stockholm/bin/copy-secrets

55 lines
1.2 KiB
Plaintext
Raw Normal View History

2015-05-21 20:33:16 +00:00
#! /bin/sh
#
# copy-secrets system_name target
#
2015-05-21 20:33:16 +00:00
set -euf
system_name=$1
target=$2
2015-05-21 20:33:16 +00:00
nixos_config=$config_root/modules/$system_name
secrets_nix=$secrets_root/$system_name/nix
secrets_rsync=$secrets_root/$system_name/rsync
2015-05-21 20:33:16 +00:00
if ! test -e "$secrets_rsync"; then
exit # nothing to do
fi
2015-06-24 18:46:25 +00:00
# XXX this is ugly
# Notice NIX_PATH used from host
# Notice secrets required to evaluate configuration
NIX_PATH=$NIX_PATH:nixos-config=$PWD/modules/$system_name
NIX_PATH=$NIX_PATH:secrets=$PWD/secrets/$system_name/nix
export NIX_PATH
retiolum_secret=$(nixos-query tv.retiolum.privateKeyFile)
retiolum_uid=$(nixos-query users.extraUsers.retiolum-tinc.uid)
2015-06-24 18:46:25 +00:00
ejabberd_secret=$(nixos-query services.ejabberd-cd.certFile)
ejabberd_uid=$(nixos-query users.extraUsers.ejabberd.uid)
2015-05-21 20:33:16 +00:00
(set -x
rsync \
--rsync-path="mkdir -p \"$2\" && rsync" \
-vzrlptD \
"$secrets_rsync/" \
"$target:/")
2015-05-21 20:33:16 +00:00
ssh "$target" -T <<EOF
set -euf
retiolum_secret=${retiolum_secret-}
retiolum_uid=${retiolum_uid-}
ejabberd_secret=${ejabberd_secret-}
ejabberd_uid=${ejabberd_uid-}
if test -n "\$retiolum_secret"; then
chown -v "\$retiolum_uid:0" "\$retiolum_secret"
fi
if test -n "\$ejabberd_secret"; then
chown -v "\$ejabberd_uid:0" "\$ejabberd_secret"
fi
2015-05-21 20:33:16 +00:00
EOF