Fix bootstrap script for new nix-secrets location

This commit is contained in:
Sam 2024-07-20 14:47:26 +01:00
parent 5147d02fa9
commit 22ce3e08c2
1 changed files with 5 additions and 4 deletions

View File

@ -45,7 +45,7 @@ echo "Creating '$hostname' ssh keys"
ssh-keygen -t ed25519 -f "$temp$persist/etc/ssh/ssh_host_ed25519_key" -C root@"$hostname" -N "" ssh-keygen -t ed25519 -f "$temp$persist/etc/ssh/ssh_host_ed25519_key" -C root@"$hostname" -N ""
# Extract luks key from secrets # Extract luks key from secrets
luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ../nix-secrets/secrets.yaml") luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ~/.local/share/src/nix-secrets/secrets.yaml")
echo "$luks_secret" > /tmp/luks_secret.key echo "$luks_secret" > /tmp/luks_secret.key
# Generate age key from target host and user public ssh key # Generate age key from target host and user public ssh key
@ -54,7 +54,7 @@ HOST_AGE_KEY=$(nix-shell -p ssh-to-age --run "cat $temp$persist/etc/ssh/ssh_host
echo -e "Host age key:\n$HOST_AGE_KEY\n" echo -e "Host age key:\n$HOST_AGE_KEY\n"
# Update .sops.yaml with new age key: # Update .sops.yaml with new age key:
SOPS_FILE="../nix-secrets/.sops.yaml" SOPS_FILE="$HOME/.local/share/src/nix-secrets/.sops.yaml"
sed -i "{ sed -i "{
# Remove any * and & entries for this host # Remove any * and & entries for this host
/[*&]$hostname/ d; /[*&]$hostname/ d;
@ -63,13 +63,14 @@ sed -i "{
/age:/{n; p; s/\(.*- \*\).*/\1$hostname/}; /age:/{n; p; s/\(.*- \*\).*/\1$hostname/};
# Inject a new hosts: entry # Inject a new hosts: entry
/&hosts:/{n; p; s/\(.*- &\).*/\1$hostname $HOST_AGE_KEY/} /&hosts:/{n; p; s/\(.*- &\).*/\1$hostname $HOST_AGE_KEY/}
}" $SOPS_FILE }" "$SOPS_FILE"
# Commit and push changes to sops file # Commit and push changes to sops file
just update-sops-secrets && just update-flake-secrets && just update-flake just update-sops-secrets && just update-flake-secrets && just update-flake
# Copy current nix config over to target # Copy current nix config over to target
cp -prv . "$temp$persist/etc/nixos" echo "copying current nix config to host"
cp -pr . "$temp$persist/etc/nixos"
# Install Nixos to target # Install Nixos to target
SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.3.0 -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519" SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.3.0 -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519"