gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Secrets! Thanks to arc.

Browse source
This commit is contained in:
kat witch 2021-03-01 20:29:30 +00:00
parent 61b0780fe6
commit 200fd473af
No known key found for this signature in database
GPG key ID: 1B477797DCA5EC72
7 changed files with 47 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

11
modules/deploy/default.nix
View file

@ -3,7 +3,15 @@
with lib;
let cfg = config.meta.deploy;
secretsScript = concatMapStrings (file: ''
ssh $NIX_SSHOPTS ${cfg.ssh.host} '
sudo mkdir -p ${toString file.out.dir}
echo \\"
${file.text}
" | sudo tee ${file.path}
sudo chmod ${file.mode} ${file.path}
sudo chown ${file.owner}:${file.group} ${file.path}'
'') (attrValues config.secrets.files);
in {
options = {
meta.deploy = {
@ -42,6 +50,7 @@ in {
nix copy ${
if cfg.substitute then "-s" else ""
} --no-check-sigs --to ssh://${cfg.ssh.host} ${config.system.build.toplevel}
${secretsScript}
ssh $NIX_SSHOPTS ${cfg.ssh.host} "sudo nix-env -p /nix/var/nix/profiles/system -i ${config.system.build.toplevel}"
ssh $NIX_SSHOPTS ${cfg.ssh.host} "sudo /nix/var/nix/profiles/system/bin/switch-to-configuration $1"
'';