diff options
Diffstat (limited to 'nixops/scripts/setup')
-rwxr-xr-x | nixops/scripts/setup | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/nixops/scripts/setup b/nixops/scripts/setup new file mode 100755 index 0000000..ff20fc9 --- /dev/null +++ b/nixops/scripts/setup | |||
@@ -0,0 +1,82 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Mes_Sites/Paul" | ||
4 | |||
5 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" \ | ||
6 | -o -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then | ||
7 | cat <<-EOF | ||
8 | Two environment variables are needed to setup the password store: | ||
9 | NIXOPS_CONFIG_PASS_SUBTREE_PATH : path where the subtree will be imported | ||
10 | NIXOPS_CONFIG_PASS_SUBTREE_REMOTE : remote name to give to the repository | ||
11 | EOF | ||
12 | exit 1 | ||
13 | fi | ||
14 | |||
15 | if ! pass $NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev/null 2>/dev/null; then | ||
16 | cat <<-EOF | ||
17 | /!\ This will modify your password store to add and import a subtree | ||
18 | with the specific passwords files. Choose a path that doesn’t exist | ||
19 | yet in your password store. | ||
20 | > pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo | ||
21 | > pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master | ||
22 | Later, you can use pull_environment and push_environment scripts to | ||
23 | update the passwords when needed | ||
24 | Continue? [y/N] | ||
25 | EOF | ||
26 | read y | ||
27 | if [ "$y" = "y" -o "$y" = "Y" ]; then | ||
28 | pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo | ||
29 | pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master | ||
30 | else | ||
31 | echo "Aborting" | ||
32 | exit 1 | ||
33 | fi | ||
34 | fi | ||
35 | |||
36 | if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then | ||
37 | cat <<EOF | ||
38 | The key to access private git repositories (websites hosted by the | ||
39 | server) needs to be accessible to nix builders. It will be put in | ||
40 | /etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that) | ||
41 | > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null | ||
42 | > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null | ||
43 | > sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops | ||
44 | > sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub | ||
45 | Continue? [y/N] | ||
46 | EOF | ||
47 | read y | ||
48 | if [ "$y" = "y" -o "$y" = "Y" ]; then | ||
49 | if ! id -u nixbld1 2>/dev/null >/dev/null; then | ||
50 | echo "User nixbld1 seems inexistant, did you install nix?" | ||
51 | exit 1 | ||
52 | fi | ||
53 | mask=$(umask) | ||
54 | umask 0777 | ||
55 | # Don’t forward it directly to tee, it would break ncurse pinentry | ||
56 | key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey) | ||
57 | echo "$key" | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null | ||
58 | sudo chmod u=r,go=- /etc/ssh/ssh_rsa_key_nixops | ||
59 | pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub) | ||
60 | echo "$pubkey" | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null | ||
61 | sudo chmod a=r /etc/ssh/ssh_rsa_key_nixops.pub | ||
62 | sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub | ||
63 | umask $mask | ||
64 | else | ||
65 | echo "Aborting" | ||
66 | exit 1 | ||
67 | fi | ||
68 | fi | ||
69 | |||
70 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" | ||
71 | nix_config="ssh-config-file=$(dirname $DIR)/ssh/config" | ||
72 | if echo "$NIX_PATH" | grep -q "$nix_config"; then | ||
73 | cat <<EOF | ||
74 | All set up | ||
75 | EOF | ||
76 | else | ||
77 | cat <<EOF | ||
78 | All set up, please add | ||
79 | ssh-config-file=$(dirname $DIR)/ssh/config | ||
80 | to your NIX_PATH environment variable (colon-separated) | ||
81 | EOF | ||
82 | fi | ||