From 0e069d964e89248ee3f0df72c7e6998ae1c204ff Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 27 Sep 2015 16:30:40 +0200 Subject: add krebs.build.scripts.init --- krebs/3modules/build/default.nix | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) (limited to 'krebs/3modules/build') diff --git a/krebs/3modules/build/default.nix b/krebs/3modules/build/default.nix index 19f14b486..993ccb702 100644 --- a/krebs/3modules/build/default.nix +++ b/krebs/3modules/build/default.nix @@ -28,6 +28,46 @@ let type = types.user; }; + options.krebs.build.scripts.init = lib.mkOption { + type = lib.types.str; + default = + let + inherit (config.krebs.build) host; + inherit (host.ssh) privkey; + in + '' + #! /bin/sh + set -efu + + hostname=${host.name} + secrets_dir=${config.krebs.build.source.dir.secrets.path} + key_type=${privkey.type} + key_file=$secrets_dir/ssh.id_$key_type + key_comment=$hostname + + if test -e "$key_file"; then + echo "Warning: privkey already exists: $key_file" >&2 + else + ssh-keygen \ + ${optionalString (privkey.bits != null) + "-b ${toString privkey.bits}"} \ + -C "$key_comment" \ + -t "$key_type" \ + -f "$key_file" \ + -N "" + rm "$key_file.pub" + fi + + pubkey=$(ssh-keygen -y -f "$key_file") + + cat<; + ssh.pubkey = $(echo $pubkey | jq -R .); + EOF + ''; + }; + options.krebs.build.scripts.deploy = lib.mkOption { type = lib.types.str; default = '' -- cgit v1.2.3