diff --git a/flake.lock b/flake.lock index 3d98107..fffdecd 100644 --- a/flake.lock +++ b/flake.lock @@ -27,15 +27,16 @@ ] }, "locked": { - "lastModified": 1715486357, - "narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=", + "lastModified": 1715381426, + "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=", "owner": "nix-community", "repo": "home-manager", - "rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1", + "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4", "type": "github" }, "original": { "owner": "nix-community", + "ref": "release-23.11", "repo": "home-manager", "type": "github" } @@ -43,11 +44,11 @@ "nix-secrets": { "flake": false, "locked": { - "lastModified": 1715721657, - "narHash": "sha256-QZg1Oyfn9DOOQ7Znryvtc0Qe3TOEF3fEeDZtDwTMul4=", + "lastModified": 1715783829, + "narHash": "sha256-aNuuTd4nXt9SxYLgJSgBxuvIBmAyh5+2IT2iLepZKds=", "ref": "refs/heads/master", - "rev": "1c2eac9c8be044e897b80ea2ff7a5184e20aa7ee", - "revCount": 4, + "rev": "450e494f36a74c0786d1cb01db46731b01b713dc", + "revCount": 5, "type": "git", "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" }, diff --git a/flake.nix b/flake.nix index 86f6440..a735418 100644 --- a/flake.nix +++ b/flake.nix @@ -10,8 +10,10 @@ # Also see the 'unstable-packages' overlay at 'overlays/default.nix'. # Home manager - home-manager.url = "github:nix-community/home-manager"; - home-manager.inputs.nixpkgs.follows = "nixpkgs"; + home-manager = { + url = "github:nix-community/home-manager/release-23.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # Declarative partitioning and formatting disko = { diff --git a/hosts/common/users/sam/default.nix b/hosts/common/users/sam/default.nix index fd1941e..908fa28 100644 --- a/hosts/common/users/sam/default.nix +++ b/hosts/common/users/sam/default.nix @@ -18,6 +18,9 @@ in ]; }; + home-manager.users.sam = import ("../../../../home/${config.networking.hostName}.nix"); + + programs.zsh.enable = true; diff --git a/hosts/nixdev/default.nix b/hosts/nixdev/default.nix index 211117a..3373c24 100644 --- a/hosts/nixdev/default.nix +++ b/hosts/nixdev/default.nix @@ -34,12 +34,14 @@ boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/vda"; - networking.networkmanager.enable = true; + networking = { + hostName = "nixdev"; + networkmanager.enable = true; + enableIPv6 = false; + }; time.timeZone = "Europe/London"; - networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - i18n.defaultLocale = "en_GB.UTF-8"; console = { font = "Lat2-Terminus16"; diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh index aed46dd..2df3035 100755 --- a/scripts/bootstrap.sh +++ b/scripts/bootstrap.sh @@ -19,7 +19,7 @@ read -p "Enter ip address: " ip KEY_DIR="$HOME/keys/$hostname/" mkdir -p $KEY_DIR -ssh-copy-id -i "$(readlink -n "$HOME/.ssh/openssh_key.pub" )" "root@$ip" +ssh-copy-id -i "$(readlink -n "$HOME/.ssh/gitea.pub" )" "root@$ip" echo "Creating ssh keys for new host. Will create in current directory: "$KEY_DIR KEY_NAME="ssh_ed25519_key_$hostname" @@ -58,18 +58,33 @@ SHELL=/bin/sh nix run github:nix-community/nixos-anywhere -- --flake .#bootstrap echo "Deleting host from known_hosts" sed -i "/$ip/d" ~/.ssh/known_hosts -ssh-copy-id -i "$HOME/.ssh/openssh_key.pub" "$username@$ip" +while true; +do + read -p "Confirm live CD has been removed... (yes|no)" confirm + [ "$confirm" = "yes" ] && break +done + +echo "Waiting for $ip to come back online and port 22 to be open..." + +while ! ping -c 1 $ip &> /dev/null || ! nc -zvw3 $ip 22 &> /dev/null +do + echo "$ip is still offline or port 22 is not open. Checking again in 5 seconds..." + sleep 5 +done + +echo "$ip is now online and port 22 is open!" echo "Configuring ssh keys on target host to enable connection to gitea:" - +ssh-copy-id -i "$HOME/.ssh/gitea.pub" "$username@$ip" read -r -d '' config << EOM Host git.bitlab21.com IdentitiesOnly yes + StrictHostKeyChecking no IdentityFile ~/.ssh/gitea EOM # Append the string to file on target machine -echo "$config" | ssh "$username@$ip" 'cat > .ssh/config' +echo "$config" | ssh "$username@$ip" 'mkdir -p ~/.ssh/ && cat > ~/.ssh/config' echo -e " Complete! @@ -96,16 +111,15 @@ the new host. while true; do - read -p "Confirm keys have been added to .sops.yaml using the above steps...(yes|no): " confirm + read -p "Confirm keys have been added to .sops.yaml using the above steps, and the changes (if any) have been commited and pushed...(yes|no): " confirm [ "$confirm" = "yes" ] && break done echo "Copying gitea private ssh key to host" echo "New password is 'nixos'" -ssh "$username@$ip" "mkdir /home/$username/.ssh" -rsync -av "$(readlink -n "$HOME/.ssh/openssh_key" )" "$username@$ip":~/.ssh/gitea -ssh "$username@$ip" "nix-shell -p git --run \"GIT_SSH_COMMAND='ssh -i ~/.ssh/gitea -o IdentitiesOnly=yes' git clone git@git.bitlab21.com:sam/nixos.git\"" -ssh "$username@$ip" "nix-shell -p git --run \"GIT_SSH_COMMAND='ssh -i ~/.ssh/gitea -o IdentitiesOnly=yes' git clone git@git.bitlab21.com:sam/nix-secrets.git\"" +rsync -av "$(readlink -n "$HOME/.ssh/gitea" )" "$username@$ip":~/.ssh/gitea +ssh "$username@$ip" "nix-shell -p git --run 'git clone git@git.bitlab21.com:sam/nixos.git'" +ssh "$username@$ip" "nix-shell -p git --run 'git clone git@git.bitlab21.com:sam/nix-secrets.git'" echo "Successfully installed Nixos on the target host!"