karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Let's hope WSL is not against company policy

Browse Source 
If you are looking at this, you know who you are

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-08-19 11:55:35 +03:00
parent 2e6cb0a7f4
commit 0029917dfa
25 changed files with 232 additions and 274 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
flake.lock generated
View File

@@ -80,19 +80,17 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"revCount": 69,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-input-patcher": {
@@ -201,7 +199,9 @@
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-compat": [
"flake-compat"
],
"flake-parts": [
"flake-parts"
],
@@ -248,6 +248,30 @@
"url": "https://git.karaolidis.com/karaolidis/nix-lib.git"
}
},
"nixos-wsl": {
"inputs": {
"flake-compat": [
"flake-compat"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1755261305,
"narHash": "sha256-EOqCupB5X5WoGVHVcfOZcqy0SbKWNuY3kq+lj1wHdu8=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "203a7b463f307c60026136dd1191d9001c43457f",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "main",
"repo": "NixOS-WSL",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1755186698,
@@ -371,12 +395,14 @@
"ags": "ags",
"astal": "astal",
"disko": "disko",
"flake-compat": "flake-compat",
"flake-input-patcher": "flake-input-patcher",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"lanzaboote": "lanzaboote",
"lib": "lib",
"nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs",
"nur": "nur",
"nvidia-patch": "nvidia-patch",

11
flake.nix
View File

@@ -21,10 +21,19 @@
url = "github:nix-community/lanzaboote";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-compat.follows = "flake-compat";
flake-parts.follows = "flake-parts";
};
};
nixos-wsl = {
url = "github:nix-community/NixOS-WSL/main";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-compat.follows = "flake-compat";
};
};
# FIXME: https://github.com/NixOS/nix/issues/12281
lib = {
url = "git+https://git.karaolidis.com/karaolidis/nix-lib.git";
@@ -110,6 +119,8 @@
url = "github:numtide/flake-utils";
inputs.systems.follows = "systems";
};
flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz";
};
outputs =

22
hosts/common/configs/system/dnsmasq/default.nix
View File

@@ -1,22 +0,0 @@
{ lib, pkgs, ... }:
{
networking.networkmanager.dns = "dnsmasq";
environment.etc."NetworkManager/dnsmasq.d/10-bind-interfaces.conf".source =
(pkgs.formats.keyValue {
mkKeyValue =
name: value:
if value == true then
name
else if value == false then
""
else
lib.generators.mkKeyValueDefault { } "=" name value;
listsAsDuplicateKeys = true;
}).generate
"10-bind-interfaces.conf"
{
bind-interfaces = true;
listen-address = [ "127.0.0.1" ];
};
}

4
hosts/common/configs/system/gpg-agent/default.nix
View File

@@ -1,4 +0,0 @@
{ ... }:
{
programs.gnupg.agent.enable = true;
}

7
hosts/common/configs/system/libvirt/default.nix
View File

@@ -1,9 +1,4 @@
{
config,
lib,
pkgs,
...
}:
{ config, pkgs, ... }:
{
virtualisation = {
libvirtd = {

10
hosts/elara/README.md
View File

@@ -4,7 +4,11 @@
This host uses private SAS repositories. You can find the imports for these in:
- [./default.nix](./default.nix)
- [./users/nikara/default.nix](./users/nikara/default.nix)
You must build the system once with `sas.build.private = false;`. Then, connect to the SAS VPN, and rebuild the system.
You must build the system once with these imports commented out. Then, connect to the SAS VPN, uncomment them, and rebuild the system.
## Installation Instructions
1. Using a separate Nix system, run `hosts/elara/build-tarball.sh`
2. Copy the generated tarball to the Elara host
3. On the Elara host, run `wsl --import NixOS $env:USERPROFILE\NixOS nixos.wsl --version 2` in PowerShell
4. Optionally, run `wsl --set-default nixos` to make NixOS the default WSL distribution

