diff options
author | tv <tv@shackspace.de> | 2015-09-27 16:30:40 +0200 |
---|---|---|
committer | tv <tv@shackspace.de> | 2015-09-27 16:37:20 +0200 |
commit | 0e069d964e89248ee3f0df72c7e6998ae1c204ff (patch) | |
tree | 70f574edf5334bd556154b601d280760573e2f25 | |
parent | 48e28c49e06c903c58ac1e1d7eebfba5aab73723 (diff) |
add krebs.build.scripts.init
-rw-r--r-- | krebs/3modules/build/default.nix | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/krebs/3modules/build/default.nix b/krebs/3modules/build/default.nix index 19f14b486..993ccb702 100644 --- a/krebs/3modules/build/default.nix +++ b/krebs/3modules/build/default.nix @@ -28,6 +28,46 @@ let type = types.user; }; + options.krebs.build.scripts.init = lib.mkOption { + type = lib.types.str; + default = + let + inherit (config.krebs.build) host; + inherit (host.ssh) privkey; + in + '' + #! /bin/sh + set -efu + + hostname=${host.name} + secrets_dir=${config.krebs.build.source.dir.secrets.path} + key_type=${privkey.type} + key_file=$secrets_dir/ssh.id_$key_type + key_comment=$hostname + + if test -e "$key_file"; then + echo "Warning: privkey already exists: $key_file" >&2 + else + ssh-keygen \ + ${optionalString (privkey.bits != null) + "-b ${toString privkey.bits}"} \ + -C "$key_comment" \ + -t "$key_type" \ + -f "$key_file" \ + -N "" + rm "$key_file.pub" + fi + + pubkey=$(ssh-keygen -y -f "$key_file") + + cat<<EOF + # put following into config.krebs.hosts.$hostname: + ssh.privkey = <secrets/ssh.id_$key_type>; + ssh.pubkey = $(echo $pubkey | jq -R .); + EOF + ''; + }; + options.krebs.build.scripts.deploy = lib.mkOption { type = lib.types.str; default = '' |