diff options
Diffstat (limited to 'scripts/setup')
-rwxr-xr-x | scripts/setup | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/scripts/setup b/scripts/setup new file mode 100755 index 0000000..db0f353 --- /dev/null +++ b/scripts/setup | |||
@@ -0,0 +1,90 @@ | |||
1 | #!/usr/bin/env bash | ||
2 | |||
3 | set -euo pipefail | ||
4 | |||
5 | if ! which nix 2>/dev/null >/dev/null; then | ||
6 | cat <<-EOF | ||
7 | nix is needed, please install it: | ||
8 | > curl https://nixos.org/nix/install | sh | ||
9 | (or any other way handled by your distribution) | ||
10 | EOF | ||
11 | exit 1 | ||
12 | fi | ||
13 | |||
14 | if [ "${NIX_STORE:-/nix/store}" != "/nix/store" ]; then | ||
15 | cat <<-EOF | ||
16 | Nix store outside of /nix/store is not supported | ||
17 | EOF | ||
18 | exit 1 | ||
19 | fi | ||
20 | |||
21 | if ! which direnv 2>/dev/null >/dev/null; then | ||
22 | cat <<-EOF | ||
23 | direnv is needed, please install it | ||
24 | EOF | ||
25 | exit 1 | ||
26 | fi | ||
27 | |||
28 | if [ -z "$NIXOPS_ENV_LOADED" ]; then | ||
29 | cat <<-EOF | ||
30 | direnv environment needs to be loaded | ||
31 | EOF | ||
32 | exit 1 | ||
33 | fi | ||
34 | |||
35 | if [ "$(git config --get include.path)" != "../.gitconfig" ]; then | ||
36 | cat <<-EOF | ||
37 | it is recommended to include the .gitconfig file into (local) git configuration: | ||
38 | git config --local include.path '../.gitconfig' | ||
39 | Run this command? [y/N] | ||
40 | EOF | ||
41 | read y | ||
42 | if [ "$y" = "y" -o "$y" = "Y" ]; then | ||
43 | git config --local include.path '../.gitconfig' | ||
44 | fi | ||
45 | fi | ||
46 | |||
47 | for key in public_keys/*; do | ||
48 | fpr=$(cat "$key" | gpg --import-options show-only --import --with-colons | grep -e "^pub" | cut -d':' -f5) | ||
49 | gpg --list-key "$fpr" >/dev/null 2>/dev/null && imported=yes || imported=no | ||
50 | # /usr/share/doc/gnupg/DETAILS field 2 | ||
51 | (cat "$key" | gpg --import-options show-only --import --with-colons | | ||
52 | grep -E '^pub:' | | ||
53 | cut -d':' -f2 | | ||
54 | grep -q '[fu]') && signed=yes || signed=no | ||
55 | if [ "$signed" = no -o "$imported" = no ] ; then | ||
56 | echo "The key for $key needs to be imported and signed (a local signature is enough)" | ||
57 | cat "$key" | gpg --import-options show-only --import | ||
58 | echo "Continue? [y/N]" | ||
59 | read y | ||
60 | if [ "$y" = "y" -o "$y" = "Y" ]; then | ||
61 | cat "$key" | gpg --import | ||
62 | gpg --expert --edit-key "$fpr" lsign quit | ||
63 | else | ||
64 | echo "Aborting" | ||
65 | exit 1 | ||
66 | fi | ||
67 | fi | ||
68 | done | ||
69 | |||
70 | if nix show-config --json | jq -e '.sandbox.value == "true"' >/dev/null; then | ||
71 | cat <<-EOF | ||
72 | There used to be some impure derivations (grep __noChroot), you may need | ||
73 | sandbox = "relaxed" | ||
74 | in /etc/nix/nix.conf | ||
75 | you may also want to add | ||
76 | keep-outputs = true | ||
77 | keep-derivations = true | ||
78 | to prevent garbage collector from deleting build dependencies (they take a lot of time to build) | ||
79 | and | ||
80 | allow-import-from-derivation = false | ||
81 | as an attempt to avoid having build-time derivations (doesn’t work for all packages) | ||
82 | press key to continue | ||
83 | EOF | ||
84 | read y | ||
85 | fi | ||
86 | |||
87 | cat <<-EOF | ||
88 | All set up. | ||
89 | Please make sure you’re using make commands when deploying | ||
90 | EOF | ||