finalise bootstrap & fix home-manager
This commit is contained in:
parent
e432cbe473
commit
dd837fb296
15
flake.lock
15
flake.lock
|
@ -27,15 +27,16 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1715486357,
|
"lastModified": 1715381426,
|
||||||
"narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=",
|
"narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1",
|
"rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
|
"ref": "release-23.11",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -43,11 +44,11 @@
|
||||||
"nix-secrets": {
|
"nix-secrets": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1715721657,
|
"lastModified": 1715783829,
|
||||||
"narHash": "sha256-QZg1Oyfn9DOOQ7Znryvtc0Qe3TOEF3fEeDZtDwTMul4=",
|
"narHash": "sha256-aNuuTd4nXt9SxYLgJSgBxuvIBmAyh5+2IT2iLepZKds=",
|
||||||
"ref": "refs/heads/master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "1c2eac9c8be044e897b80ea2ff7a5184e20aa7ee",
|
"rev": "450e494f36a74c0786d1cb01db46731b01b713dc",
|
||||||
"revCount": 4,
|
"revCount": 5,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
|
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
|
||||||
},
|
},
|
||||||
|
|
|
@ -10,8 +10,10 @@
|
||||||
# Also see the 'unstable-packages' overlay at 'overlays/default.nix'.
|
# Also see the 'unstable-packages' overlay at 'overlays/default.nix'.
|
||||||
|
|
||||||
# Home manager
|
# Home manager
|
||||||
home-manager.url = "github:nix-community/home-manager";
|
home-manager = {
|
||||||
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
url = "github:nix-community/home-manager/release-23.11";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
|
||||||
# Declarative partitioning and formatting
|
# Declarative partitioning and formatting
|
||||||
disko = {
|
disko = {
|
||||||
|
|
|
@ -18,6 +18,9 @@ in
|
||||||
];
|
];
|
||||||
|
|
||||||
};
|
};
|
||||||
|
home-manager.users.sam = import ("../../../../home/${config.networking.hostName}.nix");
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
programs.zsh.enable = true;
|
programs.zsh.enable = true;
|
||||||
|
|
||||||
|
|
|
@ -34,12 +34,14 @@
|
||||||
boot.loader.grub.enable = true;
|
boot.loader.grub.enable = true;
|
||||||
boot.loader.grub.device = "/dev/vda";
|
boot.loader.grub.device = "/dev/vda";
|
||||||
|
|
||||||
networking.networkmanager.enable = true;
|
networking = {
|
||||||
|
hostName = "nixdev";
|
||||||
|
networkmanager.enable = true;
|
||||||
|
enableIPv6 = false;
|
||||||
|
};
|
||||||
|
|
||||||
time.timeZone = "Europe/London";
|
time.timeZone = "Europe/London";
|
||||||
|
|
||||||
networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
|
||||||
|
|
||||||
i18n.defaultLocale = "en_GB.UTF-8";
|
i18n.defaultLocale = "en_GB.UTF-8";
|
||||||
console = {
|
console = {
|
||||||
font = "Lat2-Terminus16";
|
font = "Lat2-Terminus16";
|
||||||
|
|
|
@ -19,7 +19,7 @@ read -p "Enter ip address: " ip
|
||||||
|
|
||||||
KEY_DIR="$HOME/keys/$hostname/"
|
KEY_DIR="$HOME/keys/$hostname/"
|
||||||
mkdir -p $KEY_DIR
|
mkdir -p $KEY_DIR
|
||||||
ssh-copy-id -i "$(readlink -n "$HOME/.ssh/openssh_key.pub" )" "root@$ip"
|
ssh-copy-id -i "$(readlink -n "$HOME/.ssh/gitea.pub" )" "root@$ip"
|
||||||
|
|
||||||
echo "Creating ssh keys for new host. Will create in current directory: "$KEY_DIR
|
echo "Creating ssh keys for new host. Will create in current directory: "$KEY_DIR
|
||||||
KEY_NAME="ssh_ed25519_key_$hostname"
|
KEY_NAME="ssh_ed25519_key_$hostname"
|
||||||
|
@ -58,18 +58,33 @@ SHELL=/bin/sh nix run github:nix-community/nixos-anywhere -- --flake .#bootstrap
|
||||||
echo "Deleting host from known_hosts"
|
echo "Deleting host from known_hosts"
|
||||||
sed -i "/$ip/d" ~/.ssh/known_hosts
|
sed -i "/$ip/d" ~/.ssh/known_hosts
|
||||||
|
|
||||||
ssh-copy-id -i "$HOME/.ssh/openssh_key.pub" "$username@$ip"
|
while true;
|
||||||
|
do
|
||||||
|
read -p "Confirm live CD has been removed... (yes|no)" confirm
|
||||||
|
[ "$confirm" = "yes" ] && break
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "Waiting for $ip to come back online and port 22 to be open..."
