# unpackPhase # patchPhase # configurePhase # buildPhase # checkPhase # installPhase # fixupPhase # installCheckPhase # distPhase { lib, stdenv, writeShellScript, k8s, openssh, ... }: let deploy_script_body = ( '' set -euo pipefail IFS=$'\n\t' DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )" '' + (lib.concatMapStringsSep "\n" deploy_machine [ "nc0" "nc1" "nc2" ]) ); deploy_script = (writeShellScript "deploy-script" deploy_script_body); deploy_file = ( { dest_dir, file, name ? (builtins.baseNameOf file), owner, group, mode, }: '' ## ## deploy ${name} to ${dest_dir} ## ${openssh}/bin/ssh mrmanager doas rm -f ${dest_dir}/${name} ~/${name} ${openssh}/bin/scp ${file} mrmanager:~/${name} ${openssh}/bin/ssh mrmanager doas install -o ${toString owner} -g ${toString group} -m ${mode} ~/${name} ${dest_dir}/${name} ${openssh}/bin/ssh mrmanager doas rm -f ~/${name} '' ); deploy_machine = ( vm_name: ( '' ## ## Create directories on ${vm_name} ## ${openssh}/bin/ssh mrmanager doas install -d -o 11235 -g 11235 -m 0755 /vm/${vm_name}/persist/keys ${openssh}/bin/ssh mrmanager doas install -d -o 10016 -g 10016 -m 0755 /vm/${vm_name}/persist/keys/etcd ${openssh}/bin/ssh mrmanager doas install -d -o 10024 -g 10024 -m 0755 /vm/${vm_name}/persist/keys/kube '' + (lib.concatMapStringsSep "\n" deploy_file [ { dest_dir = "/vm/${vm_name}/persist/keys/etcd"; file = "${k8s.keys.kube-api-server}/kube-api-server.crt"; owner = 10016; group = 10016; mode = "0640"; } { dest_dir = "/vm/${vm_name}/persist/keys/etcd"; file = "${k8s.keys.kube-api-server}/kube-api-server.key"; owner = 10016; group = 10016; mode = "0600"; } { dest_dir = "/vm/${vm_name}/persist/keys/etcd"; file = "${k8s.ca}/ca.crt"; owner = 10016; group = 10016; mode = "0640"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.ca}/ca.crt"; owner = 10024; group = 10024; mode = "0640"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.ca}/ca.key"; owner = 10024; group = 10024; mode = "0600"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.keys.kube-api-server}/kube-api-server.crt"; owner = 10024; group = 10024; mode = "0640"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.keys.kube-api-server}/kube-api-server.key"; owner = 10024; group = 10024; mode = "0600"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.encryption_config}/encryption-config.yaml"; name = "encryption-config.yaml"; owner = 10024; group = 10024; mode = "0600"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.keys.service-accounts}/service-accounts.crt"; owner = 10024; group = 10024; mode = "0640"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.keys.service-accounts}/service-accounts.key"; owner = 10024; group = 10024; mode = "0600"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.client-configs.kube-controller-manager}/kube-controller-manager.kubeconfig"; owner = 10024; group = 10024; mode = "0600"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.client-configs.kube-scheduler}/kube-scheduler.kubeconfig"; owner = 10024; group = 10024; mode = "0600"; } ]) ) ); in stdenv.mkDerivation (finalAttrs: { name = "deploy-script"; nativeBuildInputs = [ ]; buildInputs = [ ]; unpackPhase = "true"; installPhase = '' cp ${deploy_script} "$out" ''; })