aboutsummaryrefslogtreecommitdiff
path: root/nixops
diff options
context:
space:
mode:
Diffstat (limited to 'nixops')
-rw-r--r--nixops/eldiron.nix5
-rwxr-xr-xnixops/scripts/nixops_wrap15
-rwxr-xr-xnixops/scripts/pull_deployment2
-rwxr-xr-xnixops/scripts/push_deployment2
-rwxr-xr-xnixops/scripts/setup10
5 files changed, 20 insertions, 14 deletions
diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix
index 8dc8c4d..5dff7d4 100644
--- a/nixops/eldiron.nix
+++ b/nixops/eldiron.nix
@@ -1,4 +1,4 @@
1{ environment ? ./environment.nix }: 1{ privateFiles ? ./. }:
2{ 2{
3 network = { 3 network = {
4 description = "Immae's network"; 4 description = "Immae's network";
@@ -12,7 +12,8 @@
12 mylibs = import ../libs.nix; 12 mylibs = import ../libs.nix;
13 mypkgs = import ../default.nix; 13 mypkgs = import ../default.nix;
14 myconfig = { 14 myconfig = {
15 env = import environment; 15 inherit privateFiles;
16 env = import "${privateFiles}/environment.nix";
16 ips = { 17 ips = {
17 main = "176.9.151.89"; 18 main = "176.9.151.89";
18 production = "176.9.151.154"; 19 production = "176.9.151.154";
diff --git a/nixops/scripts/nixops_wrap b/nixops/scripts/nixops_wrap
index 24b8381..561bf6e 100755
--- a/nixops/scripts/nixops_wrap
+++ b/nixops/scripts/nixops_wrap
@@ -6,12 +6,12 @@ if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
6 exit 1; 6 exit 1;
7fi 7fi
8 8
9TEMP=$(mktemp /tmp/XXXXXX-environment.nix) 9TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files)
10chmod go-rwx $TEMP 10chmod go-rwx $TEMP
11 11
12finish() { 12finish() {
13 rm -f "$TEMP" 13 rm -rf "$TEMP"
14 nixops set-args --unset environment 14 nixops set-args --unset privateFiles
15} 15}
16 16
17trap finish EXIT 17trap finish EXIT
@@ -20,8 +20,13 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
20export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" 20export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
21export NIXOPS_DEPLOYMENT="$DeploymentUuid" 21export NIXOPS_DEPLOYMENT="$DeploymentUuid"
22 22
23pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixConfig" >> $TEMP 23# pass cannot "just" list files in a directory without showing a tree :(
24nixops set-args --argstr environment "$TEMP" 24files=$(pass ls $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files | sed -e '1d' -e 's/^.* //')
25
26for file in $files; do
27 pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files/$file" > $TEMP/$file
28done
29nixops set-args --argstr privateFiles "$TEMP"
25 30
26export NIX_PATH="ssh-config-file=$(dirname $DIR)/ssh/config:nixpkgs=$HOME/.nix-defexpr/channels/immaeNixpkgs" 31export NIX_PATH="ssh-config-file=$(dirname $DIR)/ssh/config:nixpkgs=$HOME/.nix-defexpr/channels/immaeNixpkgs"
27nixops "$@" 32nixops "$@"
diff --git a/nixops/scripts/pull_deployment b/nixops/scripts/pull_deployment
index 796ff9b..8ee9b75 100755
--- a/nixops/scripts/pull_deployment
+++ b/nixops/scripts/pull_deployment
@@ -24,7 +24,7 @@ EOF
24 fi 24 fi
25fi 25fi
26 26
27deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment) 27deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment)
28 28
29echo "$deployment" | nixops import 29echo "$deployment" | nixops import
30 30
diff --git a/nixops/scripts/push_deployment b/nixops/scripts/push_deployment
index 07a804e..e43b6be 100755
--- a/nixops/scripts/push_deployment
+++ b/nixops/scripts/push_deployment
@@ -11,4 +11,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
11export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" 11export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
12export NIXOPS_DEPLOYMENT="$DeploymentUuid" 12export NIXOPS_DEPLOYMENT="$DeploymentUuid"
13 13
14nixops export | pass insert -m $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment 14nixops export | pass insert -m $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment
diff --git a/nixops/scripts/setup b/nixops/scripts/setup
index bb433ba..c94b72b 100755
--- a/nixops/scripts/setup
+++ b/nixops/scripts/setup
@@ -50,8 +50,8 @@ if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then
50 The key to access private git repositories (websites hosted by the 50 The key to access private git repositories (websites hosted by the
51 server) needs to be accessible to nix builders. It will be put in 51 server) needs to be accessible to nix builders. It will be put in
52 /etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that) 52 /etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that)
53 > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null 53 > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
54 > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null 54 > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
55 > sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops 55 > sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops
56 > sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub 56 > sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
57 Continue? [y/N] 57 Continue? [y/N]
@@ -65,10 +65,10 @@ if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then
65 mask=$(umask) 65 mask=$(umask)
66 umask 0777 66 umask 0777
67 # Don’t forward it directly to tee, it would break ncurse pinentry 67 # Don’t forward it directly to tee, it would break ncurse pinentry
68 key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey) 68 key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey)
69 echo "$key" | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null 69 echo "$key" | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
70 sudo chmod u=r,go=- /etc/ssh/ssh_rsa_key_nixops 70 sudo chmod u=r,go=- /etc/ssh/ssh_rsa_key_nixops
71 pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub) 71 pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub)
72 echo "$pubkey" | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null 72 echo "$pubkey" | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
73 sudo chmod a=r /etc/ssh/ssh_rsa_key_nixops.pub 73 sudo chmod a=r /etc/ssh/ssh_rsa_key_nixops.pub
74 sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub 74 sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
@@ -133,7 +133,7 @@ if ! nixops info 2>/dev/null >/dev/null; then
133 EOF 133 EOF
134 read y 134 read y
135 if [ "$y" = "y" -o "$y" = "Y" ]; then 135 if [ "$y" = "y" -o "$y" = "Y" ]; then
136 deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment) 136 deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment)
137 echo "$deployment" | nixops import 137 echo "$deployment" | nixops import
138 138
139 nixops modify "$(dirname $DIR)/eldiron.nix" 139 nixops modify "$(dirname $DIR)/eldiron.nix"