pkgs/nixfiles: Move utility scripts to pkgs
This commit is contained in:
15
pkgs/nixfiles/nixfiles-add-secret.sh
Executable file
15
pkgs/nixfiles/nixfiles-add-secret.sh
Executable file
@@ -0,0 +1,15 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
cd $(git rev-parse --show-toplevel)
|
||||
|
||||
host=$1
|
||||
secret=$2
|
||||
|
||||
mkdir -p hosts/${host}/secrets
|
||||
|
||||
nix run github:ryantm/agenix -- -e hosts/${host}/secrets/new
|
||||
|
||||
mv hosts/${host}/secrets/new hosts/${host}/secrets/${secret}.age
|
||||
|
||||
32
pkgs/nixfiles/nixfiles-generate-backup-secrets.sh
Executable file
32
pkgs/nixfiles/nixfiles-generate-backup-secrets.sh
Executable file
@@ -0,0 +1,32 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
cd $(git rev-parse --show-toplevel)
|
||||
|
||||
host=$1
|
||||
|
||||
job_main=$(nix run nixpkgs#pwgen -- -1 64 1)
|
||||
target_cyan=$(nix run nixpkgs#pwgen -- -1 64 1)
|
||||
target_cyan_htpasswd=$(nix shell nixpkgs#apacheHttpd -c htpasswd -nbB ${host} ${target_cyan})
|
||||
target_magenta=$(nix run nixpkgs#pwgen -- -1 64 1)
|
||||
target_magenta_htpasswd=$(nix shell nixpkgs#apacheHttpd -c htpasswd -nbB ${host} ${target_magenta})
|
||||
|
||||
mkdir -p hosts/${host}/secrets
|
||||
|
||||
echo "$job_main" | nix run github:ryantm/agenix -- -e hosts/${host}/secrets/new
|
||||
mv hosts/${host}/secrets/new hosts/${host}/secrets/clerie-backup-job-main.age
|
||||
|
||||
echo "$target_cyan" | nix run github:ryantm/agenix -- -e hosts/${host}/secrets/new
|
||||
mv hosts/${host}/secrets/new hosts/${host}/secrets/clerie-backup-target-cyan.age
|
||||
|
||||
echo "$target_magenta" | nix run github:ryantm/agenix -- -e hosts/${host}/secrets/new
|
||||
mv hosts/${host}/secrets/new hosts/${host}/secrets/clerie-backup-target-magenta.age
|
||||
|
||||
prev_htpasswd_cyan=$(nix run github:ryantm/agenix -- -d hosts/clerie-backup/secrets/restic-server-cyan-htpasswd.age)
|
||||
cat <(echo "$prev_htpasswd_cyan") <(echo "$target_cyan_htpasswd") | nix run github:ryantm/agenix -- -e hosts/clerie-backup/secrets/new
|
||||
mv hosts/clerie-backup/secrets/new hosts/clerie-backup/secrets/restic-server-cyan-htpasswd.age
|
||||
|
||||
prev_htpasswd_magenta=$(nix run github:ryantm/agenix -- -d hosts/backup-4/secrets/restic-server-magenta-htpasswd.age)
|
||||
cat <(echo "$prev_htpasswd_magenta") <(echo "$target_magenta_htpasswd") | nix run github:ryantm/agenix -- -e hosts/backup-4/secrets/new
|
||||
mv hosts/backup-4/secrets/new hosts/backup-4/secrets/restic-server-magenta-htpasswd.age
|
||||
8
pkgs/nixfiles/nixfiles-update-ssh-host-keys.sh
Executable file
8
pkgs/nixfiles/nixfiles-update-ssh-host-keys.sh
Executable file
@@ -0,0 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
cd $(git rev-parse --show-toplevel)
|
||||
|
||||
for host in $(nix eval --apply 'attrs: builtins.concatStringsSep "\n" (builtins.filter (name: (builtins.substring 0 1 name) != "_") (builtins.attrNames attrs))' --raw .#clerie.hosts); do
|
||||
echo $host
|
||||
ssh-keyscan -t ed25519 ${host}.net.clerie.de 2>/dev/null | sed -E 's/(\S+) (.+)/\2/g' > hosts/${host}/ssh.pub
|
||||
done
|
||||
Reference in New Issue
Block a user