92
hosts/elara/build-tarball.nix Normal file
View File

@@ -0,0 +1,92 @@
{
config,
pkgs,
lib,
...
}:
# FIXME: https://github.com/nix-community/NixOS-WSL/issues/343
# FIXME: https://github.com/nix-community/NixOS-WSL/issues/612
{
system.build.tarballBuilder = lib.mkForce (
pkgs.writeShellApplication {
name = "nixos-wsl-tarball-builder";
runtimeInputs = [
config.nix.package
pkgs.coreutils
pkgs.e2fsprogs
pkgs.gnutar
pkgs.nixos-install-tools
pkgs.pigz
];
text = ''
if ! [ "$EUID" -eq 0 ]; then
echo "This script must be run as root!"
exit 1
fi
out="nixos-wsl.tar.gz"
extra_files=""
positional=()
while [ $# -gt 0 ]; do
case "$1" in
--extra-files=*)
extra_files="''${1#*=}"
;;
--extra-files)
shift
extra_files="$1"
;;
-*)
echo "Unknown option: $1"
echo "Usage: $0 [--extra-files PATH] [output.tar.gz]"
exit 1
;;
*)
positional+=("$1")
;;
esac
shift
done
if [ ''${#positional[@]} -gt 0 ]; then
out="''${positional[0]}"
fi
root=$(mktemp -p "''${TMPDIR:-/tmp}" -d nixos-wsl-tarball.XXXXXXXXXX)
# FIXME: fails in CI for some reason, but we don't really care because it's CI
trap 'chattr -Rf -i "$root" || true && rm -rf "$root" || true' INT TERM EXIT
if [ -n "$extra_files" ]; then
echo "[NixOS-WSL] Copying extra files to $root..."
cp --verbose --archive --no-target-directory "$extra_files" "$root"
fi
chmod o+rx "$root"
echo "[NixOS-WSL] Installing..."
nixos-install \
--root "$root" \
--no-root-passwd \
--system ${config.system.build.toplevel} \
--substituters ""
echo "[NixOS-WSL] Adding channel..."
nixos-enter --root "$root" --command 'HOME=/root nix-channel --add https://github.com/nix-community/NixOS-WSL/archive/refs/heads/main.tar.gz nixos-wsl'
echo "[NixOS-WSL] Compressing..."
tar -C "$root" \
-c \
--sort=name \
--mtime='@1' \
--owner=0 \
--group=0 \
--numeric-owner \
. \
| pigz > "$out"
'';
}
);
}

21
hosts/elara/build-tarball.sh Executable file
View File

@@ -0,0 +1,21 @@
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
temp=$(mktemp -d)
cleanup() {
rm -rf "$temp"
}
trap cleanup EXIT
install -d -m 755 "$temp/etc/ssh"
cp ./submodules/secrets/hosts/elara/ssh_host_ed25519_key "$temp/etc/ssh/ssh_host_ed25519_key"
install -d -m 700 "$temp/home/nikara"
install -d -m 755 "$temp/home/nikara/.config/sops-nix"
cp ./submodules/secrets/domains/sas/key.txt "$temp/home/nikara/.config/sops-nix/key.txt"
sudo nix run .#nixosConfigurations.elara.config.system.build.tarballBuilder -- --extra-files "$temp"

4
hosts/elara/configs/podman/default.nix Normal file
View File

@@ -0,0 +1,4 @@
{ lib, ... }:
{
virtualisation.containers.storage.settings.storage.driver = lib.mkForce "overlay";
}

