diff options
author | tv <tv@krebsco.de> | 2015-05-21 23:52:06 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2015-05-21 23:52:06 +0200 |
commit | bb46e52bb239f9b0962ff441d5a8f037b1ef1eaf (patch) | |
tree | 826235e1b776665ab32ee787bb96cd3b6f519d95 /bin/copy-secrets | |
parent | 42d10d883a720a63753568a6fa2d12790e9310c6 (diff) |
deploy: merge next
Diffstat (limited to 'bin/copy-secrets')
-rwxr-xr-x | bin/copy-secrets | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/bin/copy-secrets b/bin/copy-secrets new file mode 100755 index 0000000..36854ea --- /dev/null +++ b/bin/copy-secrets @@ -0,0 +1,28 @@ +#! /bin/sh +set -euf + +host=$1 + +target=root@$host + +nixos_config=$config_root/modules/$host +secrets_nix=$secrets_root/$host/nix +secrets_rsync=$secrets_root/$host/rsync + +if ! test -e "$secrets_rsync"; then + exit # nothing to do +fi + +retiolum_secret=$(nixos-query $host services.retiolum.privateKeyFile) +retiolum_uid=$(nixos-query $host users.extraUsers.retiolum-tinc.uid) + +ejabberd_secret=/etc/ejabberd/ejabberd.pem +ejabberd_uid=$(nixos-query $host users.extraUsers.ejabberd.uid) + +rsync -cz --chown=0:0 -vr "$secrets_rsync/" "$target:/" + +ssh "$target" -T <<EOF +set -euf +! test -f $retiolum_secret || chown -v $retiolum_uid:0 $retiolum_secret +! test -f $ejabberd_secret || chown -v $ejabberd_uid:0 $ejabberd_secret +EOF |