minimal bootstrap install
This commit is contained in:
parent
0b58cf8c4d
commit
8679f14566
20
flake.lock
20
flake.lock
|
|
@ -7,11 +7,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1716383025,
|
||||
"narHash": "sha256-kYfXAqbmbL0bu3J/AoiSkWVOCNlpJEemxivbTUaS+fU=",
|
||||
"lastModified": 1716394172,
|
||||
"narHash": "sha256-B+pNhV8GFeCj9/MoH+qtGqKbgv6fU4hGaw2+NoYYtB0=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "d957a010f83923626609d00cf73ed1b81f5a8a4b",
|
||||
"rev": "23c63fb09334c3e8958b57e2ddc3870b75b9111d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -58,11 +58,11 @@
|
|||
"nix-secrets": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1716384287,
|
||||
"narHash": "sha256-d29bda7PZxvxkkA505pea74AiuBlMEjZvrKnHog8bio=",
|
||||
"lastModified": 1716409441,
|
||||
"narHash": "sha256-9H4tYbE2JAB+2+zc+ZfjKgaFa/dVsg80Bn1pv7lsw14=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "960f344fa38bcfcd439d885aa503bf54e8599bc0",
|
||||
"revCount": 23,
|
||||
"rev": "87aeda54c8ce2f34e22585c158021636801c8c1f",
|
||||
"revCount": 24,
|
||||
"type": "git",
|
||||
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
|
||||
},
|
||||
|
|
@ -134,11 +134,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1716244104,
|
||||
"narHash": "sha256-XXbqfkyWe0d0O+zqRQWi2oXi6wYDmTzXedFkBRwx1VI=",
|
||||
"lastModified": 1716400300,
|
||||
"narHash": "sha256-0lMkIk9h3AzOHs1dCL9RXvvN4PM8VBKb+cyGsqOKa4c=",
|
||||
"owner": "mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "fddd52460e3332eedd8a0043af5675338a5b3e0b",
|
||||
"rev": "b549832718b8946e875c016a4785d204fcfc2e53",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,35 @@
|
|||
#!/usr/bin/env bash
|
||||
echo "Generating an age key based on the new ssh_host_ed25519_key."
|
||||
|
||||
target_key=$(ssh-keyscan -p $ssh_port -t ssh-ed25519 "$target_destination" 2>&1 | grep ssh-ed25519 | cut -f2- -d" ")
|
||||
age_key=$(nix shell nixpkgs#ssh-to-age.out -c sh -c "echo $target_key | ssh-to-age")
|
||||
|
||||
if grep -qv '^age1' <<<"$age_key"; then
|
||||
echo "The result from generated age key does not match the expected format."
|
||||
echo "Result: $age_key"
|
||||
echo "Expected format: age10000000000000000000000000000000000000000000000000000000000"
|
||||
exit 1
|
||||
else
|
||||
echo "$age_key"
|
||||
fi
|
||||
|
||||
echo "Updating nix-secrets/.sops.yaml"
|
||||
cd ../nix-secrets
|
||||
|
||||
SOPS_FILE=".sops.yaml"
|
||||
sed -i "{
|
||||
# Remove any * and & entries for this host
|
||||
/[*&]$target_hostname/ d;
|
||||
# Inject a new age: entry
|
||||
# n matches the first line following age: and p prints it, then we transform it while reusing the spacing
|
||||
/age:/{n; p; s/\(.*- \*\).*/\1$target_hostname/};
|
||||
# Inject a new hosts: entry
|
||||
/&hosts:/{n; p; s/\(.*- &\).*/\1$target_hostname $age_key/}
|
||||
}" $SOPS_FILE
|
||||
|
||||
echo "Updating nix-secrets/.sops.yaml"
|
||||
cd -
|
||||
just rekey
|
||||
|
||||
echo "Updating flake lock on source machine with new .sops.yaml info"
|
||||
nix flake lock --update-input nix-secrets
|
||||
Loading…
Reference in New Issue