micqdf/TerraHome
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: preconfigure remote nix trusted-users before rebuild
All checks were successful
Terraform Plan / Terraform Plan (push) Successful in 12s
Details

Browse Source
This commit is contained in:
MichaelFisher1997
2026-02-28 20:25:50 +00:00
parent 70ff5ccef9
commit ba912810d1
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
nixos/kubeadm/scripts/rebuild-and-bootstrap.sh
View File

@@ -130,6 +130,15 @@ rebuild_node() {
--use-remote-sudo --use-remote-sudo
} }
prepare_remote_nix_trust() {
local node_ip="$1"
echo "==> Ensuring nix trusted-users on $node_ip"
remote "$node_ip" "sudo mkdir -p /etc/nix"
remote "$node_ip" "if [ -f /etc/nix/nix.conf ]; then sudo sed -i '/^trusted-users[[:space:]]*=/d' /etc/nix/nix.conf; fi"
remote "$node_ip" "echo 'trusted-users = root micqdf' | sudo tee -a /etc/nix/nix.conf >/dev/null"
remote "$node_ip" "sudo systemctl restart nix-daemon 2>/dev/null || true"
}
populate_nodes populate_nodes
prepare_known_hosts prepare_known_hosts
export NIX_SSHOPTS="$SSH_OPTS" export NIX_SSHOPTS="$SSH_OPTS"
@@ -143,10 +152,12 @@ ACTIVE_SSH_USER="$SSH_USER"
detect_ssh_user "$PRIMARY_CP_IP" detect_ssh_user "$PRIMARY_CP_IP"
for node in "${CP_NAMES[@]}"; do for node in "${CP_NAMES[@]}"; do
prepare_remote_nix_trust "${NODE_IPS[$node]}"
rebuild_node "$node" "${NODE_IPS[$node]}" rebuild_node "$node" "${NODE_IPS[$node]}"
done done
for node in "${WK_NAMES[@]}"; do for node in "${WK_NAMES[@]}"; do
prepare_remote_nix_trust "${NODE_IPS[$node]}"
rebuild_node "$node" "${NODE_IPS[$node]}" rebuild_node "$node" "${NODE_IPS[$node]}"
done done