mirror of
https://github.com/Smaug123/PulumiConfig
synced 2025-10-05 16:48:39 +00:00
41 lines
1.2 KiB
Bash
Executable File
41 lines
1.2 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
# e.g. `PulumiWebServer/Nix`, the directory holding the Nix flake that you want on the remote machine.
|
|
# Appropriate `networking.nix`, `hardware-configuration.nix`, and `ssh-keys.json` files, as output
|
|
# by the `pulumi up` command, will end up written to this folder.
|
|
NIX_FLAKE="$1"
|
|
|
|
if [ ! -d "$NIX_FLAKE" ]; then
|
|
echo "Flake directory $NIX_FLAKE does not exist; aborting" 1>&2
|
|
exit 1
|
|
fi
|
|
|
|
DOMAIN="$(jq -r .domain "$1/config.json")"
|
|
|
|
echo "Domain: $DOMAIN"
|
|
|
|
# TODO this somehow failed to find the right key
|
|
AGE_KEY="$(ssh-keyscan "$DOMAIN" | ssh-to-age | tail -1 2>/dev/null)"
|
|
|
|
if [ -e "/tmp/networking.nix" ]; then
|
|
mv "/tmp/networking.nix" "$NIX_FLAKE"
|
|
fi
|
|
|
|
if [ -e "/tmp/hardware-configuration.nix" ]; then
|
|
mv "/tmp/hardware-configuration.nix" "$NIX_FLAKE"
|
|
fi
|
|
|
|
if [ -e "/tmp/ssh-keys.json" ]; then
|
|
mv "/tmp/ssh-keys.json" "$NIX_FLAKE"
|
|
fi
|
|
|
|
if [ -n "$AGE_KEY" ]; then
|
|
sed -i -E "s! - &staging_server.+! - \&staging_server '$AGE_KEY'!g" .sops.yaml || exit 2
|
|
fi
|
|
|
|
sops updatekeys "$NIX_FLAKE/secrets/staging.json" || exit 3
|
|
|
|
cd "$NIX_FLAKE" || exit 4
|
|
|
|
nixos-rebuild switch --keep-going --show-trace --fast --flake .#default --target-host "root@$DOMAIN" --build-host "root@$DOMAIN" || exit
|