33
hosts/elara/default.nix
View File

@@ -1,4 +1,4 @@
{ config, inputs, ... }:
{ inputs, lib, ... }:
{
nixpkgs.overlays = [
inputs.lib.overlays.default
@@ -8,51 +8,35 @@
];
imports = [
./options.nix
inputs.disko.nixosModules.disko
./format.nix
./hardware
inputs.nixos-wsl.nixosModules.default
inputs.sas.nixosModules.default
./hardware
./build-tarball.nix
./options.nix
../common/configs/system
../common/configs/system/boot
../common/configs/system/btrbk
../common/configs/system/btrfs
../common/configs/system/dnsmasq
../common/configs/system/documentation
../common/configs/system/getty
../common/configs/system/git
../common/configs/system/gpg-agent
../common/configs/system/impermanence
../common/configs/system/libvirt
../common/configs/system/neovim
../common/configs/system/networkmanager
../common/configs/system/nix
../common/configs/system/nix-cleanup
../common/configs/system/nix-install
../common/configs/system/nix-ld
../common/configs/system/nix-update
../common/configs/system/nixpkgs
../common/configs/system/ntp
../common/configs/system/pipewire
../common/configs/system/podman
../common/configs/system/power
../common/configs/system/printing
../common/configs/system/sops
../common/configs/system/ssh
../common/configs/system/sudo
../common/configs/system/system
../common/configs/system/timezone
../common/configs/system/tmux
../common/configs/system/upower
../common/configs/system/users
../common/configs/system/zsh
./configs/nix
./configs/pki
./configs/podman
./configs/ssh
./users/nikara
@@ -62,6 +46,5 @@
sas.build.private = true;
environment.impermanence.device =
config.disko.devices.disk.main.content.partitions.root.content.device;
environment.impermanence.enable = lib.mkForce false;
}

79
hosts/elara/format.nix
View File

@@ -1,79 +0,0 @@
{
disko.devices = {
disk.main = {
device = "/dev/disk/by-id/scsi-3600224809f331210b85f07f3c5e9dacd";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "esp";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
swap = {
name = "swap";
size = "32G";
content = {
type = "swap";
resumeDevice = true;
};
};
root = {
name = "root";
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes =
let
mountOptions = [
"compress=zstd:5"
"noatime"
"user_subvol_rm_allowed"
];
in
{
"@" = {
mountpoint = "/";
inherit mountOptions;
};
"@persist" = {
mountpoint = "/persist";
inherit mountOptions;
};
"@persist/user" = {
mountpoint = "/persist/user";
inherit mountOptions;
};
"@persist/state" = {
mountpoint = "/persist/state";
inherit mountOptions;
};
"@persist/cache" = {
mountpoint = "/persist/cache";
inherit mountOptions;
};
"@nix" = {
mountpoint = "/nix";
inherit mountOptions;
};
};
};
};
};
};
};
};
}

15
hosts/elara/hardware/default.nix
View File

@@ -1,15 +1,8 @@
{ ... }:
{
imports = [ ./display.nix ];
hardware = {
enableAllFirmware = true;
cpu = {
cores = 14;
threads = 14;
};
wsl = {
enable = true;
defaultUser = "nikara";
startMenuLaunchers = true;
};
virtualisation.hypervGuest.enable = true;
}

29
hosts/elara/hardware/display.nix
View File

@@ -1,29 +0,0 @@
{ ... }:
{
boot.kernelParams = [ "video=hyperv_fb:1920x1200@60" ];
home-manager.sharedModules = [
{
wayland.windowManager.hyprland.settings = {
animation = "global, 0";
monitor = [ "Virtual-1, preferred, 0x0, 1" ];
workspace = [
"1, monitor:Virtual-1, layoutopt:orientation:left"
"2, monitor:Virtual-1, layoutopt:orientation:left"
"3, monitor:Virtual-1, layoutopt:orientation:left"
"4, monitor:Virtual-1, layoutopt:orientation:left"
"5, monitor:Virtual-1, layoutopt:orientation:left"
"6, monitor:Virtual-1, layoutopt:orientation:left"
"7, monitor:Virtual-1, layoutopt:orientation:left"
"8, monitor:Virtual-1, layoutopt:orientation:left"
"9, monitor:Virtual-1, layoutopt:orientation:left"
"10, monitor:Virtual-1, layoutopt:orientation:left"
];
};
programs.vscode.profiles.default.userSettings."window.zoomLevel" = (1.25 - 1) / 0.2;
}
];
}

