added automation scripts for easy agent rebuilds.

This commit is contained in:
Joseph Hanson 2024-09-13 17:16:21 -05:00
parent e7a335e684
commit 7cb728e128
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
3 changed files with 94 additions and 0 deletions

1
.gitignore vendored
View file

@ -1,5 +1,6 @@
result*
/secrets
.secrets
age.key
**/*.tmp.sops.yaml
**/*.sops.tmp.yaml

View file

@ -0,0 +1,33 @@
#!/usr/bin/env bash
# Function to check if a command was successful
check_command() {
if [ $? -ne 0 ]; then
echo "Error: $1 failed"
exit 1
fi
}
# Build the qemu image and get the path
qemuImageBuildPath=$(nix build .#nixosConfigurations.fj-lxc-vm-x86_64.config.system.build.qemuImage --print-out-paths)
check_command "Building qemu image"
# Build the metadata and get the path
metadataBuildPath=$(nix build .#nixosConfigurations.fj-lxc-vm-x86_64.config.system.build.metadata --print-out-paths)
check_command "Building metadata"
# Set the paths for the metadata and qemu image
MBP="${metadataBuildPath}/tarball/nixos-system-x86_64-linux.tar.xz"
QBP="${qemuImageBuildPath}/nixos.qcow2"
# Import the image to Incus and capture the instance name
instance_name=$(incus image import --alias nixos-gen/custom/fj-lxc-vm-x86_64 "$MBP" "$QBP" | grep -oP '(?<=Instance ).*(?= created)')
check_command "Importing image to Incus"
echo "Instance created: $instance_name"
# Call the push_token.sh script with the new instance name
./push_token.sh "$instance_name"
check_command "Pushing token to instance"
echo "Process completed successfully"

View file

@ -0,0 +1,60 @@
#!/usr/bin/env bash
# Prerequisites:
# 1password vault created with a single item in it with the property 'runner_token'.
# Define the vault and item used.
# Usage: ./push_token.sh <incus vm instance name>
set -euo pipefail
# Check if instance name is provided
if [ "$#" -ne 1 ]; then
echo "Usage: $0 <instance-name>" >&2
exit 1
fi
INCUS_INSTANCE="$1" # Use the provided instance name
# Set variables
OP_ITEM_NAME="forgejo-runner" # Name of the 1Password item containing the runner token
OP_VAULT_NAME="forgejo-runner" # Name of the 1Password vault
TOKEN_FILE="tokenfile" # Name of the temporary file to store the token
INCUS_PATH="$INCUS_INSTANCE/var/lib/gitea-runner/default/$TOKEN_FILE"
# Check if OP_SESSION environment variable exists, if not, sign in
if [ -z "${OP_SESSION:-}" ]; then
echo "Not logged in to 1Password CLI. Attempting to sign in..."
if ! eval $(op signin); then
echo "Failed to sign in to 1Password CLI. Please sign in manually using 'op signin'" >&2
exit 1
fi
fi
# Ensure the target directory exists in the Incus instance
#incus exec "$INCUS_INSTANCE" -- mkdir -p /var/lib/gitea-runner/default
#incus exec "$INCUS_INSTANCE" -- chown gitea-runner:gitea-runner /var/lib/gitea-runner/default
# Retrieve the token from 1Password
TOKEN=$(op item get "$OP_ITEM_NAME" --vault "$OP_VAULT_NAME" --fields runner_token)
if [ -z "$TOKEN" ]; then
echo "Failed to retrieve token from 1Password" >&2
exit 1
fi
# Create the token file
echo "TOKEN=$TOKEN" > "$TOKEN_FILE"
# Push the file to Incus
echo "Running: incus file push $INCUS_PATH"
if incus file push "$TOKEN_FILE" "$INCUS_PATH"; then
echo "Token file successfully pushed to Incus instance $INCUS_INSTANCE"
else
echo "Failed to push token file to Incus instance $INCUS_INSTANCE" >&2
rm "$TOKEN_FILE"
exit 1
fi
# Clean up the local token file
rm "$TOKEN_FILE"
echo "Operation completed successfully"