From 22ce3e08c29c7220c371b3db959f2e038330dae6 Mon Sep 17 00:00:00 2001 From: Sam Date: Sat, 20 Jul 2024 14:47:26 +0100 Subject: [PATCH] Fix bootstrap script for new nix-secrets location --- scripts/bootstrap.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh index 20de731..fd458b4 100755 --- a/scripts/bootstrap.sh +++ b/scripts/bootstrap.sh @@ -45,7 +45,7 @@ echo "Creating '$hostname' ssh keys" ssh-keygen -t ed25519 -f "$temp$persist/etc/ssh/ssh_host_ed25519_key" -C root@"$hostname" -N "" # Extract luks key from secrets -luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ../nix-secrets/secrets.yaml") +luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ~/.local/share/src/nix-secrets/secrets.yaml") echo "$luks_secret" > /tmp/luks_secret.key # Generate age key from target host and user public ssh key @@ -54,7 +54,7 @@ HOST_AGE_KEY=$(nix-shell -p ssh-to-age --run "cat $temp$persist/etc/ssh/ssh_host echo -e "Host age key:\n$HOST_AGE_KEY\n" # Update .sops.yaml with new age key: -SOPS_FILE="../nix-secrets/.sops.yaml" +SOPS_FILE="$HOME/.local/share/src/nix-secrets/.sops.yaml" sed -i "{ # Remove any * and & entries for this host /[*&]$hostname/ d; @@ -63,13 +63,14 @@ sed -i "{ /age:/{n; p; s/\(.*- \*\).*/\1$hostname/}; # Inject a new hosts: entry /&hosts:/{n; p; s/\(.*- &\).*/\1$hostname $HOST_AGE_KEY/} -}" $SOPS_FILE +}" "$SOPS_FILE" # Commit and push changes to sops file just update-sops-secrets && just update-flake-secrets && just update-flake # Copy current nix config over to target -cp -prv . "$temp$persist/etc/nixos" +echo "copying current nix config to host" +cp -pr . "$temp$persist/etc/nixos" # Install Nixos to target SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.3.0 -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519"