Move scripts

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>

lib/scripts/add-host.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+if [[ "$#" -ne 2 ]]; then
+  echo "Usage: $0 <host> <sops-master-key>"
+  exit 1
+fi
+
+HOST="$1"
+
+mkdir -p "./hosts/${HOST}/secrets"
+
+ssh-keygen -t ed25519 -f "./hosts/${HOST}/secrets/ssh_host_ed25519_key" -N ""
+
+AGE_KEY=$(nix shell nixpkgs#ssh-to-age --command bash -c "cat './hosts/${HOST}/secrets/ssh_host_ed25519_key.pub' | ssh-to-age")
+
+for SOPS_FILE in $(find . -type f -name "sops.yaml"); do
+  sed -i "/- hosts:/a\    - &${HOST} ${AGE_KEY}" "${SOPS_FILE}"
+  sed -i "/- age:/a\        - *${HOST}" "${SOPS_FILE}"
+done
+
+sed -i "/knownHosts = {/a\      ${HOST}.publicKeyFile = ../../../../${HOST}/secrets/ssh_host_ed25519_key.pub;" ./hosts/common/system/configs/ssh/default.nix
+sed -i "/userKnownHostsFile = lib.strings.concatStringsSep " " [/a\      \${../../../../../${HOST}/secrets/ssh_host_ed25519_key.pub}" ./hosts/common/user/configs/console/ssh/default.nix
+
+"$(dirname "$0")/update-keys.sh" "$2"
+
+echo "Host ${HOST} has been successfully added."
+echo "Please generate SSH key pairs for any users that need to connect to user@host."
+echo "Use the following command:"
+echo "ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_${HOST}_<user>"

lib/scripts/install.sh

@@ -0,0 +1,151 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+check_root() {
+  if [[ "${EUID}" -ne 0 ]]; then
+    echo "Please run the script as root."
+    exit 1
+  fi
+}
+
+check_network() {
+  rfkill unblock all
+
+  if ping -c 1 google.com &>/dev/null; then
+    echo "Network connection detected, skipping Wi-Fi setup."
+    return
+  fi
+
+  echo "No network connection detected."
+  echo "Would you like to connect to a Wi-Fi network? [y/N]"
+
+  read -r connect_wifi
+
+  if ! [[ "${connect_wifi}" =~ ^([yY][eE][sS]|[yY])$ ]]; then
+    echo "Please connect to a network before proceeding."
+    exit 1
+  fi
+
+  setup_wifi
+}
+
+setup_wifi() {
+  echo "Available network interfaces:"
+  ip link show | grep -E '^[0-9]+:' | awk '{print $2}' | tr -d ':'
+
+  echo "Enter the network interface you want to use:"
+  read -r interface
+
+  echo "Enter the SSID of the open network:"
+  read -r ssid
+
+  echo "Do you want to connect to an open network? [y/N]"
+  read -r open_network
+
+  if [[ "${open_network}" =~ ^([yY][eE][sS]|[yY])$ ]]; then
+    wpa_supplicant -i "${interface}" -c <(wpa_passphrase "${ssid}") -B
+  else
+    echo "Enter the passphrase:"
+    read -rs passphrase
+
+    wpa_passphrase "${ssid}" "${passphrase}" > wifi.conf
+    wpa_supplicant -i "${interface}" -c wifi.conf -B
+    rm wifi.conf
+  fi
+
+  dhcpcd
+
+  echo "Waiting for a network connection..."
+
+  for i in {1..10}; do
+    if ping -c 1 google.com &>/dev/null; then
+      echo "Connected to the network successfully."
+      return
+    fi
+    sleep 1
+  done
+
+  echo "Failed to establish a connection within the timeout period."
+  exit 1
+}
+
+select_host() {
+  echo "Available hosts:"
+  echo $(nix --experimental-features "nix-command flakes" flake show --json |
+    nix --experimental-features "nix-command flakes" shell nixpkgs#jq --command jq -r '.nixosConfigurations | keys[]')
+
+  echo "Enter host:"
+  read -r host
+}
+
+prepare_disk() {
+  local mode="$1"
+  device=$(grep -oP '(?<=device = ")[^"]+' "./hosts/${host}/default.nix")
+  nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode "${mode}" "./hosts/${host}/format.nix" --arg device "\"${device}\""
+}
+
+copy_keys() {
+  mkdir -p /mnt/persist/etc/ssh
+  cp "./hosts/${host}/secrets/ssh_host_ed25519_key" /mnt/persist/etc/ssh/ssh_host_ed25519_key
+
+  for path in "./hosts/${host}/users"/*; do
+    user=$(basename "${path}")
+    echo "User detected: ${user}"
+
+    echo "Available keys for ${user}:"
+    ls ./secrets/*/key.txt
+
+    echo "Enter the key file to copy (or press Enter to skip this user):"
+    read -r key
+
+    if [[ -z "${key}" ]]; then
+      echo "Skipping ${user}"
+      continue
+    fi
+
+    mkdir -p "/mnt/persist/home/${user}/.config/sops-nix"
+    cp "${key}" "/mnt/persist/home/${user}/.config/sops-nix/key.txt"
+
+    uid=$(cat "./hosts/${host}/users/${user}/uid")
+    gid=100
+
+    chown -R "${uid}:${gid}" "/mnt/persist/home/${user}"
+  done
+}
+
+install() {
+  nixos-install --root /mnt --flake ".#${host}"
+}
+
+main() {
+  check_root
+  check_network
+  select_host
+
+  echo "What would you like to do with ${host}?"
+  echo "1) Install"
+  echo "2) Repair"
+  read -r choice
+
+  case ${choice} in
+    1)
+      prepare_disk "disko"
+      copy_keys
+      install
+      echo "Installation complete. Please reboot your system."
+      ;;
+    2)
+      prepare_disk "mount"
+      install
+      echo "Repair complete. Please reboot your system."
+      ;;
+    *)
+      echo "Invalid choice."
+      ;;
+  esac
+}
+
+main

