greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

examples/deploy-container: fix sudo env propagation

Browse Source 
Env vars can't be reliably passed through `sudo`, so always
call nix-shell to setup the env after running sudo.
This commit is contained in:
Erik Arvstedt 2023-01-03 19:36:27 +01:00 committed by Greg Shuflin
parent 0e35b8a79a
commit 94659f3326
2 changed files with 11 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
examples/deploy-container-minimal.sh
View File

@ -1,17 +1,11 @@
#!/usr/bin/env bash
set -euo pipefail
if [[ ! -v NIX_BITCOIN_EXAMPLES_DIR ]]; then
echo "Running script in nix shell env..."
cd "${BASH_SOURCE[0]%/*}"
exec nix-shell --run "./${BASH_SOURCE[0]##*/} $*"
else
cd "$NIX_BITCOIN_EXAMPLES_DIR"
fi
tmpDir=$(mktemp -d /tmp/nix-bitcoin-minimal-container.XXX)
trap 'rm -rf $tmpDir' EXIT
cd "${BASH_SOURCE[0]%/*}"
# Modify importable-configuration.nix to use the local <nix-bitcoin>
# source instead of fetchTarball
<importable-configuration.nix sed '
@ -31,4 +25,4 @@ cat > "$tmpDir/configuration.nix" <<EOF
}
EOF
"${BASH_SOURCE[0]%/*}/deploy-container.sh" "$tmpDir/configuration.nix" "$@"
./deploy-container.sh "$tmpDir/configuration.nix" "$@"

18
examples/deploy-container.sh
View File

@ -8,23 +8,21 @@ set -euo pipefail
# Run with option `--interactive` or `-i` to start a shell for interacting with
# the node.
if [[ ! -v NIX_BITCOIN_EXAMPLES_DIR ]]; then
echo "Running script in nix shell env..."
cd "${BASH_SOURCE[0]%/*}"
exec nix-shell --run "./${BASH_SOURCE[0]##*/} $*"
else
cd "$NIX_BITCOIN_EXAMPLES_DIR"
if [[ $EUID != 0 ]]; then
# NixOS containers require root permissions
exec sudo "${BASH_SOURCE[0]}" "$@"
fi
if [[ $(sysctl -n net.ipv4.ip_forward || sudo sysctl -n net.ipv4.ip_forward) != 1 ]]; then
if [[ $(sysctl -n net.ipv4.ip_forward) != 1 ]]; then
echo "Error: IP forwarding (net.ipv4.ip_forward) is not enabled."
echo "Needed for container WAN access."
exit 1
fi
if [[ $EUID != 0 ]]; then
# NixOS containers require root permissions
exec sudo "PATH=$PATH" "NIX_PATH=$NIX_PATH" "NIX_BITCOIN_EXAMPLES_DIR=$NIX_BITCOIN_EXAMPLES_DIR" "${BASH_SOURCE[0]}" "$@"
if [[ ! -v DEPLOY_CONTAINER_NIX_SHELL ]]; then
echo "Running script in nix shell env..."
cd "${BASH_SOURCE[0]%/*}"
DEPLOY_CONTAINER_NIX_SHELL=1 exec nix-shell --run "./${BASH_SOURCE[0]##*/} $*"
fi
interactive=