aboutsummaryrefslogtreecommitdiff
path: root/scripts/ci/setup.sh
blob: b23b48fa3209eeef0cbd3e2256386b44805b07e7 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#!/usr/bin/env nix-shell
#!nix-shell -i bash ../../shell.nix
# shellcheck shell=bash
set -Eeuo pipefail
cd "$(dirname "${BASH_SOURCE[0]}")"
cd ../../

echo "Unlocking git-crypt repos and configuring git..."
git config --global user.email "ci@euandre.org"
git config --global user.name "sr.ht CI"

git crypt unlock
# Assumes vps-state was already cloned
pushd ../vps-state/
git crypt unlock
git remote set-url origin git@git.sr.ht:~euandreh/vps-state
popd
echo "Done."

# git smudge after git-crypt clears file permissions
chmod 400 ./secrets/ssh/vps-box-client
cat .envrc >> ~/.buildenv

source .envrc

SSH_SERVER_PRIVATE_KEY="$(cat ./secrets/ssh/vps-box-server)"
export SSH_SERVER_PRIVATE_KEY
SSH_SERVER_PUBLIC_KEY="$(cat ./secrets/ssh/vps-box-server.pub)"
export SSH_SERVER_PUBLIC_KEY

# Used for keeping bash variables for run-time substituion instead of execution time substitution.
# Taken from:
# https://stackoverflow.com/questions/24963705/is-there-an-escape-character-for-envsubst
export DOLLAR='$'

PUBLIC_KEY_ONLY="$(awk '{print $2}' < ./secrets/ssh/vps-box-server.pub)"
echo "${TLD},${PINNED_IP} ssh-rsa $(echo $SSH_SERVER_PUBLIC_KEY | awk '{print $2}')" > ./generated-known-hosts.txt
envsubst < ./ssh.env.conf >> ~/.ssh/config
envsubst < ./hosts.env > ./hosts
envsubst < ./docker-compose.env.yaml > ./docker-compose.yaml
envsubst < ./user-data.env.sh > ./user-data.sh
envsubst < ./scripts/box/create-backup.env.sh > ./scripts/box/create-backup.sh
envsubst < ./scripts/box/restore-backup.env.sh > ./scripts/box/restore-backup.sh