5
hosts/elara/users/nikara/configs/console/wsl/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{ user, home }:
{ pkgs, ... }:
{
home-manager.users.${user}.home.packages = with pkgs; [ wsl-wl-clipboard ];
}

5
hosts/elara/users/nikara/configs/gui/obsidian/default.nix
View File

@@ -1,5 +0,0 @@
{ user, home }:
{ ... }:
{
home-manager.users.${user}.programs.obsidian.vaults."Documents/Obsidian/sas/master".enable = true;
}

26
hosts/elara/users/nikara/configs/gui/vscode/default.nix
View File

@@ -1,26 +0,0 @@
{ user, home }:
{ ... }:
{
home-manager.users.${user}.programs.vscode = {
languages = {
c.enable = true;
go.enable = true;
hugo.enable = true;
java.enable = true;
jinja.enable = true;
lua.enable = true;
markdown.enable = true;
nix.enable = true;
podman.enable = true;
python.enable = true;
rest.enable = true;
rust.enable = true;
sas.enable = true;
sops.enable = true;
typescript.enable = true;
yaml.enable = true;
};
copilot.enable = true;
};
}

41
hosts/elara/users/nikara/default.nix
View File

@@ -14,7 +14,6 @@ in
imports = [
(import ../../../common/configs/user { inherit user home; })
(import ../../../common/configs/user/console/android { inherit user home; })
(import ../../../common/configs/user/console/btop { inherit user home; })
(import ../../../common/configs/user/console/dive { inherit user home; })
(import ../../../common/configs/user/console/fastfetch { inherit user home; })
@@ -26,18 +25,14 @@ in
(import ../../../common/configs/user/console/ip { inherit user home; })
(import ../../../common/configs/user/console/jq { inherit user home; })
(import ../../../common/configs/user/console/kubernetes { inherit user home; })
(import ../../../common/configs/user/console/libvirt { inherit user home; })
(import ../../../common/configs/user/console/lsof { inherit user home; })
(import ../../../common/configs/user/console/mprocs { inherit user home; })
(import ../../../common/configs/user/console/ncdu { inherit user home; })
(import ../../../common/configs/user/console/ncspot { inherit user home; })
(import ../../../common/configs/user/console/neovim { inherit user home; })
(import ../../../common/configs/user/console/nix { inherit user home; })
(import ../../../common/configs/user/console/nix-cleanup { inherit user home; })
(import ../../../common/configs/user/console/nix-develop { inherit user home; })
(import ../../../common/configs/user/console/nix-direnv { inherit user home; })
(import ../../../common/configs/user/console/ouch { inherit user home; })
(import ../../../common/configs/user/console/pipewire { inherit user home; })
(import ../../../common/configs/user/console/podman { inherit user home; })
(import ../../../common/configs/user/console/sops { inherit user home; })
(import ../../../common/configs/user/console/ssh { inherit user home; })
@@ -47,48 +42,14 @@ in
(import ../../../common/configs/user/console/wget { inherit user home; })
(import ../../../common/configs/user/console/xdg { inherit user home; })
(import ../../../common/configs/user/console/yazi { inherit user home; })
(import ../../../common/configs/user/console/yt-dlp { inherit user home; })
(import ../../../common/configs/user/console/zoxide { inherit user home; })
(import ../../../common/configs/user/console/zsh { inherit user home; })
(import ../../../common/configs/user/gui/astal { inherit user home; })
(import ../../../common/configs/user/gui/bluetooth { inherit user home; })
(import ../../../common/configs/user/gui/btop { inherit user home; })
(import ../../../common/configs/user/gui/clipbook { inherit user home; })
(import ../../../common/configs/user/gui/cliphist { inherit user home; })
(import ../../../common/configs/user/gui/emoji { inherit user home; })
(import ../../../common/configs/user/gui/feh { inherit user home; })
(import ../../../common/configs/user/gui/firefox { inherit user home; })
(import ../../../common/configs/user/gui/gtk { inherit user home; })
(import ../../../common/configs/user/gui/hyprland { inherit user home; })
(import ../../../common/configs/user/gui/hyprpicker { inherit user home; })
(import ../../../common/configs/user/gui/hyprshot { inherit user home; })
(import ../../../common/configs/user/gui/kitty { inherit user home; })
(import ../../../common/configs/user/gui/libreoffice { inherit user home; })
(import ../../../common/configs/user/gui/mpv { inherit user home; })
(import ../../../common/configs/user/gui/networkmanager { inherit user home; })
(import ../../../common/configs/user/gui/obs { inherit user home; })
(import ../../../common/configs/user/gui/obsidian { inherit user home; })
(import ../../../common/configs/user/gui/pipewire { inherit user home; })
(import ../../../common/configs/user/gui/qalculate { inherit user home; })
(import ../../../common/configs/user/gui/qt { inherit user home; })
(import ../../../common/configs/user/gui/rofi { inherit user home; })
(import ../../../common/configs/user/gui/rquickshare { inherit user home; })
(import ../../../common/configs/user/gui/swww { inherit user home; })
(import ../../../common/configs/user/gui/theme { inherit user home; })
(import ../../../common/configs/user/gui/vscode { inherit user home; })
(import ../../../common/configs/user/gui/wev { inherit user home; })
(import ../../../common/configs/user/gui/wl-clipboard { inherit user home; })
(import ../../../common/configs/user/gui/x11 { inherit user home; })
(import ../../../common/configs/user/gui/xdg { inherit user home; })
(import ./configs/console/gpg { inherit user home; })
(import ./configs/console/podman { inherit user home; })
(import ./configs/console/sas { inherit user home; })
(import ./configs/console/ssh { inherit user home; })
(import ./configs/gui/obsidian { inherit user home; })
(import ./configs/gui/vscode { inherit user home; })
(import ./configs/console/wsl { inherit user home; })
];
# mkpasswd -s

