#! /bin/sh # # copy-secrets system_name target # set -euf system_name=$1 target=$2 nixos_config=$config_root/modules/$system_name secrets_nix=$secrets_root/$system_name/nix secrets_rsync=$secrets_root/$system_name/rsync if ! test -e "$secrets_rsync"; then exit # nothing to do fi retiolum_secret=$(nixos-query $system_name tv.retiolum.privateKeyFile) retiolum_uid=$(nixos-query $system_name users.extraUsers.retiolum-tinc.uid) ejabberd_secret=$(nixos-query $system_name services.ejabberd-cd.certFile) ejabberd_uid=$(nixos-query $system_name users.extraUsers.ejabberd.uid) rsync -cz --chown=0:0 -vr "$secrets_rsync/" "$target:/" ssh "$target" -T <<EOF set -euf retiolum_secret=${retiolum_secret-} retiolum_uid=${retiolum_uid-} ejabberd_secret=${ejabberd_secret-} ejabberd_uid=${ejabberd_uid-} if test -n "\$retiolum_secret"; then chown -v "\$retiolum_uid:0" "\$retiolum_secret" fi if test -n "\$ejabberd_secret"; then chown -v "\$ejabberd_uid:0" "\$ejabberd_secret" fi EOF