aboutsummaryrefslogtreecommitdiff
path: root/scripts/setup
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/setup')
-rwxr-xr-xscripts/setup90
1 files changed, 90 insertions, 0 deletions
diff --git a/scripts/setup b/scripts/setup
new file mode 100755
index 0000000..db0f353
--- /dev/null
+++ b/scripts/setup
@@ -0,0 +1,90 @@
1#!/usr/bin/env bash
2
3set -euo pipefail
4
5if ! which nix 2>/dev/null >/dev/null; then
6 cat <<-EOF
7 nix is needed, please install it:
8 > curl https://nixos.org/nix/install | sh
9 (or any other way handled by your distribution)
10 EOF
11 exit 1
12fi
13
14if [ "${NIX_STORE:-/nix/store}" != "/nix/store" ]; then
15 cat <<-EOF
16 Nix store outside of /nix/store is not supported
17 EOF
18 exit 1
19fi
20
21if ! which direnv 2>/dev/null >/dev/null; then
22 cat <<-EOF
23 direnv is needed, please install it
24 EOF
25 exit 1
26fi
27
28if [ -z "$NIXOPS_ENV_LOADED" ]; then
29 cat <<-EOF
30 direnv environment needs to be loaded
31 EOF
32 exit 1
33fi
34
35if [ "$(git config --get include.path)" != "../.gitconfig" ]; then
36 cat <<-EOF
37 it is recommended to include the .gitconfig file into (local) git configuration:
38 git config --local include.path '../.gitconfig'
39 Run this command? [y/N]
40 EOF
41 read y
42 if [ "$y" = "y" -o "$y" = "Y" ]; then
43 git config --local include.path '../.gitconfig'
44 fi
45fi
46
47for key in public_keys/*; do
48 fpr=$(cat "$key" | gpg --import-options show-only --import --with-colons | grep -e "^pub" | cut -d':' -f5)
49 gpg --list-key "$fpr" >/dev/null 2>/dev/null && imported=yes || imported=no
50 # /usr/share/doc/gnupg/DETAILS field 2
51 (cat "$key" | gpg --import-options show-only --import --with-colons |
52 grep -E '^pub:' |
53 cut -d':' -f2 |
54 grep -q '[fu]') && signed=yes || signed=no
55 if [ "$signed" = no -o "$imported" = no ] ; then
56 echo "The key for $key needs to be imported and signed (a local signature is enough)"
57 cat "$key" | gpg --import-options show-only --import
58 echo "Continue? [y/N]"
59 read y
60 if [ "$y" = "y" -o "$y" = "Y" ]; then
61 cat "$key" | gpg --import
62 gpg --expert --edit-key "$fpr" lsign quit
63 else
64 echo "Aborting"
65 exit 1
66 fi
67 fi
68done
69
70if nix show-config --json | jq -e '.sandbox.value == "true"' >/dev/null; then
71 cat <<-EOF
72 There used to be some impure derivations (grep __noChroot), you may need
73 sandbox = "relaxed"
74 in /etc/nix/nix.conf
75 you may also want to add
76 keep-outputs = true
77 keep-derivations = true
78 to prevent garbage collector from deleting build dependencies (they take a lot of time to build)
79 and
80 allow-import-from-derivation = false
81 as an attempt to avoid having build-time derivations (doesn’t work for all packages)
82 press key to continue
83 EOF
84 read y
85fi
86
87cat <<-EOF
88 All set up.
89 Please make sure you’re using make commands when deploying
90 EOF