1
hosts/himalia/default.nix
View File

@@ -21,7 +21,6 @@
../common/configs/system/documentation
../common/configs/system/getty
../common/configs/system/git
../common/configs/system/gpg-agent
../common/configs/system/impermanence
../common/configs/system/lanzaboote
../common/configs/system/libvirt

1
hosts/installer/default.nix
View File

@@ -19,7 +19,6 @@
../common/configs/system/documentation
../common/configs/system/getty
../common/configs/system/git
../common/configs/system/gpg-agent
../common/configs/system/impermanence
../common/configs/system/lanzaboote
../common/configs/system/neovim

2
hosts/jupiter-vps/README.md
View File

@@ -2,7 +2,7 @@
## Installation Instructions
1. Provision an OVHcloud VPS (ideally running Ubuntu).
1. Provision an OVHcloud VPS (ideally running Ubuntu)
2. Add personal public key
3. Add a CNAME entry for `vps.karaolidis.com` pointing to the VPS IP/host
4. Run `hosts/jupiter-vps/install.sh`

2
hosts/jupiter-vps/install.sh
View File

@@ -12,6 +12,6 @@ cleanup() {
trap cleanup EXIT
install -d -m 755 "$temp/etc/ssh"
cp ./secrets/hosts/jupiter-vps/ssh_host_ed25519_key "$temp/etc/ssh/ssh_host_ed25519_key"
cp ./submodules/secrets/hosts/jupiter-vps/ssh_host_ed25519_key "$temp/etc/ssh/ssh_host_ed25519_key"
nix run github:nix-community/nixos-anywhere -- --flake .#jupiter-vps --extra-files "$temp" --target-host ubuntu@vps.karaolidis.com -i ~/.ssh/ssh_personal_ed25519_key

2
packages/default.nix
View File

@@ -89,5 +89,7 @@
ssh-known-hosts-github = import ./ssh/known-hosts/github { inherit pkgs; };
ssh-known-hosts-gitlab = import ./ssh/known-hosts/gitlab { inherit pkgs; };
wsl-wl-clipboard = import ./wsl-wl-clipboard { inherit pkgs; };
yazi-plugin-custom-shell = import ./yazi/plugins/custom-shell { inherit pkgs; };
}

