diff options
| author | EuAndreh <eu@euandre.org> | 2020-09-06 09:53:58 -0300 |
|---|---|---|
| committer | EuAndreh <eu@euandre.org> | 2020-09-06 15:48:45 -0300 |
| commit | 3f1d7201bfc46ff9edaa109bc41b59908f99c23b (patch) | |
| tree | 30c89f1f19c156c044855839b62ea3eeca0a739a /nixos-switch.sh | |
| parent | nixos-switch.sh: Decouple the update of pires app from deploying the VPS (diff) | |
| download | server-3f1d7201bfc46ff9edaa109bc41b59908f99c23b.tar.gz server-3f1d7201bfc46ff9edaa109bc41b59908f99c23b.tar.xz | |
Refactor vps-configuration.nix: Split secrets from config and envsubst vars
Also rename thingTLD to thingDomain.
Diffstat (limited to 'nixos-switch.sh')
| -rwxr-xr-x | nixos-switch.sh | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/nixos-switch.sh b/nixos-switch.sh index dc7797d..e704437 100755 --- a/nixos-switch.sh +++ b/nixos-switch.sh @@ -4,13 +4,33 @@ set -Eeuo pipefail cd "$(dirname "${BASH_SOURCE[0]}")" -envsubst < vps-configuration.env.nix | ssh "$TLD" 'cat > /etc/nixos/configuration.nix' +if [[ "${1:-}" = '--bootstrap' ]]; then + USER_PASSWORD="$(cat ./secrets/base-image-old-password.txt)" +else + USER_PASSWORD="$(cat ./secrets/user-password.txt)" +fi + +# Copy secrets +echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S "\ +sudo mkdir -p ${SECRETS_ROOT}; \ +sudo chown -R ${USER_NAME}:users ${SECRETS_ROOT}/; \ +sudo chmod 700 ${SECRETS_ROOT}/; \ +sudo touch /etc/nixos/envsubst-configuration.nix; \ +sudo chown -R ${USER_NAME}:users /etc/nixos/envsubst-configuration.nix;" +rsync -avzP secrets/passwords/ "${TLD}:${SECRETS_ROOT}/" +envsubst < envsubst-configuration.nix | ssh "$TLD" 'cat > /etc/nixos/envsubst-configuration.nix' +echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S "\ +sudo chown nextcloud:users ${SECRETS_ROOT}/nextcloud-admin.txt; \ +sudo chown nextcloud:users ${SECRETS_ROOT}/nextcloud-database.txt;" + +# Run nixos-rebuild +scp vps-configuration.nix "${TLD}:/etc/nixos/configuration.nix" echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S nix-channel --add "https://nixos.org/channels/nixos-${SYSTEM_STATE_VERSION}" nixos echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S -i nixos-rebuild switch --upgrade -ssh "${TLD}" rm -rf "${DATA_ROOT}/favicons/" -rsync -avzP favicons/ "${TLD}:${DATA_ROOT}/favicons/" - +# Copy support files +ssh "${TLD}" rm -rf "${FAVICONS_ROOT}/" +rsync -avzP favicons/ "${TLD}:${FAVICONS_ROOT}/" scp cgit-about.html "${TLD}:${GIT_ROOT}/about.html" scp ci-gen-index.sh "${TLD}:${CI_LOGS_ROOT}/ci-gen-index.sh" scp bash-profile.sh "${TLD}:.bash_profile" |