diff options
| author | Alex Auvolat <alex@adnab.me> | 2022-02-25 17:52:17 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2022-02-25 17:52:17 +0100 |
| commit | 6dc92812997e99e12ae5fcab3bda65f056a74edb (patch) | |
| tree | de185f8e60062a90ac2a57243dfce2add70bd083 /deploy.sh | |
| parent | 20ab1f7b8a76a116644668029175100c15a615e2 (diff) | |
| download | nixcfg-6dc92812997e99e12ae5fcab3bda65f056a74edb.tar.gz nixcfg-6dc92812997e99e12ae5fcab3bda65f056a74edb.zip | |
Add remote LUKS unlocking configuration
Diffstat (limited to 'deploy.sh')
| -rwxr-xr-x | deploy.sh | 7 |
1 files changed, 4 insertions, 3 deletions
@@ -40,6 +40,7 @@ for NIXHOST in $NIXHOSTLIST; do ssh -F $SSH_CONFIG $SSH_DEST mkdir -p $TMP_PATH $TMP_PATH/pki cat configuration.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/configuration.nix > /dev/null cat nix/deuxfleurs.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/deuxfleurs.nix > /dev/null + cat nix/remote-unlock.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/remote-unlock.nix > /dev/null cat cluster/$CLUSTER/cluster.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/cluster.nix > /dev/null cat cluster/$CLUSTER/node/$NIXHOST.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/node.nix > /dev/null cat cluster/$CLUSTER/node/$NIXHOST.site.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/site.nix > /dev/null @@ -57,7 +58,9 @@ for NIXHOST in $NIXHOSTLIST; do set -ex cd $TMP_PATH -mv deuxfleurs.nix configuration.nix cluster.nix node.nix site.nix /etc/nixos +mv deuxfleurs.nix remote-unlock.nix configuration.nix cluster.nix node.nix site.nix /etc/nixos + +nixos-rebuild switch test -f rclone.conf && (mv rclone.conf /root; chmod 600 /root/rclone.conf) @@ -73,8 +76,6 @@ if [ -f pki/nomad-ca.crt ]; then mv pki/nomad* /var/lib/nomad/pki fi -nixos-rebuild switch - # Save up-to-date Consul client certificates in Consul itself export CONSUL_HTTP_ADDR=https://localhost:8501 export CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt |