From 2d1985e42006c121eac4bd915bee3e436ebcd314 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 27 Sep 2015 15:18:54 +0200 Subject: infest: don't init contents of the NixOS channel --- krebs/3modules/build/default.nix | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'krebs/3modules/build') diff --git a/krebs/3modules/build/default.nix b/krebs/3modules/build/default.nix index d6ee5c917..19f14b486 100644 --- a/krebs/3modules/build/default.nix +++ b/krebs/3modules/build/default.nix @@ -67,12 +67,16 @@ let src=$(type -p nixos-install) cat_src() { sed < "$src" "$( - sed < "$src" -n ' - /^if ! test -e "\$mountPoint\/\$NIXOS_CONFIG/,/^fi$/= - /^nixpkgs=/= - /^NIX_PATH=/,/^$/{/./=} - ' \ - | sed 's:$:s/^/#krebs#/:' + { sed < "$src" -n ' + /^if ! test -e "\$mountPoint\/\$NIXOS_CONFIG/,/^fi$/= + /^nixpkgs=/= + /^NIX_PATH=/,/^$/{/./=} + + # Disable: Copy the NixOS/Nixpkgs sources to the target as + # the initial contents of the NixOS channel. + /^srcs=/,/^ln -sfn /= + ' + } | sed 's:$:s/^/#krebs#/:' )" } -- cgit v1.2.3 From 0e069d964e89248ee3f0df72c7e6998ae1c204ff Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 27 Sep 2015 16:30:40 +0200 Subject: add krebs.build.scripts.init --- krebs/3modules/build/default.nix | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) (limited to 'krebs/3modules/build') diff --git a/krebs/3modules/build/default.nix b/krebs/3modules/build/default.nix index 19f14b486..993ccb702 100644 --- a/krebs/3modules/build/default.nix +++ b/krebs/3modules/build/default.nix @@ -28,6 +28,46 @@ let type = types.user; }; + options.krebs.build.scripts.init = lib.mkOption { + type = lib.types.str; + default = + let + inherit (config.krebs.build) host; + inherit (host.ssh) privkey; + in + '' + #! /bin/sh + set -efu + + hostname=${host.name} + secrets_dir=${config.krebs.build.source.dir.secrets.path} + key_type=${privkey.type} + key_file=$secrets_dir/ssh.id_$key_type + key_comment=$hostname + + if test -e "$key_file"; then + echo "Warning: privkey already exists: $key_file" >&2 + else + ssh-keygen \ + ${optionalString (privkey.bits != null) + "-b ${toString privkey.bits}"} \ + -C "$key_comment" \ + -t "$key_type" \ + -f "$key_file" \ + -N "" + rm "$key_file.pub" + fi + + pubkey=$(ssh-keygen -y -f "$key_file") + + cat<; + ssh.pubkey = $(echo $pubkey | jq -R .); + EOF + ''; + }; + options.krebs.build.scripts.deploy = lib.mkOption { type = lib.types.str; default = '' -- cgit v1.2.3 From 4946561e0ae254df8068905286204a4da517621d Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 27 Sep 2015 16:55:17 +0200 Subject: krebs.build.scripts.init: don't try to use privkey ^_^ --- krebs/3modules/build/default.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'krebs/3modules/build') diff --git a/krebs/3modules/build/default.nix b/krebs/3modules/build/default.nix index 993ccb702..23bd8c8fd 100644 --- a/krebs/3modules/build/default.nix +++ b/krebs/3modules/build/default.nix @@ -33,7 +33,6 @@ let default = let inherit (config.krebs.build) host; - inherit (host.ssh) privkey; in '' #! /bin/sh @@ -41,7 +40,7 @@ let hostname=${host.name} secrets_dir=${config.krebs.build.source.dir.secrets.path} - key_type=${privkey.type} + key_type=ed25519 key_file=$secrets_dir/ssh.id_$key_type key_comment=$hostname @@ -49,8 +48,6 @@ let echo "Warning: privkey already exists: $key_file" >&2 else ssh-keygen \ - ${optionalString (privkey.bits != null) - "-b ${toString privkey.bits}"} \ -C "$key_comment" \ -t "$key_type" \ -f "$key_file" \ @@ -62,7 +59,6 @@ let cat<; ssh.pubkey = $(echo $pubkey | jq -R .); EOF ''; -- cgit v1.2.3