Merge pull request 'fix: update infect' (#25 ) from testing/digital-ocean-cleanup into providers/digital-ocean

Reviewed-on: #25
fix: update infect
2023-07-26 01:09:53 +03:00 · 2023-07-26 01:09:17 +03:00 · 2023-03-17 14:08:43 +03:00 · 2023-02-08 16:27:20 +03:00 · 2023-01-17 17:10:40 +04:00 · 2022-11-16 11:10:38 +03:00
1 changed files with 44 additions and 18 deletions
--- a/62
+++ b/62
@ -7,10 +7,18 @@ set -e -o pipefail
 makeConf() {
  # Skip everything if main config already present
  [[ -e /etc/nixos/configuration.nix ]] && return 0
-  if [[ $PASSWORD == null ]]; then
+  if [[ -z $PASSWORD ]]; then
      export PASSWORD=$(printf $ENCODED_PASSWORD | base64 --decode)
  fi

+  if [[ -z $DNS_PROVIDER_TYPE ]]; then
+      export DNS_PROVIDER_TYPE='CLOUDFLARE'
+  fi
+
+  if [[ -z $STAGING_ACME ]]; then
+      export STAGING_ACME='false'
+  fi
+
  export ESCAPED_PASSWORD=$(printf $ENCODED_PASSWORD | base64 --decode | jq -Rs .)
  export HASHED_PASSWORD=$( mkpasswd -m sha-512 "$PASSWORD" )

@ -21,12 +29,9 @@ makeConf() {

  # Prevent grep for sending error code 1 (and halting execution) when no lines are selected : https://www.unix.com/man-page/posix/1P/grep
  local IFS=$'\n'
-  for trypath in /root/.ssh/authorized_keys /home/$SUDO_USER/.ssh/authorized_keys $HOME/.ssh/authorized_keys; do
-      [[ -r "$trypath" ]] \
-      && keys=$(sed -E 's/^.*((ssh|ecdsa)-[^[:space:]]+)[[:space:]]+([^[:space:]]+)([[:space:]]*.*)$/\1 \3\4/' "$trypath") \
-      && break
-  done
+
  local network_import=""
+  [[ -n "$doNetConf" ]] && network_import="./networking.nix # generated at runtime by nixos-infect"

  cat > /etc/nixos/userdata/userdata.json << EOF
 {
@ -34,17 +39,26 @@ makeConf() {
        "token": "$API_TOKEN",
        "skippedMigrations": ["migrate_to_selfprivacy_channel", "mount_volume"]
    },
-    "backblaze": {
+    "backup": {
+        "provider": "BACKBLAZE",
        "accountId": "$BACKBLAZE_KEY_ID",
        "accountKey": "$BACKBLAZE_ACCOUNT_KEY",
        "bucket": "$BACKBLAZE_BUCKET_NAME"
    },
    "bitwarden": {
        "enable": true,
-        "location": "sdb"
+        "location": "sda"
    },
-    "cloudflare": {
-        "apiKey": "$CF_TOKEN"
+    "dns": {
+        "provider": "$DNS_PROVIDER_TYPE",
+        "apiKey": "$CF_TOKEN",
+        "useStagingACME": $STAGING_ACME
+    },
+    "email": {
+        "location": "sda"
+    },
+    "server": {
+        "provider": "DIGITALOCEAN"
    },
    "databasePassword": "$DB_PASSWORD",
    "domain": "$DOMAIN",
@ -54,11 +68,11 @@ makeConf() {
        "enable": true,
        "adminPassword": $ESCAPED_PASSWORD,
        "databasePassword": $ESCAPED_PASSWORD,
-        "location": "sdb"
+        "location": "sda"
    },
    "gitea": {
        "enable": true,
-        "location": "sdb"
+        "location": "sda"
    },
    "jitsi": {
        "enable": true
@ -68,15 +82,15 @@ makeConf() {
    },
    "pleroma": {
        "enable": false,
-        "location": "sdb"
+        "location": "sda"
    },
    "timezone": "Europe/Uzhgorod",
    "resticPassword": $ESCAPED_PASSWORD,
    "username": "$LUSER",
    "volumes": [
      {
-        "device": "/dev/sdb",
-        "mountPoint": "/volumes/sdb",
+        "device": "/dev/sda",
+        "mountPoint": "/volumes/sda",
        "fsType": "ext4"
     }
    ],
@ -102,13 +116,22 @@ EOF
 )
  fi

