diff options
author | EuAndreh <eu@euandre.org> | 2020-08-15 16:37:19 -0300 |
---|---|---|
committer | EuAndreh <eu@euandre.org> | 2020-08-15 17:26:47 -0300 |
commit | c7702080a9aecd7e2163deda306c82cbdc05f891 (patch) | |
tree | 8880f089a4510ce9107aabf504cd3764044cfca0 | |
parent | Add generated Terraform files (diff) | |
download | toph-c7702080a9aecd7e2163deda306c82cbdc05f891.tar.gz toph-c7702080a9aecd7e2163deda306c82cbdc05f891.tar.xz |
Use new image with ownership of /etc/nixos/configuration.nix by user
Useful reference:
- https://discourse.nixos.org/t/can-i-move-etc-nixos-to-my-dotfiles-and-symlink-it-back-to-etc-nixos/4833/10
-rw-r--r-- | README.md | 16 | ||||
-rwxr-xr-x | nixos-switch.sh | 2 | ||||
l--------- | secrets/nix/5d05f383bcf61-snapshot-configuration.nix | 1 | ||||
-rw-r--r-- | secrets/terraform/plan-files/2020-08-15T16:41:48-03:00.tfplan | bin | 0 -> 2059 bytes | |||
-rw-r--r-- | secrets/terraform/plan-files/2020-08-15T17:08:42-03:00.tfplan | bin | 0 -> 2062 bytes | |||
-rw-r--r-- | secrets/terraform/terraform.tfstate | bin | 3054 -> 3048 bytes | |||
-rw-r--r-- | secrets/terraform/terraform.tfstate.backup | bin | 180 -> 180 bytes | |||
-rw-r--r-- | vps.tf | 2 |
8 files changed, 12 insertions, 9 deletions
@@ -60,14 +60,16 @@ The basic `configuration.nix` file in the current snapshots looks just like this This basic setup allows it to boot, starts the OpenSSH server agent and allows the listed `openssh.authorizedKeys.keys` to login. -I've also changed the nix-channel to the `nixos-unstable` imperatively before -creating the image snapshot: +I've also changed the ownership of `/etc/nixos/configuration.nix` to allow my +user to write to it by piping through SSH without trying some +[non-working solutions like before][0]: ```shell -sudo nix-channel --remove nixos -sudo nix-channel --add https://nixos.org/channels/nixos-unstable nixos +sudo chown andreh /etc/nixos/configuration.nix ``` -So the first run of `./nixos-update.sh` will already get the latest channel from -unstable, which makes this image not tied to the particular original 19.09 NixOS -distribution. +With that `./nixos-update.sh` can write to the NixOS configuration file without +running into issues with `sudo` password permissions through the SSH pipe while +writing to stdin. + +[0]: https://git.sr.ht/~euandreh/vps/tree/a7983c859f3d8890e35c587176f497b73a7a7dc7/nixos-switch.sh#L7 diff --git a/nixos-switch.sh b/nixos-switch.sh index 856acb4..6a75a69 100755 --- a/nixos-switch.sh +++ b/nixos-switch.sh @@ -4,6 +4,6 @@ set -Eeuo pipefail cd "$(dirname "${BASH_SOURCE[0]}")" -cat <(echo "${USER_PASSWORD}") <(envsubst < vps-configuration.env.nix) | ssh "$TLD" sudo -S 'cat > /etc/nixos/configuration.nix' +envsubst < vps-configuration.env.nix | ssh "$TLD" 'cat > /etc/nixos/configuration.nix' echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S nix-channel --add "https://nixos.org/channels/nixos-${SYSTEM_STATE_VERSION}" nixos echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S -i nixos-rebuild switch --upgrade diff --git a/secrets/nix/5d05f383bcf61-snapshot-configuration.nix b/secrets/nix/5d05f383bcf61-snapshot-configuration.nix new file mode 120000 index 0000000..c59f37b --- /dev/null +++ b/secrets/nix/5d05f383bcf61-snapshot-configuration.nix @@ -0,0 +1 @@ +e1d5f317b0f7a-snapshot-configuration.nix
\ No newline at end of file diff --git a/secrets/terraform/plan-files/2020-08-15T16:41:48-03:00.tfplan b/secrets/terraform/plan-files/2020-08-15T16:41:48-03:00.tfplan Binary files differnew file mode 100644 index 0000000..0186490 --- /dev/null +++ b/secrets/terraform/plan-files/2020-08-15T16:41:48-03:00.tfplan diff --git a/secrets/terraform/plan-files/2020-08-15T17:08:42-03:00.tfplan b/secrets/terraform/plan-files/2020-08-15T17:08:42-03:00.tfplan Binary files differnew file mode 100644 index 0000000..5563d6a --- /dev/null +++ b/secrets/terraform/plan-files/2020-08-15T17:08:42-03:00.tfplan diff --git a/secrets/terraform/terraform.tfstate b/secrets/terraform/terraform.tfstate Binary files differindex c7f646f..d90cfa2 100644 --- a/secrets/terraform/terraform.tfstate +++ b/secrets/terraform/terraform.tfstate diff --git a/secrets/terraform/terraform.tfstate.backup b/secrets/terraform/terraform.tfstate.backup Binary files differindex b52e698..9db7c42 100644 --- a/secrets/terraform/terraform.tfstate.backup +++ b/secrets/terraform/terraform.tfstate.backup @@ -36,7 +36,7 @@ resource "vultr_server" "vps_server" { # $ curl https://api.vultr.com/v1/plans/list?type=vc2 | jq '.["201"]' plan_id = 201 # $ curl -H "API-Key: $TF_VAR_vultr_api_key" https://api.vultr.com/v1/snapshot/list | jq - snapshot_id = "c565f318e4aea" + snapshot_id = "5d05f383bcf61" } output "public_ip" { |