SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 14:01:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: SebastianStork:1170bbf857072c3124286114e558eba13b517c4b
Branches Tags
SebastianStork:main
SebastianStork:develop
..
compare: SebastianStork:e3479f2070021d9a4c6be604efd4273669e24bbe
Branches Tags
SebastianStork:main
SebastianStork:develop

2 commits
1170bbf857 ... e3479f2070

Author SHA1 Message Date
SebastianStork
e3479f2070
install-anywhere: Work in completely temporary directory 2025-12-25 21:43:20 +01:00
SebastianStork
2182e06bb6
install-anywhere: Fix by writing age key to new age.pub file 2025-12-25 21:28:11 +01:00
1 changed files with 17 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

35
flake-parts/install-anywhere.nix
View file

@ -19,7 +19,7 @@ _: {
host="$1" host="$1"
destination="$2" destination="$2"
root="/tmp/anywhere/$host" root="$(mktemp --directory)"
impermanence="$(nix eval ".#nixosConfigurations.$host.config.custom.persistence.enable")" impermanence="$(nix eval ".#nixosConfigurations.$host.config.custom.persistence.enable")"
if [ "$impermanence" = true ]; then if [ "$impermanence" = true ]; then
@ -28,31 +28,30 @@ _: {
ssh_dir="$root/etc/ssh" ssh_dir="$root/etc/ssh"
fi fi
if [ ! -f "$ssh_dir/ssh_host_ed25519_key" ]; then echo "==> Generating new SSH host keys..."
echo "==> Generating new SSH host keys..." mkdir --parents "$ssh_dir"
mkdir --parents "$ssh_dir" ssh-keygen -C "root@$host" -f "$ssh_dir/ssh_host_ed25519_key" -N "" -q
ssh-keygen -C "root@$host" -f "$ssh_dir/ssh_host_ed25519_key" -N "" -q
echo "==> Replacing old age key with new age key..." echo "==> Replacing old age key with new age key..."
new_age_key="$(ssh-to-age -i "$ssh_dir/ssh_host_ed25519_key.pub")" new_age_key="$(ssh-to-age -i "$ssh_dir/ssh_host_ed25519_key.pub")"
sed -i -E "s|(agePublicKey\s*=\s*\")[^\"]*(\";)|\1$new_age_key\2|" "hosts/$host/default.nix" echo "$new_age_key" > "hosts/$host/keys/age.pub"
echo "==> Updating SOPS secrets..." echo "==> Updating SOPS secrets..."
if BW_SESSION="$(bw unlock --raw || bw login --raw)"; then BW_SESSION="$(bw unlock --raw || bw login --raw)"
export BW_SESSION export BW_SESSION
fi SOPS_AGE_KEY="$(bw get notes 'admin age-key')"
SOPS_AGE_KEY="$(bw get notes 'admin age-key')" export SOPS_AGE_KEY
export SOPS_AGE_KEY SOPS_CONFIG="$(nix build .#sops-config --print-out-paths)"
SOPS_CONFIG="$(nix build .#sops-config --print-out-paths)" export SOPS_CONFIG
export SOPS_CONFIG sops updatekeys --yes "hosts/$host/secrets.json"
sops updatekeys --yes "hosts/$host/secrets.json"
fi
echo "==> Installing system..." echo "==> Installing system..."
nix run github:nix-community/nixos-anywhere -- \ nix run github:nix-community/nixos-anywhere -- \
--extra-files "$root" \ --extra-files "$root" \
--flake ".#$host" \ --flake ".#$host" \
--target-host "$destination" --target-host "$destination"
rm -rf "$root"
''; '';
}; };
}; };