+  availableKernelModules=('"ata_piix"' '"uhci_hcd"' '"xen_blkfront"')
+  if isX86_64; then
+    availableKernelModules+=('"vmw_pvscsi"')
+  fi
+
  # If you rerun this later, be sure to prune the filesSystems attr
  cat > /etc/nixos/hardware-configuration.nix << EOF
 { modulesPath, ... }:
 {
-  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+    $network_import
+  ];
 $bootcfg
  boot.initrd.kernelModules = [ "nvme" ];
+  boot.initrd.availableKernelModules = [ ${availableKernelModules[@]} ];
  fileSystems."/" = { device = "$rootfsdev"; fsType = "$rootfstype"; };
 }
 EOF
@ -163,7 +186,10 @@ EOF
  networking = {
    nameservers = [ ${nameservers[@]} ];
    defaultGateway = "${gateway}";
-    defaultGateway6 = "${gateway6}";
+    defaultGateway6 = {
+      address = "${gateway6}";
+      interface = "${eth0_name}";
+    };
    dhcpcd.enable = false;
    $predictable_inames
    interfaces = {
@ -312,7 +338,7 @@ infect() {
  #addgroup nixbld -g 30000 || true
  #for i in {1..10}; do adduser -DH -G nixbld nixbld$i || true; done

-  curl -L https://nixos.org/nix/install | $SHELL
+  curl -L https://nixos.org/nix/install | sh -s -- --no-channel-add

  # shellcheck disable=SC1090
  source ~/.nix-profile/etc/profile.d/nix.sh
Author	SHA1	Message	Date
Inex Code	acae23fdb0	Merge pull request 'fix: update infect' (#25 ) from testing/digital-ocean-cleanup into providers/digital-ocean Reviewed-on: #25	2023-07-26 01:09:53 +03:00
Inex Code	620a15a3a3	fix: update infect	2023-07-26 01:09:17 +03:00
Inex Code	83a65bea88	chore: Use master branch of NixOS config	2023-03-17 14:08:43 +03:00
Inex Code	fec11f8a7a	fix: Defaults not being set	2023-02-08 16:27:20 +03:00
NaiJi ✨	512ff0a218	feat: Implement dns provider type variable for infecting	2023-01-17 17:10:40 +04:00
Inex Code	389e23a161	feat: Add support for staging ACME	2022-11-16 11:10:38 +03:00
NaiJi ✨	ccb337f6d4	chore: Remove temporary cloning branch and change back to api-redis	2022-11-11 05:08:43 +02:00
Inex Code	6a1bc092a6	fix: Use DigitalOcean's volume	2022-11-09 23:16:30 +03:00
NaiJi ✨	f8cae86a64	chore!: Make infect pull configuration from custom temp branch Make sure this commit is never merged into master, because the branch contains developers' public keys	2022-11-09 20:29:34 +02:00
Inex Code	f526e00585	fix: use sda for all services	2022-11-08 03:32:23 +03:00
Inex Code	2b4bb3f793	fix: remove a volume from DO for now	2022-11-08 03:30:55 +03:00
Inex Code	5f72978a16	fix: userdata json	2022-11-08 02:33:15 +03:00
Inex Code	c8b85bffc4	chore: use api-redis branch of config for Digital Ocean	2022-11-08 01:45:36 +03:00
Inex Code	7af1730fa3	fix: Import networking.nix when on Digital ocean	2022-11-08 01:37:28 +03:00