chore: improve shells

2025-03-25 21:30:52 +01:00 · 2024-07-12 16:31:09 +02:00 · 2024-07-12 16:31:09 +02:00 · c783d1123a
commit c783d1123a
parent f53336f887
3 changed files with 54 additions and 31 deletions
--- a/scripts/bootstrap-machine.nix
+++ b/scripts/bootstrap-machine.nix
@ -1,37 +1,48 @@
-let
-  inputs = import ../deps;
-  pkgs = import inputs.nixpkgs { };
-in
-pkgs.writeShellScriptBin "bootstrap-machine" ''
-  pushd $(git rev-parse --show-toplevel)
-  machine=$1
-  ip=$2
-  extra_args=("''${@:3}")
-  # Create a temporary directory
-  temp=$(mktemp -d)
-  # Function to cleanup temporary directory on exit
-  cleanup() {
-    rm -rf "$temp"
-  }
-  trap cleanup EXIT
+{
+  writeShellApplication,
+  rbw,
+  nixos-anywhere,
+}:

-  # Create the directory where sshd expects to find the host keys
-  install -d -m755 "$temp/etc/ssh"
+writeShellApplication {
+  name = "bootstrap-machine";

-  # Decrypt your private key from the password store and copy it to the temporary directory
-  rbw get "$machine"_ssh_host_ed25519_key -f notes > "$temp/etc/ssh/ssh_host_ed25519_key"
+  runtimeInputs = [
+    rbw
+    nixos-anywhere
+  ];

-  # Set the correct permissions so sshd will accept the key
-  chmod 600 "$temp/etc/ssh/ssh_host_ed25519_key"
+  text = ''
+    pushd "$(git rev-parse --show-toplevel)"
+    machine=$1
+    ip=$2
+    extra_args=("''${@:3}")
+    # Create a temporary directory
+    temp=$(mktemp -d)
+    # Function to cleanup temporary directory on exit
+    cleanup() {
+      rm -rf "$temp"
+    }
+    trap cleanup EXIT

-  ssh-keygen -f "$temp/etc/ssh/ssh_host_ed25519_key" -y > "$temp/etc/ssh/ssh_host_ed25519_key.pub"
+    # Create the directory where sshd expects to find the host keys
+    install -d -m755 "$temp/etc/ssh"

-  chmod 644 "$temp/etc/ssh/ssh_host_ed25519_key.pub"
+    # Decrypt your private key from the password store and copy it to the temporary directory
+    rbw get "$machine"_ssh_host_ed25519_key -f notes > "$temp/etc/ssh/ssh_host_ed25519_key"

-  mkdir -p "$temp/persistent"
+    # Set the correct permissions so sshd will accept the key
+    chmod 600 "$temp/etc/ssh/ssh_host_ed25519_key"

-  cp -r "$temp/etc" "$temp/persistent/etc"
+    ssh-keygen -f "$temp/etc/ssh/ssh_host_ed25519_key" -y > "$temp/etc/ssh/ssh_host_ed25519_key.pub"

-  nixos-anywhere --extra-files "$temp" --store-paths $(nix-build -A nixosConfigurations.\"$machine\".config.system.build.diskoScript) $(nix-build -A nixosConfigurations.\"$machine\".config.system.build.toplevel) "''${extra_args[@]}" root@"$ip"
-  popd
-''
+    chmod 644 "$temp/etc/ssh/ssh_host_ed25519_key.pub"
+
+    mkdir -p "$temp/persistent"
+
+    cp -r "$temp/etc" "$temp/persistent/etc"
+
+    nixos-anywhere --extra-files "$temp" --store-paths "$(nix-build -A nixosConfigurations.\""$machine"\".config.system.build.diskoScript)" "$(nix-build -A nixosConfigurations.\""$machine"\".config.system.build.toplevel)" "''${extra_args[@]}" root@"$ip"
+    popd
+  '';
+}
--- a/scripts/update-deps.nix
+++ b/scripts/update-deps.nix
@ -0,0 +1,11 @@
+{ writeShellApplication, npins }:
+
+writeShellApplication {
+  name = "update-deps";
+
+  runtimeInputs = [ npins ];
+
+  text = ''
+    npins update -d deps "$@"
+  '';
+}
--- a/shell.nix
+++ b/shell.nix
@ -3,7 +3,8 @@ let
  pkgs = import inputs.unstable { };
  nixos-anywhere = pkgs.callPackage "${inputs.nixos-anywhere}/src/default.nix" { };
  agenix = pkgs.callPackage "${inputs.agenix}/pkgs/agenix.nix" { };
-  bootstrap = import scripts/bootstrap-machine.nix;
+  bootstrap = pkgs.callPackage scripts/bootstrap-machine.nix { inherit nixos-anywhere; };
+  update-deps = pkgs.callPackage scripts/update-deps.nix { };
  pre-commit-hook =
    (import (
      pkgs.applyPatches {
@ -32,9 +33,9 @@ pkgs.mkShell {
  nativeBuildInputs = with pkgs; [
    colmena
    npins
-    nixos-anywhere
    agenix
    bootstrap
+    update-deps
    statix
    rbw
    pinentry