28
packages/wsl-wl-clipboard/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{ pkgs, ... }:
# FIXME: https://github.com/nix-community/NixOS-WSL/issues/700
let
wl-copy = pkgs.writeShellScriptBin "wl-copy" ''
printf '%s' "$(cat)" | ${pkgs.dos2unix}/bin/unix2dos | clip.exe
'';
wl-paste = pkgs.writeShellScriptBin "wl-paste" ''
powershell.exe -command Get-Clipboard | ${pkgs.dos2unix}/bin/dos2unix
'';
in
pkgs.stdenv.mkDerivation {
name = "wsl-wl-clipboard";
version = "1.0";
src = ./.;
buildInputs = [
wl-copy
wl-paste
];
installPhase = ''
mkdir -p $out/bin
ln -s ${wl-copy}/bin/wl-copy $out/bin/wl-copy
ln -s ${wl-paste}/bin/wl-paste $out/bin/wl-paste
'';
}

16
scripts/add-host.sh
View File

@@ -11,16 +11,16 @@ fi
host="$1"
mkdir -p "./secrets/hosts/$host"
ssh-keygen -t ed25519 -f "./secrets/hosts/$host/ssh_host_ed25519_key" -C "root@$host" -N ""
age_key=$(ssh-to-age < "./secrets/hosts/$host/ssh_host_ed25519_key.pub")
mkdir -p "./submodules/secrets/hosts/$host"
ssh-keygen -t ed25519 -f "./submodules/secrets/hosts/$host/ssh_host_ed25519_key" -C "root@$host" -N ""
age_key=$(ssh-to-age < "./submodules/secrets/hosts/$host/ssh_host_ed25519_key.pub")
cat <<EOF > "./secrets/hosts/$host/sops.yaml"
cat <<EOF > "./submodules/secrets/hosts/$host/sops.yaml"
keys:
- hosts:
- &$host $age_key
- namespaces:
- &personal $(age-keygen -y ./secrets/domains/personal/key.txt | tr -d '\n')
- &personal $(age-keygen -y ./submodules/secrets/domains/personal/key.txt | tr -d '\n')
creation_rules:
- path_regex: .+\.(yaml|yml|json|env|ini|bin)
@@ -46,7 +46,7 @@ done
machine_id=$(uuidgen -r | tr -d -)
cat <<EOF > "./secrets/hosts/$host/.decrypted~secrets.yaml"
cat <<EOF > "./submodules/secrets/hosts/$host/.decrypted~secrets.yaml"
luks: '$luks'
machineId: $machine_id
EOF
@@ -55,11 +55,11 @@ tmp_age_key="$(mktemp)"
echo "$age_key" > "$tmp_age_key"
export SOPS_AGE_KEY_FILE="$tmp_age_key"
sops --config "./secrets/hosts/$host/sops.yaml" --encrypt "./secrets/hosts/$host/.decrypted~secrets.yaml" > "./secrets/hosts/$host/secrets.yaml"
sops --config "./submodules/secrets/hosts/$host/sops.yaml" --encrypt "./submodules/secrets/hosts/$host/.decrypted~secrets.yaml" > "./submodules/secrets/hosts/$host/secrets.yaml"
unset SOPS_AGE_KEY_FILE
rm -f "$tmp_age_key"
rm -f "./secrets/hosts/$host/.decrypted~secrets.yaml"
rm -f "./submodules/secrets/hosts/$host/.decrypted~secrets.yaml"
mkdir -p "./hosts/$host/hardware"

2
scripts/remove-host.sh
View File

@@ -11,7 +11,7 @@ fi
host="$1"
age_key=$(ssh-to-age < "./secrets/hosts/$host/ssh_host_ed25519_key.pub")
age_key=$(ssh-to-age < "./submodules/secrets/hosts/$host/ssh_host_ed25519_key.pub")
find . -type f -name "sops.yaml" | while IFS= read -r sops_file; do
sed -i "/ - &$host $age_key/d" "$sops_file"