mirror of
https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect.git
synced 2024-11-22 03:51:27 +00:00
pass SSH_AUTHORIZED_KEY and merge with userdata.json
This commit is contained in:
Alexander Tomokhov
parent
9245d6584d
commit
8de4c0908f
|
|
@ -21,7 +21,7 @@ steps:
|
|||
commands:
|
||||
# Create infect user script and then push it to a remote machine on server creation.
|
||||
- echo '#! /usr/bin/env bash' > infect.sh
|
||||
- echo "curl https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/branch/$INFECT_SOURCE_BRANCH/nixos-infect | PROVIDER=hetzner DOMAIN=$DOMAIN LUSER=cicdcicd USER_PASS=\"$USER_PASS\" CF_TOKEN=$CLOUDFLARE_TOKEN DB_PASSWORD=\"$USER_PASS\" API_TOKEN=\"$USER_PASS\" HOSTNAME=selfprivacy-ci-test DNS_PROVIDER_TYPE=CLOUDFLARE STAGING_ACME=true NIX_VERSION=2.18.1 NIXOS_CONFIG_NAME=sp-nixos CONFIG_URL=https://git.selfprivacy.org/api/v1/repos/SelfPrivacy/selfprivacy-nixos-template/archive/master.tar.gz bash 2>&1 | tee /root/infect.log" >> infect.sh
|
||||
- echo "curl https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/branch/$INFECT_SOURCE_BRANCH/nixos-infect | PROVIDER=hetzner DOMAIN=$DOMAIN LUSER=cicdcicd USER_PASS=\"$USER_PASS\" CF_TOKEN=$CLOUDFLARE_TOKEN DB_PASSWORD=\"$USER_PASS\" API_TOKEN=\"$USER_PASS\" HOSTNAME=selfprivacy-ci-test DNS_PROVIDER_TYPE=CLOUDFLARE STAGING_ACME=true NIX_VERSION=2.18.1 NIXOS_CONFIG_NAME=sp-nixos CONFIG_URL=https://git.selfprivacy.org/api/v1/repos/SelfPrivacy/selfprivacy-nixos-template/archive/master.tar.gz SSH_AUTHORIZED_KEY=\"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBb3yVhYF4slhf1iQCiGLOVcbGKP/MmkQiEMl2un+4K\" bash 2>&1 | tee /root/infect.log" >> infect.sh
|
||||
- http -v --check-status --ignore-stdin POST https://api.hetzner.cloud/v1/servers Authorization:"Bearer $PASSWORD" name=ci-sibling server_type=cx11 start_after_create:=true image=ubuntu-20.04 user_data=@infect.sh automount:=false location=fsn1
|
||||
|
||||
- name: dns
|
||||
|
|
|
|||
|
|
@ -17,10 +17,17 @@
|
|||
: "${NIX_VERSION:?NIX_VERSION variable is not set}"
|
||||
: "${NIXOS_CONFIG_NAME:?NIXOS_CONFIG_NAME variable is not set}"
|
||||
: "${CONFIG_URL:?CONFIG_URL variable is not set}"
|
||||
: "${SSH_AUTHORIZED_KEY:=}"
|
||||
|
||||
readonly LOCAL_FLAKE_DIR="/etc/nixos"
|
||||
readonly SECRETS_FILEPATH="/etc/selfprivacy/secrets.json"
|
||||
|
||||
genOptionalSsh() {
|
||||
[ -n "${SSH_AUTHORIZED_KEY}" ] && cat << EOF
|
||||
"ssh": { "rootKeys": [ "${SSH_AUTHORIZED_KEY}" ] },
|
||||
EOF
|
||||
}
|
||||
|
||||
# Merge original userdata.json with deployment specific fields and print result.
|
||||
genUserdata() {
|
||||
local HASHED_PASSWORD userdata_infect
|
||||
|
|
@ -28,6 +35,7 @@ genUserdata() {
|
|||
|
||||
userdata_infect=$(cat << EOF
|
||||
{
|
||||
$(genOptionalSsh)
|
||||
"dns": {
|
||||
"provider": "$DNS_PROVIDER_TYPE",
|
||||
"useStagingACME": $STAGING_ACME
|
||||
|
|
|
|||
Loading…
Reference in a new issue