Fix bootstrap script for new nix-secrets location
This commit is contained in:
parent
5147d02fa9
commit
22ce3e08c2
|
@ -45,7 +45,7 @@ echo "Creating '$hostname' ssh keys"
|
|||
ssh-keygen -t ed25519 -f "$temp$persist/etc/ssh/ssh_host_ed25519_key" -C root@"$hostname" -N ""
|
||||
|
||||
# Extract luks key from secrets
|
||||
luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ../nix-secrets/secrets.yaml")
|
||||
luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ~/.local/share/src/nix-secrets/secrets.yaml")
|
||||
echo "$luks_secret" > /tmp/luks_secret.key
|
||||
|
||||
# Generate age key from target host and user public ssh key
|
||||
|
@ -54,7 +54,7 @@ HOST_AGE_KEY=$(nix-shell -p ssh-to-age --run "cat $temp$persist/etc/ssh/ssh_host
|
|||
echo -e "Host age key:\n$HOST_AGE_KEY\n"
|
||||
|
||||
# Update .sops.yaml with new age key:
|
||||
SOPS_FILE="../nix-secrets/.sops.yaml"
|
||||
SOPS_FILE="$HOME/.local/share/src/nix-secrets/.sops.yaml"
|
||||
sed -i "{
|
||||
# Remove any * and & entries for this host
|
||||
/[*&]$hostname/ d;
|
||||
|
@ -63,13 +63,14 @@ sed -i "{
|
|||
/age:/{n; p; s/\(.*- \*\).*/\1$hostname/};
|
||||
# Inject a new hosts: entry
|
||||
/&hosts:/{n; p; s/\(.*- &\).*/\1$hostname $HOST_AGE_KEY/}
|
||||
}" $SOPS_FILE
|
||||
}" "$SOPS_FILE"
|
||||
|
||||
# Commit and push changes to sops file
|
||||
just update-sops-secrets && just update-flake-secrets && just update-flake
|
||||
|
||||
# Copy current nix config over to target
|
||||
cp -prv . "$temp$persist/etc/nixos"
|
||||
echo "copying current nix config to host"
|
||||
cp -pr . "$temp$persist/etc/nixos"
|
||||
|
||||
# Install Nixos to target
|
||||
SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.3.0 -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519"
|
||||
|
|
Loading…
Reference in New Issue