minimal bootstrap install

This commit is contained in:
Sam 2024-05-22 23:38:48 +01:00
parent 0b58cf8c4d
commit 8679f14566
2 changed files with 45 additions and 10 deletions

View File

@ -7,11 +7,11 @@
]
},
"locked": {
"lastModified": 1716383025,
"narHash": "sha256-kYfXAqbmbL0bu3J/AoiSkWVOCNlpJEemxivbTUaS+fU=",
"lastModified": 1716394172,
"narHash": "sha256-B+pNhV8GFeCj9/MoH+qtGqKbgv6fU4hGaw2+NoYYtB0=",
"owner": "nix-community",
"repo": "disko",
"rev": "d957a010f83923626609d00cf73ed1b81f5a8a4b",
"rev": "23c63fb09334c3e8958b57e2ddc3870b75b9111d",
"type": "github"
},
"original": {
@ -58,11 +58,11 @@
"nix-secrets": {
"flake": false,
"locked": {
"lastModified": 1716384287,
"narHash": "sha256-d29bda7PZxvxkkA505pea74AiuBlMEjZvrKnHog8bio=",
"lastModified": 1716409441,
"narHash": "sha256-9H4tYbE2JAB+2+zc+ZfjKgaFa/dVsg80Bn1pv7lsw14=",
"ref": "refs/heads/master",
"rev": "960f344fa38bcfcd439d885aa503bf54e8599bc0",
"revCount": 23,
"rev": "87aeda54c8ce2f34e22585c158021636801c8c1f",
"revCount": 24,
"type": "git",
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
},
@ -134,11 +134,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1716244104,
"narHash": "sha256-XXbqfkyWe0d0O+zqRQWi2oXi6wYDmTzXedFkBRwx1VI=",
"lastModified": 1716400300,
"narHash": "sha256-0lMkIk9h3AzOHs1dCL9RXvvN4PM8VBKb+cyGsqOKa4c=",
"owner": "mic92",
"repo": "sops-nix",
"rev": "fddd52460e3332eedd8a0043af5675338a5b3e0b",
"rev": "b549832718b8946e875c016a4785d204fcfc2e53",
"type": "github"
},
"original": {

35
scripts/generate_age_keys.sh Executable file
View File

@ -0,0 +1,35 @@
#!/usr/bin/env bash
echo "Generating an age key based on the new ssh_host_ed25519_key."
target_key=$(ssh-keyscan -p $ssh_port -t ssh-ed25519 "$target_destination" 2>&1 | grep ssh-ed25519 | cut -f2- -d" ")
age_key=$(nix shell nixpkgs#ssh-to-age.out -c sh -c "echo $target_key | ssh-to-age")
if grep -qv '^age1' <<<"$age_key"; then
echo "The result from generated age key does not match the expected format."
echo "Result: $age_key"
echo "Expected format: age10000000000000000000000000000000000000000000000000000000000"
exit 1
else
echo "$age_key"
fi
echo "Updating nix-secrets/.sops.yaml"
cd ../nix-secrets
SOPS_FILE=".sops.yaml"
sed -i "{
# Remove any * and & entries for this host
/[*&]$target_hostname/ d;
# Inject a new age: entry
# n matches the first line following age: and p prints it, then we transform it while reusing the spacing
/age:/{n; p; s/\(.*- \*\).*/\1$target_hostname/};
# Inject a new hosts: entry
/&hosts:/{n; p; s/\(.*- &\).*/\1$target_hostname $age_key/}
}" $SOPS_FILE
echo "Updating nix-secrets/.sops.yaml"
cd -
just rekey
echo "Updating flake lock on source machine with new .sops.yaml info"
nix flake lock --update-input nix-secrets