finalise bootstrap & fix home-manager

2024-05-15 19:44:13 +01:00 · 2024-05-15 19:44:13 +01:00 · dd837fb296
parent e432cbe473
commit dd837fb296
5 changed files with 43 additions and 21 deletions
--- a/flake.lock
+++ b/flake.lock
@ -27,15 +27,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1715486357,
-        "narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=",
+        "lastModified": 1715381426,
+        "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1",
+        "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
+        "ref": "release-23.11",
        "repo": "home-manager",
        "type": "github"
      }
@ -43,11 +44,11 @@
    "nix-secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1715721657,
-        "narHash": "sha256-QZg1Oyfn9DOOQ7Znryvtc0Qe3TOEF3fEeDZtDwTMul4=",
+        "lastModified": 1715783829,
+        "narHash": "sha256-aNuuTd4nXt9SxYLgJSgBxuvIBmAyh5+2IT2iLepZKds=",
        "ref": "refs/heads/master",
-        "rev": "1c2eac9c8be044e897b80ea2ff7a5184e20aa7ee",
-        "revCount": 4,
+        "rev": "450e494f36a74c0786d1cb01db46731b01b713dc",
+        "revCount": 5,
        "type": "git",
        "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
      },
--- a/flake.nix
+++ b/flake.nix
@ -10,8 +10,10 @@
    # Also see the 'unstable-packages' overlay at 'overlays/default.nix'.

    # Home manager
-    home-manager.url = "github:nix-community/home-manager";
-    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+   home-manager = {
+      url = "github:nix-community/home-manager/release-23.11";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };

    # Declarative partitioning and formatting
    disko = {
--- a/hosts/common/users/sam/default.nix
+++ b/hosts/common/users/sam/default.nix
@ -18,6 +18,9 @@ in
    ];

  };
+  home-manager.users.sam = import ("../../../../home/${config.networking.hostName}.nix");
+
+

  programs.zsh.enable = true;

--- a/hosts/nixdev/default.nix
+++ b/hosts/nixdev/default.nix
@ -34,12 +34,14 @@
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/vda"; 

-  networking.networkmanager.enable = true;  
+  networking = {
+    hostName = "nixdev";
+    networkmanager.enable = true;
+    enableIPv6 = false;
+  };

  time.timeZone = "Europe/London";

-  networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
  i18n.defaultLocale = "en_GB.UTF-8";
  console = {
    font = "Lat2-Terminus16";
--- a/scripts/bootstrap.sh
+++ b/scripts/bootstrap.sh
@ -19,7 +19,7 @@ read -p "Enter ip address: " ip

 KEY_DIR="$HOME/keys/$hostname/"
 mkdir -p $KEY_DIR
-ssh-copy-id -i "$(readlink -n "$HOME/.ssh/openssh_key.pub" )" "root@$ip"
+ssh-copy-id -i "$(readlink -n "$HOME/.ssh/gitea.pub" )" "root@$ip"

 echo "Creating ssh keys for new host. Will create in current directory: "$KEY_DIR
 KEY_NAME="ssh_ed25519_key_$hostname"
@ -58,18 +58,33 @@ SHELL=/bin/sh nix run github:nix-community/nixos-anywhere -- --flake .#bootstrap
 echo "Deleting host from known_hosts"
 sed -i "/$ip/d" ~/.ssh/known_hosts

-ssh-copy-id -i "$HOME/.ssh/openssh_key.pub" "$username@$ip"
+while true;
+do
+  read -p "Confirm live CD has been removed... (yes|no)" confirm
+  [ "$confirm" = "yes" ] && break
+done
+
+echo "Waiting for $ip to come back online and port 22 to be open..."
+
+while ! ping -c 1 $ip &> /dev/null || ! nc -zvw3 $ip 22 &> /dev/null
+do
+    echo "$ip is still offline or port 22 is not open. Checking again in 5 seconds..."
+    sleep 5
+done
+
+echo "$ip is now online and port 22 is open!"

 echo "Configuring ssh keys on target host to enable connection to gitea:"
-
+ssh-copy-id -i "$HOME/.ssh/gitea.pub" "$username@$ip"
 read -r -d '' config << EOM
 Host git.bitlab21.com
    IdentitiesOnly yes
+    StrictHostKeyChecking no
    IdentityFile ~/.ssh/gitea
 EOM

 # Append the string to file on target machine
-echo "$config" | ssh "$username@$ip" 'cat > .ssh/config'
+echo "$config" | ssh "$username@$ip" 'mkdir -p ~/.ssh/ && cat > ~/.ssh/config'

 echo -e "
 Complete!
@ -96,16 +111,15 @@ the new host.

 while true;
 do
-  read -p "Confirm keys have been added to .sops.yaml using the above steps...(yes|no): " confirm
+  read -p "Confirm keys have been added to .sops.yaml using the above steps, and the changes (if any) have been commited and pushed...(yes|no): " confirm
  [ "$confirm" = "yes" ] && break
 done

 echo "Copying gitea private ssh key to host"
 echo "New password is 'nixos'"

-ssh "$username@$ip" "mkdir /home/$username/.ssh"
-rsync -av "$(readlink -n "$HOME/.ssh/openssh_key" )" "$username@$ip":~/.ssh/gitea
-ssh "$username@$ip" "nix-shell -p git --run \"GIT_SSH_COMMAND='ssh -i ~/.ssh/gitea -o IdentitiesOnly=yes' git clone git@git.bitlab21.com:sam/nixos.git\""
-ssh "$username@$ip" "nix-shell -p git --run \"GIT_SSH_COMMAND='ssh -i ~/.ssh/gitea -o IdentitiesOnly=yes' git clone git@git.bitlab21.com:sam/nix-secrets.git\""
+rsync -av "$(readlink -n "$HOME/.ssh/gitea" )" "$username@$ip":~/.ssh/gitea
+ssh "$username@$ip" "nix-shell -p git --run 'git clone git@git.bitlab21.com:sam/nixos.git'"
+ssh "$username@$ip" "nix-shell -p git --run 'git clone git@git.bitlab21.com:sam/nix-secrets.git'"

 echo "Successfully installed Nixos on the target host!"