aboutsummaryrefslogtreecommitdiff
path: root/deploy.sh
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-02-25 17:52:17 +0100
committerAlex Auvolat <alex@adnab.me>2022-02-25 17:52:17 +0100
commit6dc92812997e99e12ae5fcab3bda65f056a74edb (patch)
treede185f8e60062a90ac2a57243dfce2add70bd083 /deploy.sh
parent20ab1f7b8a76a116644668029175100c15a615e2 (diff)
downloadnixcfg-6dc92812997e99e12ae5fcab3bda65f056a74edb.tar.gz
nixcfg-6dc92812997e99e12ae5fcab3bda65f056a74edb.zip
Add remote LUKS unlocking configuration
Diffstat (limited to 'deploy.sh')
-rwxr-xr-xdeploy.sh7
1 files changed, 4 insertions, 3 deletions
diff --git a/deploy.sh b/deploy.sh
index af11604..7527f7f 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -40,6 +40,7 @@ for NIXHOST in $NIXHOSTLIST; do
ssh -F $SSH_CONFIG $SSH_DEST mkdir -p $TMP_PATH $TMP_PATH/pki
cat configuration.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/configuration.nix > /dev/null
cat nix/deuxfleurs.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/deuxfleurs.nix > /dev/null
+ cat nix/remote-unlock.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/remote-unlock.nix > /dev/null
cat cluster/$CLUSTER/cluster.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/cluster.nix > /dev/null
cat cluster/$CLUSTER/node/$NIXHOST.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/node.nix > /dev/null
cat cluster/$CLUSTER/node/$NIXHOST.site.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/site.nix > /dev/null
@@ -57,7 +58,9 @@ for NIXHOST in $NIXHOSTLIST; do
set -ex
cd $TMP_PATH
-mv deuxfleurs.nix configuration.nix cluster.nix node.nix site.nix /etc/nixos
+mv deuxfleurs.nix remote-unlock.nix configuration.nix cluster.nix node.nix site.nix /etc/nixos
+
+nixos-rebuild switch
test -f rclone.conf && (mv rclone.conf /root; chmod 600 /root/rclone.conf)
@@ -73,8 +76,6 @@ if [ -f pki/nomad-ca.crt ]; then
mv pki/nomad* /var/lib/nomad/pki
fi
-nixos-rebuild switch
-
# Save up-to-date Consul client certificates in Consul itself
export CONSUL_HTTP_ADDR=https://localhost:8501
export CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt