diff options
-rw-r--r-- | README.md | 16 | ||||
-rwxr-xr-x | nixos-switch.sh | 2 | ||||
l--------- | secrets/nix/5d05f383bcf61-snapshot-configuration.nix | 1 | ||||
-rw-r--r-- | secrets/terraform/plan-files/2020-08-15T16:41:48-03:00.tfplan | bin | 0 -> 2059 bytes | |||
-rw-r--r-- | secrets/terraform/plan-files/2020-08-15T17:08:42-03:00.tfplan | bin | 0 -> 2062 bytes | |||
-rw-r--r-- | secrets/terraform/terraform.tfstate | bin | 3054 -> 3048 bytes | |||
-rw-r--r-- | secrets/terraform/terraform.tfstate.backup | bin | 180 -> 180 bytes | |||
-rw-r--r-- | vps.tf | 2 |
8 files changed, 12 insertions, 9 deletions
@@ -60,14 +60,16 @@ The basic `configuration.nix` file in the current snapshots looks just like this This basic setup allows it to boot, starts the OpenSSH server agent and allows the listed `openssh.authorizedKeys.keys` to login. -I've also changed the nix-channel to the `nixos-unstable` imperatively before -creating the image snapshot: +I've also changed the ownership of `/etc/nixos/configuration.nix` to allow my +user to write to it by piping through SSH without trying some +[non-working solutions like before][0]: ```shell -sudo nix-channel --remove nixos -sudo nix-channel --add https://nixos.org/channels/nixos-unstable nixos +sudo chown andreh /etc/nixos/configuration.nix ``` -So the first run of `./nixos-update.sh` will already get the latest channel from -unstable, which makes this image not tied to the particular original 19.09 NixOS -distribution. +With that `./nixos-update.sh` can write to the NixOS configuration file without +running into issues with `sudo` password permissions through the SSH pipe while +writing to stdin. + +[0]: https://git.sr.ht/~euandreh/vps/tree/a7983c859f3d8890e35c587176f497b73a7a7dc7/nixos-switch.sh#L7 diff --git a/nixos-switch.sh b/nixos-switch.sh index 856acb4..6a75a69 100755 --- a/nixos-switch.sh +++ b/nixos-switch.sh @@ -4,6 +4,6 @@ set -Eeuo pipefail cd "$(dirname "${BASH_SOURCE[0]}")" -cat <(echo "${USER_PASSWORD}") <(envsubst < vps-configuration.env.nix) | ssh "$TLD" sudo -S 'cat > /etc/nixos/configuration.nix' +envsubst < vps-configuration.env.nix | ssh "$TLD" 'cat > /etc/nixos/configuration.nix' echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S nix-channel --add "https://nixos.org/channels/nixos-${SYSTEM_STATE_VERSION}" nixos echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S -i nixos-rebuild switch --upgrade diff --git a/secrets/nix/5d05f383bcf61-snapshot-configuration.nix b/secrets/nix/5d05f383bcf61-snapshot-configuration.nix new file mode 120000 index 0000000..c59f37b --- /dev/null +++ b/secrets/nix/5d05f383bcf61-snapshot-configuration.nix @@ -0,0 +1 @@ +e1d5f317b0f7a-snapshot-configuration.nix
\ No newline at end of file diff --git a/secrets/terraform/plan-files/2020-08-15T16:41:48-03:00.tfplan b/secrets/terraform/plan-files/2020-08-15T16:41:48-03:00.tfplan Binary files differnew file mode 100644 index 0000000..0186490 --- /dev/null +++ b/secrets/terraform/plan-files/2020-08-15T16:41:48-03:00.tfplan diff --git a/secrets/terraform/plan-files/2020-08-15T17:08:42-03:00.tfplan b/secrets/terraform/plan-files/2020-08-15T17:08:42-03:00.tfplan Binary files differnew file mode 100644 index 0000000..5563d6a --- /dev/null +++ b/secrets/terraform/plan-files/2020-08-15T17:08:42-03:00.tfplan diff --git a/secrets/terraform/terraform.tfstate b/secrets/terraform/terraform.tfstate Binary files differindex c7f646f..d90cfa2 100644 --- a/secrets/terraform/terraform.tfstate +++ b/secrets/terraform/terraform.tfstate diff --git a/secrets/terraform/terraform.tfstate.backup b/secrets/terraform/terraform.tfstate.backup Binary files differindex b52e698..9db7c42 100644 --- a/secrets/terraform/terraform.tfstate.backup +++ b/secrets/terraform/terraform.tfstate.backup @@ -36,7 +36,7 @@ resource "vultr_server" "vps_server" { # $ curl https://api.vultr.com/v1/plans/list?type=vc2 | jq '.["201"]' plan_id = 201 # $ curl -H "API-Key: $TF_VAR_vultr_api_key" https://api.vultr.com/v1/snapshot/list | jq - snapshot_id = "c565f318e4aea" + snapshot_id = "5d05f383bcf61" } output "public_ip" { |