blob: 36854eaf1e8d500542c01cd71608343e77ef1384 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
#! /bin/sh
set -euf
host=$1
target=root@$host
nixos_config=$config_root/modules/$host
secrets_nix=$secrets_root/$host/nix
secrets_rsync=$secrets_root/$host/rsync
if ! test -e "$secrets_rsync"; then
exit # nothing to do
fi
retiolum_secret=$(nixos-query $host services.retiolum.privateKeyFile)
retiolum_uid=$(nixos-query $host users.extraUsers.retiolum-tinc.uid)
ejabberd_secret=/etc/ejabberd/ejabberd.pem
ejabberd_uid=$(nixos-query $host users.extraUsers.ejabberd.uid)
rsync -cz --chown=0:0 -vr "$secrets_rsync/" "$target:/"
ssh "$target" -T <<EOF
set -euf
! test -f $retiolum_secret || chown -v $retiolum_uid:0 $retiolum_secret
! test -f $ejabberd_secret || chown -v $ejabberd_uid:0 $ejabberd_secret
EOF
|
