mirror of
https://github.com/SebastianStork/nixos-config.git
synced 2026-01-21 19:51:34 +01:00
Enable ShellCheck and improve shell scripts
This commit is contained in:
parent
58a78d7de7
commit
e5b6374751
7 changed files with 64 additions and 42 deletions
|
|
@ -13,8 +13,6 @@ _: {
|
||||||
pkgs.jq
|
pkgs.jq
|
||||||
];
|
];
|
||||||
|
|
||||||
excludeShellChecks = [ "SC2155" ];
|
|
||||||
|
|
||||||
text = ''
|
text = ''
|
||||||
if [[ $# -ne 2 ]]; then
|
if [[ $# -ne 2 ]]; then
|
||||||
echo "Usage: $0 <host> <destination>"
|
echo "Usage: $0 <host> <destination>"
|
||||||
|
|
@ -25,7 +23,7 @@ _: {
|
||||||
destination="$2"
|
destination="$2"
|
||||||
root="/tmp/anywhere/$host"
|
root="/tmp/anywhere/$host"
|
||||||
|
|
||||||
impermanence=$(nix eval ".#nixosConfigurations.$host.config.custom.impermanence.enable")
|
impermanence="$(nix eval ".#nixosConfigurations.$host.config.custom.impermanence.enable")"
|
||||||
if [ "$impermanence" = true ]; then
|
if [ "$impermanence" = true ]; then
|
||||||
ssh_dir="$root/persist/etc/ssh"
|
ssh_dir="$root/persist/etc/ssh"
|
||||||
else
|
else
|
||||||
|
|
@ -38,13 +36,16 @@ _: {
|
||||||
ssh-keygen -C "root@$host" -f "$ssh_dir/ssh_host_ed25519_key" -N "" -q
|
ssh-keygen -C "root@$host" -f "$ssh_dir/ssh_host_ed25519_key" -N "" -q
|
||||||
|
|
||||||
echo "==> Replacing old age key with new age key..."
|
echo "==> Replacing old age key with new age key..."
|
||||||
new_age_key=$(ssh-to-age -i "$ssh_dir/ssh_host_ed25519_key.pub")
|
new_age_key="$(ssh-to-age -i "$ssh_dir/ssh_host_ed25519_key.pub")"
|
||||||
sed -i -E "s|(agePublicKey\s*=\s*\")[^\"]*(\";)|\1$new_age_key\2|" "hosts/$host/default.nix"
|
sed -i -E "s|(agePublicKey\s*=\s*\")[^\"]*(\";)|\1$new_age_key\2|" "hosts/$host/default.nix"
|
||||||
|
|
||||||
echo "==> Updating SOPS secrets..."
|
echo "==> Updating SOPS secrets..."
|
||||||
export BW_SESSION=$(bw login --raw)
|
BW_SESSION="$(bw login --raw)"
|
||||||
export SOPS_AGE_KEY=$(bw get item 'admin age-key' | jq -r '.notes')
|
export BW_SESSION
|
||||||
export SOPS_CONFIG=$(nix build .#sops-config --print-out-paths)
|
SOPS_AGE_KEY="$(bw get item 'admin age-key' | jq -r '.notes')"
|
||||||
|
export SOPS_AGE_KEY
|
||||||
|
SOPS_CONFIG="$(nix build .#sops-config --print-out-paths)"
|
||||||
|
export SOPS_CONFIG
|
||||||
sops updatekeys --yes "hosts/$host/secrets.json"
|
sops updatekeys --yes "hosts/$host/secrets.json"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -50,9 +50,12 @@
|
||||||
pkgs.jq
|
pkgs.jq
|
||||||
];
|
];
|
||||||
shellHook = ''
|
shellHook = ''
|
||||||
export BW_SESSION=$(bw login --raw)
|
BW_SESSION="$(bw login --raw)"
|
||||||
export SOPS_AGE_KEY=$(bw get item 'admin age-key' | jq -r '.notes')
|
export BW_SESSION
|
||||||
export SOPS_CONFIG=${self'.packages.sops-config}
|
SOPS_AGE_KEY="$(bw get item 'admin age-key' | jq -r '.notes')"
|
||||||
|
export SOPS_AGE_KEY
|
||||||
|
SOPS_CONFIG="${self'.packages.sops-config}"
|
||||||
|
export SOPS_CONFIG
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -41,6 +41,8 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.enableStrictShellChecks = true;
|
||||||
|
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
i18n = {
|
i18n = {
|
||||||
defaultLocale = "en_US.UTF-8";
|
defaultLocale = "en_US.UTF-8";
|
||||||
|
|
|
||||||
|
|
@ -70,22 +70,33 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd = {
|
systemd.services.forgejo.preStart =
|
||||||
services.forgejo.preStart =
|
|
||||||
let
|
let
|
||||||
userCmd = "${lib.getExe config.services.forgejo.package} admin user";
|
userCmd = "${lib.getExe config.services.forgejo.package} admin user";
|
||||||
credentials = lib.concatStringsSep " " [
|
|
||||||
"--username SebastianStork"
|
|
||||||
"--password \"$PASSWORD\""
|
|
||||||
];
|
|
||||||
in
|
in
|
||||||
''
|
''
|
