From 8dbbdb29e6b68d9bd3408a0824b925bbbffeb8ca Mon Sep 17 00:00:00 2001 From: naturallaw77 Date: Sat, 15 Jul 2023 00:54:02 -0700 Subject: [PATCH] updated sp.sh and psp.sh --- for_new_sovran_pros/psp.sh | 1 + for_new_sovran_pros/sp.sh | 87 +++++++++++--------------------------- 2 files changed, 26 insertions(+), 62 deletions(-) diff --git a/for_new_sovran_pros/psp.sh b/for_new_sovran_pros/psp.sh index f800a73..6a9ffac 100644 --- a/for_new_sovran_pros/psp.sh +++ b/for_new_sovran_pros/psp.sh @@ -59,6 +59,7 @@ cat <> /mnt/etc/nixos/configuration.nix fish pwgen openssl + sed ]; services.openssh = { diff --git a/for_new_sovran_pros/sp.sh b/for_new_sovran_pros/sp.sh index 6e95b41..4ccd09a 100644 --- a/for_new_sovran_pros/sp.sh +++ b/for_new_sovran_pros/sp.sh @@ -161,6 +161,31 @@ echo -n ADMIN_TOKEN=$(openssl rand -base64 48 # +mkdir /root/.ssh/agenix + +ssh-keygen -q -N "" -t ed25519 -f /root/.ssh/agenix/agenix-secret-keys + +sed -i -e "0,/root.*/{s::root = $(cat /root/.ssh/agenix/agenix-secret-keys.pub):};s:root@nixos::" /var/lib/agenix-secrets/secrets.nix + +sed -i 's:\(root =[[:blank:]]*\)\(.*\):\1"\2";:' /var/lib/agenix-secrets/secrets.nix + +# + +pushd /var/lib/agenix-secrets/ + + echo -n $(cat /var/lib/secrets/wordpressdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e wordpressdb.age -i /root/.ssh/agenix/agenix-secret-keys + + echo -n $(cat /var/lib/secrets/nextclouddb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e nextclouddb.age -i /root/.ssh/agenix/agenix-secret-keys + + echo -n $(cat /var/lib/secrets/matrixdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrixdb.age -i /root/.ssh/agenix/agenix-secret-keys + + echo -n $(cat /var/lib/secrets/turn) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e turn.age -i /root/.ssh/agenix/agenix-secret-keys + + echo -n $(cat /var/lib/secrets/matrix_reg_secret) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrix_reg_secret.age -i /root/.ssh/agenix/agenix-secret-keys + +popd + + pushd /etc/nixos nix flake update @@ -169,15 +194,6 @@ pushd /etc/nixos popd -exit_on_error() { - exit_code=$1 - last_command=${@:2} - if [ $exit_code -ne 0 ]; then - >&2 echo "\"${last_command}\" command failed with exit code ${exit_code}." - exit $exit_code - fi -} - # @@ -203,50 +219,6 @@ chmod 770 /var/lib/secrets/ -R # -mkdir /root/.ssh/agenix - -ssh-keygen -q -N "" -t ed25519 -f /root/.ssh/agenix/agenix-secret-keys - -sed -i -e "0,/root.*/{s::root = $(cat /root/.ssh/agenix/agenix-secret-keys.pub):};s:root@nixos::" /var/lib/agenix-secrets/secrets.nix - -sed -i 's:\(root =[[:blank:]]*\)\(.*\):\1"\2";:' /var/lib/agenix-secrets/secrets.nix - -exit_on_error() { - exit_code=$1 - last_command=${@:2} - if [ $exit_code -ne 0 ]; then - >&2 echo "\"${last_command}\" command failed with exit code ${exit_code}." - exit $exit_code - fi -} - -# - -pushd /var/lib/agenix-secrets/ - - echo -n $(cat /var/lib/secrets/wordpressdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e wordpressdb.age -i /root/.ssh/agenix/agenix-secret-keys - - echo -n $(cat /var/lib/secrets/nextclouddb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e nextclouddb.age -i /root/.ssh/agenix/agenix-secret-keys - - echo -n $(cat /var/lib/secrets/matrixdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrixdb.age -i /root/.ssh/agenix/agenix-secret-keys - - echo -n $(cat /var/lib/secrets/turn) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e turn.age -i /root/.ssh/agenix/agenix-secret-keys - - echo -n $(cat /var/lib/secrets/matrix_reg_secret) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrix_reg_secret.age -i /root/.ssh/agenix/agenix-secret-keys - -popd - -exit_on_error() { - exit_code=$1 - last_command=${@:2} - if [ $exit_code -ne 0 ]; then - >&2 echo "\"${last_command}\" command failed with exit code ${exit_code}." - exit $exit_code - fi -} - -# - chown caddy:php /var/lib/domains -R chmod 770 /var/lib/domains -R @@ -261,15 +233,6 @@ pushd /etc/nixos popd -exit_on_error() { - exit_code=$1 - last_command=${@:2} - if [ $exit_code -ne 0 ]; then - >&2 echo "\"${last_command}\" command failed with exit code ${exit_code}." - exit $exit_code - fi -} - # set -x