polish conf script a bit
parent
14e76af3f0
commit
24db36af0c
64
nixos/conf
64
nixos/conf
|
@ -1,55 +1,67 @@
|
|||
#!/usr/bin/env bash
|
||||
set -xeuo pipefail
|
||||
if ! [ -e secrets.nix ]
|
||||
then
|
||||
git crypt unlock
|
||||
fi
|
||||
export NIX_PATH=yori-nix=$PWD
|
||||
set -euo pipefail
|
||||
cd "$( dirname "${BASH_SOURCE[0]}" )"
|
||||
export NIX_PATH=
|
||||
host=$1
|
||||
TARGET_HOST=$(nix eval --raw -f vpn.nix ips.$host)
|
||||
TARGET_HOST=$(ssh $TARGET_HOST ip --json r get 1.1.1.1 | jq -r '.[0].prefsrc')
|
||||
COPY_USER=yorick
|
||||
decrypt() {
|
||||
if ! [ -e secrets.nix ]
|
||||
then
|
||||
git crypt unlock
|
||||
fi
|
||||
}
|
||||
get_target_host() {
|
||||
TARGET_HOST=$(nix eval --raw -f vpn.nix ips.$host)
|
||||
TARGET_HOST=$(ssh $TARGET_HOST ip --json r get 1.1.1.1 | jq -r '.[0].prefsrc')
|
||||
}
|
||||
peek() {
|
||||
echo $ "$@" > /dev/stderr
|
||||
command "$@"
|
||||
}
|
||||
nix() {
|
||||
decrypt
|
||||
peek nix "$@"
|
||||
}
|
||||
nix-build() {
|
||||
decrypt
|
||||
peek nix-build "$@"
|
||||
}
|
||||
case $2 in
|
||||
copy-keys)
|
||||
nix build -f ../. yorick.machine."$host".config.deployment.keys-copy --out-link copy-keys
|
||||
./copy-keys/bin/copy-keys "$TARGET_HOST"
|
||||
get_target_host
|
||||
peek ./copy-keys/bin/copy-keys "$TARGET_HOST"
|
||||
# rm ./copy-keys
|
||||
;;
|
||||
exec)
|
||||
CHANNEL=$(jq -r ".$2.pkgs"<servers.json)
|
||||
channel_url=$(get_channel "$CHANNEL")
|
||||
export NIX_PATH="$channel_url:nixos-config=$PWD/logical/$2.nix:$NIX_PATH"
|
||||
"${@:3}"
|
||||
;;
|
||||
ssh)
|
||||
ssh root@"$TARGET_HOST"
|
||||
get_target_host
|
||||
peek ssh root@"$TARGET_HOST"
|
||||
;;
|
||||
repl)
|
||||
exec "$0" exec "$2" nix repl '<nixpkgs>' '<nixpkgs/nixos>'
|
||||
;;
|
||||
build)
|
||||
nix build -f servers.nix "$host" --show-trace
|
||||
;;
|
||||
copy)
|
||||
get_target_host
|
||||
nix copy -f servers.nix "$host" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST"
|
||||
;;
|
||||
test)
|
||||
get_target_host
|
||||
outPath=$(nix-build servers.nix -A "$host")
|
||||
nix copy -f servers.nix "$host" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST"
|
||||
ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration test
|
||||
peek ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration test
|
||||
;;
|
||||
boot)
|
||||
get_target_host
|
||||
outPath=$(nix-build servers.nix -A "$host")
|
||||
nix copy "$outPath" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST"
|
||||
ssh root@"$TARGET_HOST" nix-env -p "/nix/var/nix/profiles/system" --set "$outPath"
|
||||
ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration boot
|
||||
peek ssh root@"$TARGET_HOST" nix-env -p "/nix/var/nix/profiles/system" --set "$outPath"
|
||||
peek ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration boot
|
||||
;;
|
||||
switch)
|
||||
get_target_host
|
||||
outPath=$(nix-build servers.nix -A "$host")
|
||||
nix copy "$outPath" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST"
|
||||
ssh root@"$TARGET_HOST" nix-env -p "/nix/var/nix/profiles/system" --set "$outPath"
|
||||
ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration switch
|
||||
peek ssh root@"$TARGET_HOST" nix-env -p "/nix/var/nix/profiles/system" --set "$outPath"
|
||||
peek ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration switch
|
||||
;;
|
||||
|
||||
|
||||
esac
|
||||
|
|
|
@ -89,7 +89,7 @@ in {
|
|||
};
|
||||
"media.yori.cc" = sslforward "http://${vpn.ips.frumar}:32001";
|
||||
};
|
||||
deployment.keyys = [ <yori-nix/keys/http.muflax.key> ];
|
||||
deployment.keyys = [ ../keys/http.muflax.key ];
|
||||
networking.firewall.allowedUDPPorts = [ 31790 ]; # wg
|
||||
networking.wireguard.interfaces.wg-y.peers = lib.mkForce (lib.mapAttrsToList
|
||||
(machine: publicKey: {
|
||||
|
|
|
@ -104,7 +104,7 @@ in {
|
|||
ipv6 = true;
|
||||
hostName = machine;
|
||||
};
|
||||
deployment.keyys = [ (<yori-nix/keys> + "/wg.${machine}.key") ];
|
||||
deployment.keyys = [ (../keys + "/wg.${machine}.key") ];
|
||||
networking.wireguard.interfaces.wg-y = {
|
||||
privateKeyFile = "/root/keys/wg.${machine}.key";
|
||||
ips = [ vpn.ips.${machine} ];
|
||||
|
|
|
@ -7,7 +7,7 @@ in {
|
|||
namespace = mkOption { type = types.str; };
|
||||
};
|
||||
config = {
|
||||
deployment.keyys = [ (<yori-nix/keys> + "/wg.${cfg.name}.key") ];
|
||||
deployment.keyys = [ (../keys + "/wg.${cfg.name}.key") ];
|
||||
networking.wireguard.interfaces.${cfg.name} = {
|
||||
# curl -s https://api.mullvad.net/www/relays/all/ | jq '.[] | select(.type == "wireguard" and .country_code == "nl")'
|
||||
ips = [ "10.66.30.26/32" "fc00:bbbb:bbbb:bb01::3:1e19/128" ];
|
||||
|
|
Loading…
Reference in New Issue