blob: b6b93b616943caffae5c05b77922f25d61ec7bcf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
#! /bin/sh
#
# copy-secrets system_name target
#
set -euf
system_name=$1
target=$2
nixos_config=$config_root/modules/$system_name
secrets_nix=$secrets_root/$system_name/nix
secrets_rsync=$secrets_root/$system_name/rsync
if ! test -e "$secrets_rsync"; then
exit # nothing to do
fi
retiolum_secret=$(nixos-query $system_name tv.retiolum.privateKeyFile)
retiolum_uid=$(nixos-query $system_name users.extraUsers.retiolum-tinc.uid)
ejabberd_secret=$(nixos-query $system_name services.ejabberd-cd.certFile)
ejabberd_uid=$(nixos-query $system_name users.extraUsers.ejabberd.uid)
rsync -cz --chown=0:0 -vr "$secrets_rsync/" "$target:/"
ssh "$target" -T <<EOF
set -euf
retiolum_secret=${retiolum_secret-}
retiolum_uid=${retiolum_uid-}
ejabberd_secret=${ejabberd_secret-}
ejabberd_uid=${ejabberd_uid-}
if test -n "\$retiolum_secret"; then
chown -v "\$retiolum_uid:0" "\$retiolum_secret"
fi
if test -n "\$ejabberd_secret"; then
chown -v "\$ejabberd_uid:0" "\$ejabberd_secret"
fi
EOF
|
