Compare commits
2 Commits
553542071d
...
6322949026
Author | SHA1 | Date | |
---|---|---|---|
6322949026 | |||
cf63ea90ac |
@ -1,15 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
cd $(git rev-parse --show-toplevel)
|
||||
|
||||
host=$1
|
||||
secret=$2
|
||||
|
||||
mkdir -p hosts/${host}/secrets
|
||||
|
||||
nix run github:ryantm/agenix -- -e hosts/${host}/secrets/new
|
||||
|
||||
mv hosts/${host}/secrets/new hosts/${host}/secrets/${secret}.age
|
||||
|
@ -1,32 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
cd $(git rev-parse --show-toplevel)
|
||||
|
||||
host=$1
|
||||
|
||||
job_main=$(nix run nixpkgs#pwgen -- -1 64 1)
|
||||
target_cyan=$(nix run nixpkgs#pwgen -- -1 64 1)
|
||||
target_cyan_htpasswd=$(nix shell nixpkgs#apacheHttpd -c htpasswd -nbB ${host} ${target_cyan})
|
||||
target_magenta=$(nix run nixpkgs#pwgen -- -1 64 1)
|
||||
target_magenta_htpasswd=$(nix shell nixpkgs#apacheHttpd -c htpasswd -nbB ${host} ${target_magenta})
|
||||
|
||||
mkdir -p hosts/${host}/secrets
|
||||
|
||||
echo "$job_main" | nix run github:ryantm/agenix -- -e hosts/${host}/secrets/new
|
||||
mv hosts/${host}/secrets/new hosts/${host}/secrets/clerie-backup-job-main.age
|
||||
|
||||
echo "$target_cyan" | nix run github:ryantm/agenix -- -e hosts/${host}/secrets/new
|
||||
mv hosts/${host}/secrets/new hosts/${host}/secrets/clerie-backup-target-cyan.age
|
||||
|
||||
echo "$target_magenta" | nix run github:ryantm/agenix -- -e hosts/${host}/secrets/new
|
||||
mv hosts/${host}/secrets/new hosts/${host}/secrets/clerie-backup-target-magenta.age
|
||||
|
||||
prev_htpasswd_cyan=$(nix run github:ryantm/agenix -- -d hosts/clerie-backup/secrets/restic-server-cyan-htpasswd.age)
|
||||
cat <(echo "$prev_htpasswd_cyan") <(echo "$target_cyan_htpasswd") | nix run github:ryantm/agenix -- -e hosts/clerie-backup/secrets/new
|
||||
mv hosts/clerie-backup/secrets/new hosts/clerie-backup/secrets/restic-server-cyan-htpasswd.age
|
||||
|
||||
prev_htpasswd_magenta=$(nix run github:ryantm/agenix -- -d hosts/backup-4/secrets/restic-server-magenta-htpasswd.age)
|
||||
cat <(echo "$prev_htpasswd_magenta") <(echo "$target_magenta_htpasswd") | nix run github:ryantm/agenix -- -e hosts/backup-4/secrets/new
|
||||
mv hosts/backup-4/secrets/new hosts/backup-4/secrets/restic-server-magenta-htpasswd.age
|
11
flake.nix
11
flake.nix
@ -26,7 +26,7 @@
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
outputs = { self, nixpkgs, nixos-hardware, chaosevents, fernglas, nixos-exporter, solid-xmpp-alarm, ... }@inputs: let
|
||||
outputs = { self, agenix, nixpkgs, nixos-hardware, chaosevents, fernglas, nixos-exporter, solid-xmpp-alarm, ... }@inputs: let
|
||||
helper = (import ./lib/flake-helper.nix) inputs;
|
||||
in {
|
||||
clerie.hosts = {
|
||||
@ -86,6 +86,12 @@
|
||||
pkgs = import nixpkgs {
|
||||
overlays = [
|
||||
(import ./pkgs/overlay.nix)
|
||||
(_: _: {
|
||||
inherit (agenix.packages."x86_64-linux")
|
||||
agenix;
|
||||
inherit (chaosevents.packages."x86_64-linux")
|
||||
chaosevents;
|
||||
})
|
||||
];
|
||||
system = "x86_64-linux";
|
||||
};
|
||||
@ -94,7 +100,10 @@
|
||||
anycast_healthchecker
|
||||
flask-excel
|
||||
iot-data
|
||||
nixfiles-add-secret
|
||||
nixfiles-generate-backup-secrets
|
||||
nixfiles-updated-inputs
|
||||
nixfiles-update-ssh-host-keys
|
||||
pyexcel-xlsx
|
||||
pyexcel-webio
|
||||
uptimestatus
|
||||
|
11
pkgs/nixfiles/nixfiles-add-secret.nix
Normal file
11
pkgs/nixfiles/nixfiles-add-secret.nix
Normal file
@ -0,0 +1,11 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
pkgs.writeShellApplication {
|
||||
name = "nixfiles-add-secret";
|
||||
text = builtins.readFile ./nixfiles-add-secret.sh;
|
||||
runtimeInputs = with pkgs; [
|
||||
agenix
|
||||
git
|
||||
];
|
||||
}
|
||||
|
15
pkgs/nixfiles/nixfiles-add-secret.sh
Executable file
15
pkgs/nixfiles/nixfiles-add-secret.sh
Executable file
@ -0,0 +1,15 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
cd "$(git rev-parse --show-toplevel)"
|
||||
|
||||
host="$1"
|
||||
secret="$2"
|
||||
|
||||
mkdir -p "hosts/${host}/secrets"
|
||||
|
||||
agenix -e "hosts/${host}/secrets/new"
|
||||
|
||||
mv "hosts/${host}/secrets/new" "hosts/${host}/secrets/${secret}.age"
|
||||
|
13
