examples/deploy-container: fix sudo env propagation

Env vars can't be reliably passed through `sudo`, so always
call nix-shell to setup the env after running sudo.
This commit is contained in:
Erik Arvstedt 2023-01-03 19:36:27 +01:00
parent 8d476cfeaf
commit 4b5b4eac58
No known key found for this signature in database
GPG Key ID: 33312B944DD97846
2 changed files with 11 additions and 19 deletions

View File

@ -1,17 +1,11 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
if [[ ! -v NIX_BITCOIN_EXAMPLES_DIR ]]; then
echo "Running script in nix shell env..."
cd "${BASH_SOURCE[0]%/*}"
exec nix-shell --run "./${BASH_SOURCE[0]##*/} $*"
else
cd "$NIX_BITCOIN_EXAMPLES_DIR"
fi
tmpDir=$(mktemp -d /tmp/nix-bitcoin-minimal-container.XXX) tmpDir=$(mktemp -d /tmp/nix-bitcoin-minimal-container.XXX)
trap 'rm -rf $tmpDir' EXIT trap 'rm -rf $tmpDir' EXIT
cd "${BASH_SOURCE[0]%/*}"
# Modify importable-configuration.nix to use the local <nix-bitcoin> # Modify importable-configuration.nix to use the local <nix-bitcoin>
# source instead of fetchTarball # source instead of fetchTarball
<importable-configuration.nix sed ' <importable-configuration.nix sed '
@ -31,4 +25,4 @@ cat > "$tmpDir/configuration.nix" <<EOF
} }
EOF EOF
"${BASH_SOURCE[0]%/*}/deploy-container.sh" "$tmpDir/configuration.nix" "$@" ./deploy-container.sh "$tmpDir/configuration.nix" "$@"

View File

@ -8,23 +8,21 @@ set -euo pipefail
# Run with option `--interactive` or `-i` to start a shell for interacting with # Run with option `--interactive` or `-i` to start a shell for interacting with
# the node. # the node.
if [[ ! -v NIX_BITCOIN_EXAMPLES_DIR ]]; then if [[ $EUID != 0 ]]; then
echo "Running script in nix shell env..." # NixOS containers require root permissions
cd "${BASH_SOURCE[0]%/*}" exec sudo "${BASH_SOURCE[0]}" "$@"
exec nix-shell --run "./${BASH_SOURCE[0]##*/} $*"
else
cd "$NIX_BITCOIN_EXAMPLES_DIR"
fi fi
if [[ $(sysctl -n net.ipv4.ip_forward || sudo sysctl -n net.ipv4.ip_forward) != 1 ]]; then if [[ $(sysctl -n net.ipv4.ip_forward) != 1 ]]; then
echo "Error: IP forwarding (net.ipv4.ip_forward) is not enabled." echo "Error: IP forwarding (net.ipv4.ip_forward) is not enabled."
echo "Needed for container WAN access." echo "Needed for container WAN access."
exit 1 exit 1
fi fi
if [[ $EUID != 0 ]]; then if [[ ! -v DEPLOY_CONTAINER_NIX_SHELL ]]; then
# NixOS containers require root permissions echo "Running script in nix shell env..."
exec sudo "PATH=$PATH" "NIX_PATH=$NIX_PATH" "NIX_BITCOIN_EXAMPLES_DIR=$NIX_BITCOIN_EXAMPLES_DIR" "${BASH_SOURCE[0]}" "$@" cd "${BASH_SOURCE[0]%/*}"
DEPLOY_CONTAINER_NIX_SHELL=1 exec nix-shell --run "./${BASH_SOURCE[0]##*/} $*"
fi fi
interactive= interactive=