#!/usr/bin/env nix-shell #!nix-shell -i bash # shellcheck shell=bash # shellcheck disable=2086 set -Eeuo pipefail cd "$(dirname "${BASH_SOURCE[0]}")" set -x USER_PASSWORD="$(cat ./secrets/base-image-old-password.txt)" export TLD='euandreh.xyz' # Idempotent init folders and permissions FOLDERS='/data/ /data/secrets/ /data/favicons/ /data/git/ /data/static/ci-logs/ /data/static/ci-logs/placeholder/ /data/nixos/ /data/static/logrotate/' echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S mkdir -p $FOLDERS echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S chown andreh:users $FOLDERS ssh "$TLD" touch /data/static/ci-logs/placeholder/f.log echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S chown -R andreh:users /data/ # Copy secrets and support files rsync -avzP secrets/passwords/ "${TLD}:/data/secrets/" rsync -avzP favicons/ "${TLD}:/data/favicons/" scp cgit-about.html "${TLD}:/data/git/about.html" scp ci-gen-index.sh "${TLD}:/data/static/ci-logs/ci-gen-index.sh" # Run nixos-rebuild envsubst < envsubst-configuration.nix | ssh "$TLD" 'cat > /data/nixos/envsubst-configuration.nix' scp vps-configuration.nix "${TLD}:/etc/nixos/configuration.nix" echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S nix-channel --add "https://nixos.org/channels/nixos-unstable" nixos echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S -i nixos-rebuild switch --upgrade ssh "$TLD" rm -rf /data/static/ci-logs/placeholder/