|
||||||
|
|
||||||
|
while ! ping -c 1 $ip &> /dev/null || ! nc -zvw3 $ip 22 &> /dev/null
|
||||||
|
do
|
||||||
|
echo "$ip is still offline or port 22 is not open. Checking again in 5 seconds..."
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "$ip is now online and port 22 is open!"
|
||||||
|
|
||||||
echo "Configuring ssh keys on target host to enable connection to gitea:"
|
echo "Configuring ssh keys on target host to enable connection to gitea:"
|
||||||
|
ssh-copy-id -i "$HOME/.ssh/gitea.pub" "$username@$ip"
|
||||||
read -r -d '' config << EOM
|
read -r -d '' config << EOM
|
||||||
Host git.bitlab21.com
|
Host git.bitlab21.com
|
||||||
IdentitiesOnly yes
|
IdentitiesOnly yes
|
||||||
|
StrictHostKeyChecking no
|
||||||
IdentityFile ~/.ssh/gitea
|
IdentityFile ~/.ssh/gitea
|
||||||
EOM
|
EOM
|
||||||
|
|
||||||
# Append the string to file on target machine
|
# Append the string to file on target machine
|
||||||
echo "$config" | ssh "$username@$ip" 'cat > .ssh/config'
|
echo "$config" | ssh "$username@$ip" 'mkdir -p ~/.ssh/ && cat > ~/.ssh/config'
|
||||||
|
|
||||||
echo -e "
|
echo -e "
|
||||||
Complete!
|
Complete!
|
||||||
|
@ -96,16 +111,15 @@ the new host.
|
||||||
|
|
||||||
while true;
|
while true;
|
||||||
do
|
do
|
||||||
read -p "Confirm keys have been added to .sops.yaml using the above steps...(yes|no): " confirm
|
read -p "Confirm keys have been added to .sops.yaml using the above steps, and the changes (if any) have been commited and pushed...(yes|no): " confirm
|
||||||
[ "$confirm" = "yes" ] && break
|
[ "$confirm" = "yes" ] && break
|
||||||
done
|
done
|
||||||
|
|
||||||
echo "Copying gitea private ssh key to host"
|
echo "Copying gitea private ssh key to host"
|
||||||
echo "New password is 'nixos'"
|
echo "New password is 'nixos'"
|
||||||
|
|
||||||
ssh "$username@$ip" "mkdir /home/$username/.ssh"
|
rsync -av "$(readlink -n "$HOME/.ssh/gitea" )" "$username@$ip":~/.ssh/gitea
|
||||||
rsync -av "$(readlink -n "$HOME/.ssh/openssh_key" )" "$username@$ip":~/.ssh/gitea
|
ssh "$username@$ip" "nix-shell -p git --run 'git clone git@git.bitlab21.com:sam/nixos.git'"
|
||||||
ssh "$username@$ip" "nix-shell -p git --run \"GIT_SSH_COMMAND='ssh -i ~/.ssh/gitea -o IdentitiesOnly=yes' git clone git@git.bitlab21.com:sam/nixos.git\""
|
ssh "$username@$ip" "nix-shell -p git --run 'git clone git@git.bitlab21.com:sam/nix-secrets.git'"
|
||||||
ssh "$username@$ip" "nix-shell -p git --run \"GIT_SSH_COMMAND='ssh -i ~/.ssh/gitea -o IdentitiesOnly=yes' git clone git@git.bitlab21.com:sam/nix-secrets.git\""
|
|
||||||
|
|
||||||
echo "Successfully installed Nixos on the target host!"
|
echo "Successfully installed Nixos on the target host!"
|
||||||
|
|
Loading…
Reference in New Issue