||||||
PASSWORD="$(< ${config.sops.secrets."forgejo/admin-password".path})"
|
username="SebastianStork"
|
||||||
|
password="$(cat ${config.sops.secrets."forgejo/admin-password".path})"
|
||||||
|
|
||||||
${userCmd} create ${credentials} --email "sebastian.stork@pm.me" --admin \
|
create_user() {
|
||||||
|| ${userCmd} change-password ${credentials} --must-change-password=false
|
${userCmd} create \
|
||||||
|
--username "$username" \
|
||||||
|
--password "$password" \
|
||||||
|
--email "sebastian.stork@pm.me" \
|
||||||
|
--admin
|
||||||
|
}
|
||||||
|
|
||||||
|
reset_password() {
|
||||||
|
${userCmd} change-password \
|
||||||
|
--username "$username" \
|
||||||
|
--password "$password" \
|
||||||
|
--must-change-password=false
|
||||||
|
}
|
||||||
|
|
||||||
|
if ! create_user; then
|
||||||
|
reset_password
|
||||||
|
fi
|
||||||
'';
|
'';
|
||||||
};
|
|
||||||
|
|
||||||
custom.services.resticBackups.forgejo = lib.mkIf cfg.doBackups {
|
custom.services.resticBackups.forgejo = lib.mkIf cfg.doBackups {
|
||||||
conflictingService = "forgejo.service";
|
conflictingService = "forgejo.service";
|
||||||
|
|
|
||||||
|
|
@ -55,15 +55,15 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
# Ensure session-secret
|
# Ensure session-secret
|
||||||
systemd.services.hedgedoc.preStart =
|
systemd.services.hedgedoc.preStart = lib.mkBefore ''
|
||||||
let
|
secret_file="/var/lib/hedgedoc/session-secret"
|
||||||
sessionSecret = "/var/lib/hedgedoc/session-secret";
|
|
||||||
in
|
if [ ! -f $secret_file ]; then
|
||||||
lib.mkBefore ''
|
${lib.getExe pkgs.pwgen} -s 64 1 > $secret_file
|
||||||
if [ ! -f ${sessionSecret} ]; then
|
|
||||||
${lib.getExe pkgs.pwgen} -s 64 1 > ${sessionSecret}
|
|
||||||
fi
|
fi
|
||||||
export SESSION_SECRET=$(cat ${sessionSecret})
|
|
||||||
|
SESSION_SECRET="$(cat $secret_file)"
|
||||||
|
export SESSION_SECRET
|
||||||
'';
|
'';
|
||||||
|
|
||||||
custom.services.resticBackups.hedgedoc = lib.mkIf cfg.doBackups {
|
custom.services.resticBackups.hedgedoc = lib.mkIf cfg.doBackups {
|
||||||
|
|
|
||||||
|
|
@ -49,8 +49,6 @@ in
|
||||||
|
|
||||||
storage.hook =
|
storage.hook =
|
||||||
let
|
let
|
||||||
createBirthdayCalendar = "${inputs.radicale-birthday-calendar}/create_birthday_calendar.py";
|
|
||||||
|
|
||||||
hookScript = pkgs.writeShellApplication {
|
hookScript = pkgs.writeShellApplication {
|
||||||
name = "radicale-git-hook";
|
name = "radicale-git-hook";
|
||||||
runtimeInputs = [
|
runtimeInputs = [
|
||||||
|
|
@ -64,9 +62,10 @@ in
|
||||||
))
|
))
|
||||||
];
|
];
|
||||||
text = ''
|
text = ''
|
||||||
readonly username="$1"
|
username="$1"
|
||||||
|
create_birthday_calendar="${inputs.radicale-birthday-calendar}/create_birthday_calendar.py"
|
||||||
|
|
||||||
git status --porcelain | awk '{print $2}' | python3 ${createBirthdayCalendar}
|
git status --porcelain | awk '{print $2}' | python3 $create_birthday_calendar
|
||||||
|
|
||||||
git add -A
|
git add -A
|
||||||
if ! git diff --cached --quiet; then
|
if ! git diff --cached --quiet; then
|
||||||
|
|
|
||||||
|
|
@ -31,9 +31,15 @@ in
|
||||||
serviceConfig.Type = "oneshot";
|
serviceConfig.Type = "oneshot";
|
||||||
scriptArgs = "%i";
|
scriptArgs = "%i";
|
||||||
script = ''
|
script = ''
|
||||||
${lib.getExe pkgs.curl} --fail --silent --show-error --max-time 10 --retry 5 https://hc-ping.com/$(cat ${
|
ping_key="$(cat ${config.sops.secrets."healthchecks/ping-key".path})"
|
||||||
config.sops.secrets."healthchecks/ping-key".path
|
slug="$(echo "$1" | tr _ /)"
|
||||||
})/$(echo $1 | tr _ /)
|
|
||||||
|
${lib.getExe pkgs.curl} \
|
||||||
|
--fail \
|
||||||
|
--silent \
|
||||||
|
--show-error \
|
||||||
|
--max-time 10 \
|
||||||
|
--retry 5 "https://hc-ping.com/$ping_key/$slug"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue