summaryrefslogtreecommitdiffstats
path: root/bin/copy-secrets
diff options
context:
space:
mode:
Diffstat (limited to 'bin/copy-secrets')
-rwxr-xr-xbin/copy-secrets69
1 files changed, 0 insertions, 69 deletions
diff --git a/bin/copy-secrets b/bin/copy-secrets
deleted file mode 100755
index f40493599..000000000
--- a/bin/copy-secrets
+++ /dev/null
@@ -1,69 +0,0 @@
-#! /bin/sh
-#
-# copy-secrets system_name target
-#
-set -euf
-
-system_name=$1
-target=$2
-
-nixos_config=$config_root/modules/$system_name
-secrets_nix=$secrets_root/$system_name/nix
-secrets_rsync=$secrets_root/$system_name/rsync
-
-if ! test -e "$secrets_rsync"; then
- exit # nothing to do
-fi
-
-# XXX this is ugly
-# Notice NIX_PATH used from host
-# Notice secrets required to evaluate configuration
-NIX_PATH=$NIX_PATH:nixos-config=$PWD/modules/$system_name
-NIX_PATH=$NIX_PATH:secrets=$PWD/secrets/$system_name/nix
-export NIX_PATH
-
-case $(nixos-query tv.retiolum.enable 2>/dev/null) in true)
- retiolum_secret=$(nixos-query tv.retiolum.privateKeyFile)
- retiolum_uid=$(nixos-query users.extraUsers.retiolum-tinc.uid)
-esac
-
-case $(nixos-query services.ejabberd-cd.enable 2>/dev/null) in true)
- ejabberd_secret=$(nixos-query services.ejabberd-cd.certFile)
- ejabberd_uid=$(nixos-query users.extraUsers.ejabberd.uid)
-esac
-
-case $(nixos-query tv.consul.enable 2>/dev/null) in true)
- consul_secret=$(nixos-query tv.consul.encrypt-file)
- consul_uid=$(nixos-query users.extraUsers.consul.uid)
-esac
-
-(set -x
- rsync \
- --rsync-path="mkdir -p \"$2\" && rsync" \
- -vzrlptD \
- "$secrets_rsync/" \
- "$target:/")
-
-ssh "$target" -T <<EOF
-set -euf
-
-retiolum_secret=${retiolum_secret-}
-retiolum_uid=${retiolum_uid-}
-ejabberd_secret=${ejabberd_secret-}
-ejabberd_uid=${ejabberd_uid-}
-consul_secret=${consul_secret-}
-consul_uid=${consul_uid-}
-
-if test -n "\$retiolum_secret"; then
- chown -v "\$retiolum_uid:0" "\$retiolum_secret"
-fi
-
-if test -n "\$ejabberd_secret"; then
- chown -v "\$ejabberd_uid:0" "\$ejabberd_secret"
-fi
-
-if test -n "\$consul_secret"; then
- chown -v "\$consul_uid:0" "\$consul_secret"
-fi
-
-EOF