From 32e78a842369372103a1944a8f4c94fd8d8e5b07 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Sat, 6 Apr 2024 02:04:56 +0200 Subject: [PATCH] bootstrap script in shell --- scripts/bootstrap-machine.nix | 31 +++++++++++++++++++++++++++++++ scripts/bootstrap-machine.sh | 23 ----------------------- shell.nix | 3 ++- 3 files changed, 33 insertions(+), 24 deletions(-) create mode 100644 scripts/bootstrap-machine.nix delete mode 100755 scripts/bootstrap-machine.sh diff --git a/scripts/bootstrap-machine.nix b/scripts/bootstrap-machine.nix new file mode 100644 index 0000000..064d2f0 --- /dev/null +++ b/scripts/bootstrap-machine.nix @@ -0,0 +1,31 @@ +let + inputs = import ../deps; + pkgs = import inputs.nixpkgs { }; +in +pkgs.writeShellScriptBin "bootstrap-machine" '' + pushd $(git rev-parse --show-toplevel) + machine=$1 + ip=$2 + extra_args=("''${@:3}") + # Create a temporary directory + temp=$(mktemp -d) + # Function to cleanup temporary directory on exit + cleanup() { + rm -rf "$temp" + } + trap cleanup EXIT + + # Create the directory where sshd expects to find the host keys + install -d -m755 "$temp/etc/ssh" + + # Decrypt your private key from the password store and copy it to the temporary directory + rbw get "$machine"_ssh_host_ed25519_key -f notes > "$temp/etc/ssh/ssh_host_ed25519_key" + + # Set the correct permissions so sshd will accept the key + chmod 600 "$temp/etc/ssh/ssh_host_ed25519_key" + + nixos-anywhere --extra-files "$temp" --store-paths $(nix-build -A nixosConfigurations.\"$machine\".config.system.build.diskoScript) $(nix-build -A nixosConfigurations.\"$machine\".config.system.build.toplevel) "''${extra_args[@]}" root@"$ip" + popd +'' + + diff --git a/scripts/bootstrap-machine.sh b/scripts/bootstrap-machine.sh deleted file mode 100755 index 24c5c4e..0000000 --- a/scripts/bootstrap-machine.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/usr/bin/env bash - -machine=$1 -ip=$2 -extra_args=("${@:3}") -# Create a temporary directory -temp=$(mktemp -d) -# Function to cleanup temporary directory on exit -cleanup() { - rm -rf "$temp" -} -trap cleanup EXIT - -# Create the directory where sshd expects to find the host keys -install -d -m755 "$temp/etc/ssh" - -# Decrypt your private key from the password store and copy it to the temporary directory -rbw get "$machine"_ssh_host_ed25519_key -f notes > "$temp/etc/ssh/ssh_host_ed25519_key" - -# Set the correct permissions so sshd will accept the key -chmod 600 "$temp/etc/ssh/ssh_host_ed25519_key" - -nixos-anywhere --extra-files "$temp" --store-paths $(nix-build -A nixosConfigurations.\"$machine\".config.system.build.diskoScript) $(nix-build -A nixosConfigurations.\"$machine\".config.system.build.toplevel) "${extra_args[@]}" root@"$ip" diff --git a/shell.nix b/shell.nix index 1c06626..2641e6d 100644 --- a/shell.nix +++ b/shell.nix @@ -3,9 +3,10 @@ let pkgs = import inputs.nixpkgs { }; nixos-anywhere = pkgs.callPackage "${inputs.nixos-anywhere}/src/default.nix" { }; agenix = pkgs.callPackage "${inputs.agenix}/pkgs/agenix.nix" { }; + bootstrap = import scripts/bootstrap-machine.nix; in pkgs.mkShell { - nativeBuildInputs = with pkgs; [ colmena npins nixos-anywhere agenix ]; + nativeBuildInputs = with pkgs; [ colmena npins nixos-anywhere agenix bootstrap ]; }