key_nixops |
71 | pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub) | 71 | pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub) |
72 | echo "$pubkey" | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null | 72 | echo "$pubkey" | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null |
73 | sudo chmod a=r /etc/ssh/ssh_rsa_key_nixops.pub | 73 | sudo chmod a=r /etc/ssh/ssh_rsa_key_nixops.pub |
74 | sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub | 74 | sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub |
@@ -133,7 +133,7 @@ if ! nixops info 2>/dev/null >/dev/null; then | |||
133 | EOF | 133 | EOF |
134 | read y | 134 | read y |
135 | if [ "$y" = "y" -o "$y" = "Y" ]; then | 135 | if [ "$y" = "y" -o "$y" = "Y" ]; then |
136 | deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment) | 136 | deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment) |
137 | echo "$deployment" | nixops import | 137 | echo "$deployment" | nixops import |
138 | 138 | ||
139 | nixops modify "$(dirname $DIR)/eldiron.nix" | 139 | nixops modify "$(dirname $DIR)/eldiron.nix" |