diff options
| author | Alex Auvolat <alex@adnab.me> | 2021-12-30 18:09:20 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2021-12-30 18:09:20 +0100 |
| commit | 230c1d727b951e032603a5c776f540003829bff6 (patch) | |
| tree | 41969732e72904cd8a1cfa5b0fc7715406c5cd2f /upgrade.sh | |
| parent | 2ae33755927ca1c6fa84cdf3ef2aa75ea6b7edaa (diff) | |
| download | nixcfg-230c1d727b951e032603a5c776f540003829bff6.tar.gz nixcfg-230c1d727b951e032603a5c776f540003829bff6.zip | |
Increase security: sudo with password, no more docker group for users
Diffstat (limited to 'upgrade.sh')
| -rwxr-xr-x | upgrade.sh | 20 |
1 files changed, 15 insertions, 5 deletions
@@ -8,6 +8,8 @@ else NIXHOSTLIST="$@" fi +TMP_SCRIPT=/tmp/tmp-upgrade-$(date +%s).sh + for NIXHOST in $NIXHOSTLIST; do NIXHOST=${NIXHOST%.*} @@ -19,10 +21,18 @@ for NIXHOST in $NIXHOSTLIST; do echo "==== DOING $NIXHOST ====" - ssh -F ssh_config $SSH_DEST sudo nix-channel --add https://nixos.org/channels/nixos-21.11 nixos - ssh -F ssh_config $SSH_DEST sudo nix-channel --update - ssh -F ssh_config $SSH_DEST sudo nixos-rebuild boot + ssh -F ssh_config $SSH_DEST tee $TMP_SCRIPT > /dev/null <<EOF +set -ex + +nix-channel --add https://nixos.org/channels/nixos-21.11 nixos +nix-channel --update +nixos-rebuild boot +EOF + + read -p "Press Enter to continue (run upgrade on $NIXHOST)..." + ssh -t -F ssh_config $SSH_DEST sudo sh $TMP_SCRIPT + ssh -F ssh_config $SSH_DEST rm -v $TMP_SCRIPT - echo "Please reboot node manually to activate upgraded system:" - echo "$ ssh -F ssh_config $SSH_DEST sudo reboot" + read -p "Press Enter to continue (reboot $NIXHOST)..." + ssh -t -F ssh_config $SSH_DEST sudo reboot done |