1 files changed, 90 insertions, 0 deletions
diff --git a/scripts/setup b/scripts/setup
new file mode 100755
index 0000000..db0f353
--- /dev/null
+++ b/scripts/setup
@@ -0,0 +1,90 @@
+#!/usr/bin/env bash
+set -euo pipefail
+if ! which nix 2>/dev/null >/dev/null; then
+  cat <<-EOF
+        nix is needed, please install it:
+        > curl https://nixos.org/nix/install | sh
+        (or any other way handled by your distribution)
+        EOF
+  exit 1
+fi
+if [ "${NIX_STORE:-/nix/store}" != "/nix/store" ]; then
+  cat <<-EOF
+        Nix store outside of /nix/store is not supported
+        EOF
+  exit 1
+fi
+if ! which direnv 2>/dev/null >/dev/null; then
+  cat <<-EOF
+        direnv is needed, please install it
+        EOF
+  exit 1
+fi
+if [ -z "$NIXOPS_ENV_LOADED" ]; then
+  cat <<-EOF
+        direnv environment needs to be loaded
+        EOF
+  exit 1
+fi
+if [ "$(git config --get include.path)" != "../.gitconfig" ]; then
+  cat <<-EOF
+        it is recommended to include the .gitconfig file into (local) git configuration:
+        git config --local include.path '../.gitconfig'
+        Run this command? [y/N]
+        EOF
+  read y
+  if [ "$y" = "y" -o "$y" = "Y" ]; then
+    git config --local include.path '../.gitconfig'
+  fi
+fi
+for key in public_keys/*; do
+  fpr=$(cat "$key" | gpg --import-options show-only --import --with-colons | grep -e "^pub" | cut -d':' -f5)
+  gpg --list-key "$fpr" >/dev/null 2>/dev/null && imported=yes || imported=no
+  # /usr/share/doc/gnupg/DETAILS field 2
+  (cat "$key" | gpg --import-options show-only --import --with-colons |
+      grep -E '^pub:' |
+      cut -d':' -f2 |
+      grep -q '[fu]') && signed=yes || signed=no
+  if [ "$signed" = no -o "$imported" = no ] ; then
+    echo "The key for $key needs to be imported and signed (a local signature is enough)"
+    cat "$key" | gpg --import-options show-only --import
+    echo "Continue? [y/N]"
+    read y
+    if [ "$y" = "y" -o "$y" = "Y" ]; then
+      cat "$key" | gpg --import
+      gpg --expert --edit-key "$fpr" lsign quit
+    else
+      echo "Aborting"
+      exit 1
+    fi
+  fi
+done
+if nix show-config --json | jq -e '.sandbox.value == "true"' >/dev/null; then
+  cat <<-EOF
+        There used to be some impure derivations (grep __noChroot), you may need
+          sandbox = "relaxed"
+        in /etc/nix/nix.conf
+        you may also want to add
+          keep-outputs = true
+          keep-derivations = true
+        to prevent garbage collector from deleting build dependencies (they take a lot of time to build)
+        and
+          allow-import-from-derivation = false
+        as an attempt to avoid having build-time derivations (doesn’t work for all packages)
+        press key to continue
+        EOF
+  read y
+fi
+cat <<-EOF
+        All set up.
+        Please make sure you’re using make commands when deploying
+        EOF

diff --git a/scripts/setup b/scripts/setup new file mode 100755 index 0000000..db0f353 --- /dev/null +++ b/scripts/setup
@@ -0,0 +1,90 @@
	1	#!/usr/bin/env bash
	2
	3	set -euo pipefail
	4
	5	if ! which nix 2>/dev/null >/dev/null; then
	6	cat <<-EOF
	7	nix is needed, please install it:
	8	> curl https://nixos.org/nix/install \| sh
	9	(or any other way handled by your distribution)
	10	EOF
	11	exit 1
	12	fi
	13
	14	if [ "${NIX_STORE:-/nix/store}" != "/nix/store" ]; then
	15	cat <<-EOF
	16	Nix store outside of /nix/store is not supported
	17	EOF
	18	exit 1
	19	fi
	20
	21	if ! which direnv 2>/dev/null >/dev/null; then
	22	cat <<-EOF
	23	direnv is needed, please install it
	24	EOF
	25	exit 1
	26	fi
	27
	28	if [ -z "$NIXOPS_ENV_LOADED" ]; then
	29	cat <<-EOF
	30	direnv environment needs to be loaded
	31	EOF
	32	exit 1
	33	fi
	34
	35	if [ "$(git config --get include.path)" != "../.gitconfig" ]; then
	36	cat <<-EOF
	37	it is recommended to include the .gitconfig file into (local) git configuration:
	38	git config --local include.path '../.gitconfig'
	39	Run this command? [y/N]
	40	EOF
	41	read y
	42	if [ "$y" = "y" -o "$y" = "Y" ]; then
	43	git config --local include.path '../.gitconfig'
	44	fi
	45	fi
	46
	47	for key in public_keys/*; do
	48	fpr=$(cat "$key" \| gpg --import-options show-only --import --with-colons \| grep -e "^pub" \| cut -d':' -f5)
	49	gpg --list-key "$fpr" >/dev/null 2>/dev/null && imported=yes \|\| imported=no
	50	# /usr/share/doc/gnupg/DETAILS field 2
	51	(cat "$key" \| gpg --import-options show-only --import --with-colons \|
	52	grep -E '^pub:' \|
	53	cut -d':' -f2 \|
	54	grep -q '[fu]') && signed=yes \|\| signed=no
	55	if [ "$signed" = no -o "$imported" = no ] ; then
	56	echo "The key for $key needs to be imported and signed (a local signature is enough)"
	57	cat "$key" \| gpg --import-options show-only --import
	58	echo "Continue? [y/N]"
	59	read y
	60	if [ "$y" = "y" -o "$y" = "Y" ]; then
	61	cat "$key" \| gpg --import
	62	gpg --expert --edit-key "$fpr" lsign quit
	63	else
	64	echo "Aborting"
	65	exit 1
	66	fi
	67	fi
	68	done
	69
	70	if nix show-config --json \| jq -e '.sandbox.value == "true"' >/dev/null; then
	71	cat <<-EOF
	72	There used to be some impure derivations (grep __noChroot), you may need
	73	sandbox = "relaxed"
	74	in /etc/nix/nix.conf
	75	you may also want to add
	76	keep-outputs = true
	77	keep-derivations = true
	78	to prevent garbage collector from deleting build dependencies (they take a lot of time to build)
	79	and
	80	allow-import-from-derivation = false
	81	as an attempt to avoid having build-time derivations (doesn’t work for all packages)
	82	press key to continue
	83	EOF
	84	read y
	85	fi
	86
	87	cat <<-EOF
	88	All set up.
	89	Please make sure you’re using make commands when deploying
	90	EOF