stockholm/bin/copy-secrets

#! /bin/sh
set -euf

host=$1

target=root@$host

nixos_config=$config_root/modules/$host
secrets_nix=$secrets_root/$host/nix
secrets_rsync=$secrets_root/$host/rsync

if ! test -e "$secrets_rsync"; then
  exit # nothing to do
fi

retiolum_secret=$(nixos-query $host services.retiolum.privateKeyFile)
retiolum_uid=$(nixos-query $host users.extraUsers.retiolum-tinc.uid)

ejabberd_secret=/etc/ejabberd/ejabberd.pem
ejabberd_uid=$(nixos-query $host users.extraUsers.ejabberd.uid)

rsync -cz --chown=0:0 -vr "$secrets_rsync/" "$target:/"

ssh "$target" -T <<EOF
set -euf
! test -f $retiolum_secret || chown -v $retiolum_uid:0 $retiolum_secret
! test -f $ejabberd_secret || chown -v $ejabberd_uid:0 $ejabberd_secret
EOF
next: initial commit 2015-05-21 20:33:16 +00:00			`#! /bin/sh`
			`set -euf`

			`host=$1`

			`target=root@$host`

			`nixos_config=$config_root/modules/$host`
			`secrets_nix=$secrets_root/$host/nix`
			`secrets_rsync=$secrets_root/$host/rsync`

			`if ! test -e "$secrets_rsync"; then`
			`exit # nothing to do`
			`fi`

deploy: merge next 2015-05-21 21:52:06 +00:00			`retiolum_secret=$(nixos-query $host services.retiolum.privateKeyFile)`
			`retiolum_uid=$(nixos-query $host users.extraUsers.retiolum-tinc.uid)`
next: initial commit 2015-05-21 20:33:16 +00:00
			`ejabberd_secret=/etc/ejabberd/ejabberd.pem`
deploy: merge next 2015-05-21 21:52:06 +00:00			`ejabberd_uid=$(nixos-query $host users.extraUsers.ejabberd.uid)`
next: initial commit 2015-05-21 20:33:16 +00:00
			`rsync -cz --chown=0:0 -vr "$secrets_rsync/" "$target:/"`

			`ssh "$target" -T <<EOF`
			`set -euf`
			`! test -f $retiolum_secret \|\| chown -v $retiolum_uid:0 $retiolum_secret`
			`! test -f $ejabberd_secret \|\| chown -v $ejabberd_uid:0 $ejabberd_secret`
			`EOF`