lib/scripts/remove-host.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+if [[ "$#" -ne 2 ]]; then
+  echo "Usage: $0 <host> <sops-master-key>"
+  exit 1
+fi
+
+HOST="$1"
+
+AGE_KEY=$(nix shell nixpkgs#ssh-to-age --command bash -c "cat './hosts/${HOST}/secrets/ssh_host_ed25519_key.pub' | ssh-to-age")
+
+for SOPS_FILE in $(find . -type f -name "sops.yaml"); do
+  sed -i "/    - &${HOST} ${AGE_KEY}/d" "${SOPS_FILE}"
+  sed -i "/        - \*${HOST}/d" "${SOPS_FILE}"
+done
+
+sed -i "/${HOST}/d" ./hosts/common/system/configs/ssh/default.nix
+sed -i "/${HOST}/d" ./hosts/common/user/configs/console/ssh/default.nix
+
+"$(dirname "$0")/update-keys.sh" "$2"
+
+rm -rf "./hosts/${HOST}"
+
+echo "Host ${HOST} has been successfully removed."
+echo "Please remove SSH key pairs for any users that used to connect to this host."

lib/scripts/update-keys.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+if [[ "$#" -ne 1 ]]; then
+  echo "Usage: $0 <sops-master-key>"
+  exit 1
+fi
+
+export SOPS_AGE_KEY_FILE="$1"
+
+for SOPS_FILE in $(find . -type f -name 'sops.yaml'); do
+  dir=$(dirname "${SOPS_FILE}")
+  echo "${dir}"
+  find "${dir}" -maxdepth 1 -type f -regextype posix-extended -regex '.+\.(yaml|yml|json|env|ini|bin)' | while read -r file; do
+    echo "${file}"
+    nix shell nixpkgs#sops --command sops --config "${SOPS_FILE}" updatekeys "${file}" -y
+  done
+done

lib/scripts/update.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+paths=$(git config --file .gitmodules --name-only --get-regexp path | while read -r line; do
+  path=$(git config --file .gitmodules --get "${line}")
+  url=$(git config --file .gitmodules --get "${line%.*}.url")
+  if [[ ${url} == *"karaolidis"* ]]; then
+    echo "${path}"
+  fi
+done)
+
+for path in ${paths}; do
+  echo "Processing submodule: ${path}"
+
+  cd "${path}" || exit
+  git checkout master
+  git fetch upstream
+  git merge upstream/master
+
+  branches=$(git for-each-ref --format='%(refname:short)' refs/heads/ | grep -v '^master$')
+  for branch in ${branches}; do
+    git checkout "${branch}"
+    git rebase master
+  done
+
+  git checkout integration
+  git push origin --all --force-with-lease
+  git push origin --tags --force-with-lease
+
+  cd - > /dev/null || exit
+done
+
+echo "All submodules updated successfully."
+
+nix flake update