Fix bootstrap script for new nix-secrets location
This commit is contained in:
parent
5147d02fa9
commit
22ce3e08c2
|
@ -45,7 +45,7 @@ echo "Creating '$hostname' ssh keys"
|
||||||
ssh-keygen -t ed25519 -f "$temp$persist/etc/ssh/ssh_host_ed25519_key" -C root@"$hostname" -N ""
|
ssh-keygen -t ed25519 -f "$temp$persist/etc/ssh/ssh_host_ed25519_key" -C root@"$hostname" -N ""
|
||||||
|
|
||||||
# Extract luks key from secrets
|
# Extract luks key from secrets
|
||||||
luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ../nix-secrets/secrets.yaml")
|
luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ~/.local/share/src/nix-secrets/secrets.yaml")
|
||||||
echo "$luks_secret" > /tmp/luks_secret.key
|
echo "$luks_secret" > /tmp/luks_secret.key
|
||||||
|
|
||||||
# Generate age key from target host and user public ssh key
|
# Generate age key from target host and user public ssh key
|
||||||
|
@ -54,7 +54,7 @@ HOST_AGE_KEY=$(nix-shell -p ssh-to-age --run "cat $temp$persist/etc/ssh/ssh_host
|
||||||
echo -e "Host age key:\n$HOST_AGE_KEY\n"
|
echo -e "Host age key:\n$HOST_AGE_KEY\n"
|
||||||
|
|
||||||
# Update .sops.yaml with new age key:
|
# Update .sops.yaml with new age key:
|
||||||
SOPS_FILE="../nix-secrets/.sops.yaml"
|
SOPS_FILE="$HOME/.local/share/src/nix-secrets/.sops.yaml"
|
||||||
sed -i "{
|
sed -i "{
|
||||||
# Remove any * and & entries for this host
|
# Remove any * and & entries for this host
|
||||||
/[*&]$hostname/ d;
|
/[*&]$hostname/ d;
|
||||||
|
@ -63,13 +63,14 @@ sed -i "{
|
||||||
/age:/{n; p; s/\(.*- \*\).*/\1$hostname/};
|
/age:/{n; p; s/\(.*- \*\).*/\1$hostname/};
|
||||||
# Inject a new hosts: entry
|
# Inject a new hosts: entry
|
||||||
/&hosts:/{n; p; s/\(.*- &\).*/\1$hostname $HOST_AGE_KEY/}
|
/&hosts:/{n; p; s/\(.*- &\).*/\1$hostname $HOST_AGE_KEY/}
|
||||||
}" $SOPS_FILE
|
}" "$SOPS_FILE"
|
||||||
|
|
||||||
# Commit and push changes to sops file
|
# Commit and push changes to sops file
|
||||||
just update-sops-secrets && just update-flake-secrets && just update-flake
|
just update-sops-secrets && just update-flake-secrets && just update-flake
|
||||||
|
|
||||||
# Copy current nix config over to target
|
# Copy current nix config over to target
|
||||||
cp -prv . "$temp$persist/etc/nixos"
|
echo "copying current nix config to host"
|
||||||
|
cp -pr . "$temp$persist/etc/nixos"
|
||||||
|
|
||||||
# Install Nixos to target
|
# Install Nixos to target
|
||||||
SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.3.0 -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519"
|
SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.3.0 -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519"
|
||||||
|
|
Loading…
Reference in New Issue