pkgs/nixfiles/nixfiles-generate-backup-secrets.nix
Normal file
13
pkgs/nixfiles/nixfiles-generate-backup-secrets.nix
Normal file
@ -0,0 +1,13 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
pkgs.writeShellApplication {
|
||||
name = "nixfiles-generate-backup-secrets";
|
||||
text = builtins.readFile ./nixfiles-generate-backup-secrets.sh;
|
||||
runtimeInputs = with pkgs; [
|
||||
agenix
|
||||
apacheHttpd
|
||||
git
|
||||
pwgen
|
||||
];
|
||||
}
|
||||
|
32
pkgs/nixfiles/nixfiles-generate-backup-secrets.sh
Executable file
32
pkgs/nixfiles/nixfiles-generate-backup-secrets.sh
Executable file
@ -0,0 +1,32 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
cd "$(git rev-parse --show-toplevel)"
|
||||
|
||||
host="$1"
|
||||
|
||||
job_main="$(pwgen -1 64 1)"
|
||||
target_cyan="$(pwgen -1 64 1)"
|
||||
target_cyan_htpasswd="$(htpasswd -nbB "${host}" "${target_cyan}")"
|
||||
target_magenta="$(pwgen -1 64 1)"
|
||||
target_magenta_htpasswd="$(htpasswd -nbB "${host}" "${target_magenta}")"
|
||||
|
||||
mkdir -p "hosts/${host}/secrets"
|
||||
|
||||
echo "$job_main" | agenix -e "hosts/${host}/secrets/new"
|
||||
mv "hosts/${host}/secrets/new" "hosts/${host}/secrets/clerie-backup-job-main.age"
|
||||
|
||||
echo "$target_cyan" | agenix -e "hosts/${host}/secrets/new"
|
||||
mv "hosts/${host}/secrets/new" "hosts/${host}/secrets/clerie-backup-target-cyan.age"
|
||||
|
||||
echo "$target_magenta" | agenix -e "hosts/${host}/secrets/new"
|
||||
mv "hosts/${host}/secrets/new" "hosts/${host}/secrets/clerie-backup-target-magenta.age"
|
||||
|
||||
prev_htpasswd_cyan="$(agenix -d hosts/clerie-backup/secrets/restic-server-cyan-htpasswd.age)"
|
||||
cat <(echo "$prev_htpasswd_cyan") <(echo "$target_cyan_htpasswd") | agenix -e "hosts/clerie-backup/secrets/new"
|
||||
mv "hosts/clerie-backup/secrets/new" "hosts/clerie-backup/secrets/restic-server-cyan-htpasswd.age"
|
||||
|
||||
prev_htpasswd_magenta="$(agenix -d "hosts/backup-4/secrets/restic-server-magenta-htpasswd.age")"
|
||||
cat <(echo "$prev_htpasswd_magenta") <(echo "$target_magenta_htpasswd") | agenix -e "hosts/backup-4/secrets/new"
|
||||
mv "hosts/backup-4/secrets/new" "hosts/backup-4/secrets/restic-server-magenta-htpasswd.age"
|
12
pkgs/nixfiles/nixfiles-update-ssh-host-keys.nix
Normal file
12
pkgs/nixfiles/nixfiles-update-ssh-host-keys.nix
Normal file
@ -0,0 +1,12 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
pkgs.writeShellApplication {
|
||||
name = "nixfiles-update-ssh-host-keys";
|
||||
text = builtins.readFile ./nixfiles-update-ssh-host-keys.sh;
|
||||
runtimeInputs = with pkgs; [
|
||||
git
|
||||
nix
|
||||
openssh
|
||||
];
|
||||
}
|
||||
|
@ -1,8 +1,8 @@
|
||||
#!/bin/bash
|
||||
#!/usr/bin/env bash
|
||||
|
||||
cd $(git rev-parse --show-toplevel)
|
||||
cd "$(git rev-parse --show-toplevel)"
|
||||
|
||||
for host in $(nix eval --apply 'attrs: builtins.concatStringsSep "\n" (builtins.filter (name: (builtins.substring 0 1 name) != "_") (builtins.attrNames attrs))' --raw .#clerie.hosts); do
|
||||
echo $host
|
||||
ssh-keyscan -t ed25519 ${host}.net.clerie.de 2>/dev/null | sed -E 's/(\S+) (.+)/\2/g' > hosts/${host}/ssh.pub
|
||||
echo "$host"
|
||||
ssh-keyscan -t ed25519 "${host}.net.clerie.de" 2>/dev/null | sed -E 's/(\S+) (.+)/\2/g' > "hosts/${host}/ssh.pub"
|
||||
done
|
@ -2,7 +2,10 @@ self: super: {
|
||||
anycast_healthchecker = self.python3.pkgs.callPackage ./anycast_healthchecker {};
|
||||
flask-excel = self.python3.pkgs.callPackage ./flask-excel {};
|
||||
iot-data = self.python3.pkgs.callPackage ./iot-data {};
|
||||
nixfiles-updated-inputs = self.callPackage ./nixfiles {};
|
||||
nixfiles-add-secret = self.callPackage ./nixfiles/nixfiles-add-secret.nix {};
|
||||
nixfiles-generate-backup-secrets = self.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
|
||||
nixfiles-updated-inputs = self.callPackage ./nixfiles/nixfiles-updated-inputs.nix {};
|
||||
nixfiles-update-ssh-host-keys = self.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
|
||||
pyexcel-xlsx = self.python3.pkgs.callPackage ./pyexcel-xlsx {};
|
||||
pyexcel-webio = self.python3.pkgs.callPackage ./pyexcel-webio {};
|
||||
uptimestatus = self.python3.pkgs.callPackage ./uptimestatus {};
|
||||
|
Loading…
Reference in New Issue
Block a user