From 153422f74b1ed5cae37c9424514a9e9d1f79acb4 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 11 Jul 2015 19:44:12 +0200 Subject: move old stuff --- old/bin/copy-secrets | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100755 old/bin/copy-secrets (limited to 'old/bin/copy-secrets') diff --git a/old/bin/copy-secrets b/old/bin/copy-secrets new file mode 100755 index 0000000..f404935 --- /dev/null +++ b/old/bin/copy-secrets @@ -0,0 +1,69 @@ +#! /bin/sh +# +# copy-secrets system_name target +# +set -euf + +system_name=$1 +target=$2 + +nixos_config=$config_root/modules/$system_name +secrets_nix=$secrets_root/$system_name/nix +secrets_rsync=$secrets_root/$system_name/rsync + +if ! test -e "$secrets_rsync"; then + exit # nothing to do +fi + +# XXX this is ugly +# Notice NIX_PATH used from host +# Notice secrets required to evaluate configuration +NIX_PATH=$NIX_PATH:nixos-config=$PWD/modules/$system_name +NIX_PATH=$NIX_PATH:secrets=$PWD/secrets/$system_name/nix +export NIX_PATH + +case $(nixos-query tv.retiolum.enable 2>/dev/null) in true) + retiolum_secret=$(nixos-query tv.retiolum.privateKeyFile) + retiolum_uid=$(nixos-query users.extraUsers.retiolum-tinc.uid) +esac + +case $(nixos-query services.ejabberd-cd.enable 2>/dev/null) in true) + ejabberd_secret=$(nixos-query services.ejabberd-cd.certFile) + ejabberd_uid=$(nixos-query users.extraUsers.ejabberd.uid) +esac + +case $(nixos-query tv.consul.enable 2>/dev/null) in true) + consul_secret=$(nixos-query tv.consul.encrypt-file) + consul_uid=$(nixos-query users.extraUsers.consul.uid) +esac + +(set -x + rsync \ + --rsync-path="mkdir -p \"$2\" && rsync" \ + -vzrlptD \ + "$secrets_rsync/" \ + "$target:/") + +ssh "$target" -T <