2015-05-21 20:33:16 +00:00
|
|
|
#! /bin/sh
|
2015-06-14 18:57:19 +00:00
|
|
|
#
|
|
|
|
# copy-secrets system_name target
|
|
|
|
#
|
2015-05-21 20:33:16 +00:00
|
|
|
set -euf
|
|
|
|
|
2015-06-14 18:57:19 +00:00
|
|
|
system_name=$1
|
|
|
|
target=$2
|
2015-05-21 20:33:16 +00:00
|
|
|
|
2015-06-14 18:57:19 +00:00
|
|
|
nixos_config=$config_root/modules/$system_name
|
|
|
|
secrets_nix=$secrets_root/$system_name/nix
|
|
|
|
secrets_rsync=$secrets_root/$system_name/rsync
|
2015-05-21 20:33:16 +00:00
|
|
|
|
|
|
|
if ! test -e "$secrets_rsync"; then
|
|
|
|
exit # nothing to do
|
|
|
|
fi
|
|
|
|
|
2015-06-22 18:11:02 +00:00
|
|
|
retiolum_secret=$(nixos-query $system_name tv.retiolum.privateKeyFile)
|
2015-06-14 18:57:19 +00:00
|
|
|
retiolum_uid=$(nixos-query $system_name users.extraUsers.retiolum-tinc.uid)
|
2015-05-21 20:33:16 +00:00
|
|
|
|
2015-06-24 16:38:44 +00:00
|
|
|
ejabberd_secret=$(nixos-query $system_name services.ejabberd-cd.certFile)
|
2015-06-14 18:57:19 +00:00
|
|
|
ejabberd_uid=$(nixos-query $system_name users.extraUsers.ejabberd.uid)
|
2015-05-21 20:33:16 +00:00
|
|
|
|
2015-06-24 18:19:59 +00:00
|
|
|
(set -x
|
|
|
|
rsync \
|
|
|
|
--rsync-path="mkdir -p \"$2\" && rsync" \
|
|
|
|
-vzrlptD \
|
|
|
|
"$secrets_rsync/" \
|
|
|
|
"$target:/")
|
2015-05-21 20:33:16 +00:00
|
|
|
|
|
|
|
ssh "$target" -T <<EOF
|
|
|
|
set -euf
|
2015-06-24 18:16:21 +00:00
|
|
|
|
|
|
|
retiolum_secret=${retiolum_secret-}
|
|
|
|
retiolum_uid=${retiolum_uid-}
|
|
|
|
ejabberd_secret=${ejabberd_secret-}
|
|
|
|
ejabberd_uid=${ejabberd_uid-}
|
|
|
|
|
|
|
|
if test -n "\$retiolum_secret"; then
|
|
|
|
chown -v "\$retiolum_uid:0" "\$retiolum_secret"
|
|
|
|
fi
|
|
|
|
|
|
|
|
if test -n "\$ejabberd_secret"; then
|
|
|
|
chown -v "\$ejabberd_uid:0" "\$ejabberd_secret"
|
|
|
|
fi
|
|
|
|
|
2015-05-21 20:33:16 +00:00
|
|
|
EOF
|