aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEuAndreh <eu@euandre.org>2020-08-15 16:37:19 -0300
committerEuAndreh <eu@euandre.org>2020-08-15 17:26:47 -0300
commitc7702080a9aecd7e2163deda306c82cbdc05f891 (patch)
tree8880f089a4510ce9107aabf504cd3764044cfca0
parentAdd generated Terraform files (diff)
downloadtoph-c7702080a9aecd7e2163deda306c82cbdc05f891.tar.gz
toph-c7702080a9aecd7e2163deda306c82cbdc05f891.tar.xz
Use new image with ownership of /etc/nixos/configuration.nix by user
Useful reference: - https://discourse.nixos.org/t/can-i-move-etc-nixos-to-my-dotfiles-and-symlink-it-back-to-etc-nixos/4833/10
-rw-r--r--README.md16
-rwxr-xr-xnixos-switch.sh2
l---------secrets/nix/5d05f383bcf61-snapshot-configuration.nix1
-rw-r--r--secrets/terraform/plan-files/2020-08-15T16:41:48-03:00.tfplanbin0 -> 2059 bytes
-rw-r--r--secrets/terraform/plan-files/2020-08-15T17:08:42-03:00.tfplanbin0 -> 2062 bytes
-rw-r--r--secrets/terraform/terraform.tfstatebin3054 -> 3048 bytes
-rw-r--r--secrets/terraform/terraform.tfstate.backupbin180 -> 180 bytes
-rw-r--r--vps.tf2
8 files changed, 12 insertions, 9 deletions
diff --git a/README.md b/README.md
index df4707a..578826e 100644
--- a/README.md
+++ b/README.md
@@ -60,14 +60,16 @@ The basic `configuration.nix` file in the current snapshots looks just like this
This basic setup allows it to boot, starts the OpenSSH server agent and allows
the listed `openssh.authorizedKeys.keys` to login.
-I've also changed the nix-channel to the `nixos-unstable` imperatively before
-creating the image snapshot:
+I've also changed the ownership of `/etc/nixos/configuration.nix` to allow my
+user to write to it by piping through SSH without trying some
+[non-working solutions like before][0]:
```shell
-sudo nix-channel --remove nixos
-sudo nix-channel --add https://nixos.org/channels/nixos-unstable nixos
+sudo chown andreh /etc/nixos/configuration.nix
```
-So the first run of `./nixos-update.sh` will already get the latest channel from
-unstable, which makes this image not tied to the particular original 19.09 NixOS
-distribution.
+With that `./nixos-update.sh` can write to the NixOS configuration file without
+running into issues with `sudo` password permissions through the SSH pipe while
+writing to stdin.
+
+[0]: https://git.sr.ht/~euandreh/vps/tree/a7983c859f3d8890e35c587176f497b73a7a7dc7/nixos-switch.sh#L7
diff --git a/nixos-switch.sh b/nixos-switch.sh
index 856acb4..6a75a69 100755
--- a/nixos-switch.sh
+++ b/nixos-switch.sh
@@ -4,6 +4,6 @@
set -Eeuo pipefail
cd "$(dirname "${BASH_SOURCE[0]}")"
-cat <(echo "${USER_PASSWORD}") <(envsubst < vps-configuration.env.nix) | ssh "$TLD" sudo -S 'cat > /etc/nixos/configuration.nix'
+envsubst < vps-configuration.env.nix | ssh "$TLD" 'cat > /etc/nixos/configuration.nix'
echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S nix-channel --add "https://nixos.org/channels/nixos-${SYSTEM_STATE_VERSION}" nixos
echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S -i nixos-rebuild switch --upgrade
diff --git a/secrets/nix/5d05f383bcf61-snapshot-configuration.nix b/secrets/nix/5d05f383bcf61-snapshot-configuration.nix
new file mode 120000
index 0000000..c59f37b
--- /dev/null
+++ b/secrets/nix/5d05f383bcf61-snapshot-configuration.nix
@@ -0,0 +1 @@
+e1d5f317b0f7a-snapshot-configuration.nix \ No newline at end of file
diff --git a/secrets/terraform/plan-files/2020-08-15T16:41:48-03:00.tfplan b/secrets/terraform/plan-files/2020-08-15T16:41:48-03:00.tfplan
new file mode 100644
index 0000000..0186490
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-08-15T16:41:48-03:00.tfplan
Binary files differ
diff --git a/secrets/terraform/plan-files/2020-08-15T17:08:42-03:00.tfplan b/secrets/terraform/plan-files/2020-08-15T17:08:42-03:00.tfplan
new file mode 100644
index 0000000..5563d6a
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-08-15T17:08:42-03:00.tfplan
Binary files differ
diff --git a/secrets/terraform/terraform.tfstate b/secrets/terraform/terraform.tfstate
index c7f646f..d90cfa2 100644
--- a/secrets/terraform/terraform.tfstate
+++ b/secrets/terraform/terraform.tfstate
Binary files differ
diff --git a/secrets/terraform/terraform.tfstate.backup b/secrets/terraform/terraform.tfstate.backup
index b52e698..9db7c42 100644
--- a/secrets/terraform/terraform.tfstate.backup
+++ b/secrets/terraform/terraform.tfstate.backup
Binary files differ
diff --git a/vps.tf b/vps.tf
index 3fa9e12..2754755 100644
--- a/vps.tf
+++ b/vps.tf
@@ -36,7 +36,7 @@ resource "vultr_server" "vps_server" {
# $ curl https://api.vultr.com/v1/plans/list?type=vc2 | jq '.["201"]'
plan_id = 201
# $ curl -H "API-Key: $TF_VAR_vultr_api_key" https://api.vultr.com/v1/snapshot/list | jq
- snapshot_id = "c565f318e4aea"
+ snapshot_id = "5d05f383bcf61"
}
output "public_ip" {