mirror of
https://github.com/JulienMalka/snowfield.git
synced 2025-03-25 21:30:52 +01:00
48 lines
1.3 KiB
Nix
48 lines
1.3 KiB
Nix
{
|
|
writeShellApplication,
|
|
rbw,
|
|
nixos-anywhere,
|
|
}:
|
|
|
|
writeShellApplication {
|
|
name = "bootstrap-machine";
|
|
|
|
runtimeInputs = [
|
|
rbw
|
|
nixos-anywhere
|
|
];
|
|
|
|
text = ''
|
|
pushd "$(git rev-parse --show-toplevel)"
|
|
machine=$1
|
|
ip=$2
|
|
extra_args=("''${@:3}")
|
|
# Create a temporary directory
|
|
temp=$(mktemp -d)
|
|
# Function to cleanup temporary directory on exit
|
|
cleanup() {
|
|
rm -rf "$temp"
|
|
}
|
|
trap cleanup EXIT
|
|
|
|
# Create the directory where sshd expects to find the host keys
|
|
install -d -m755 "$temp/etc/ssh"
|
|
|
|
# Decrypt your private key from the password store and copy it to the temporary directory
|
|
rbw get "$machine"_ssh_host_ed25519_key -f notes > "$temp/etc/ssh/ssh_host_ed25519_key"
|
|
|
|
# Set the correct permissions so sshd will accept the key
|
|
chmod 600 "$temp/etc/ssh/ssh_host_ed25519_key"
|
|
|
|
ssh-keygen -f "$temp/etc/ssh/ssh_host_ed25519_key" -y > "$temp/etc/ssh/ssh_host_ed25519_key.pub"
|
|
|
|
chmod 644 "$temp/etc/ssh/ssh_host_ed25519_key.pub"
|
|
|
|
mkdir -p "$temp/persistent"
|
|
|
|
cp -r "$temp/etc" "$temp/persistent/etc"
|
|
|
|
nixos-anywhere --extra-files "$temp" --store-paths "$(nix-build -A nixosConfigurations.\""$machine"\".config.system.build.diskoScript)" "$(nix-build -A nixosConfigurations.\""$machine"\".config.system.build.toplevel)" "''${extra_args[@]}" root@"$ip"
|
|
popd
|
|
'';
|
|
}
|