Review shell scripts
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
@@ -1,6 +1,5 @@
|
||||
_nix-install_completion() {
|
||||
local -a options
|
||||
options=(
|
||||
local options=(
|
||||
'1:flake:_directories'
|
||||
'-m[Mode: 'install' or 'repair']:mode:(install repair)'
|
||||
'-h[Host to configure]:host:($(_list_hosts))'
|
||||
@@ -11,16 +10,16 @@ _nix-install_completion() {
|
||||
)
|
||||
|
||||
_list_hosts() {
|
||||
flake="$(realpath ${words[2]})"
|
||||
if [[ -f "${flake}/flake.nix" ]]; then
|
||||
nix flake show --quiet --json "${flake}" 2>/dev/null | jq -r '.nixosConfigurations | keys[]'
|
||||
local flake="$(realpath ${words[2]})"
|
||||
if [[ -f "$flake/flake.nix" ]]; then
|
||||
nix flake show --quiet --json "$flake" 2>/dev/null | jq -r '.nixosConfigurations | keys[]'
|
||||
fi
|
||||
}
|
||||
|
||||
_list_keys() {
|
||||
flake="$(realpath ${words[2]})"
|
||||
if [[ -d "${flake}/secrets" ]]; then
|
||||
find "${flake}/secrets" -type f -name 'key.txt' | sed -E 's|^.*/secrets/([^/]+)/key.txt$|\1|' | sort -u
|
||||
local flake="$(realpath ${words[2]})"
|
||||
if [[ -d "$flake/secrets" ]]; then
|
||||
find "$flake/secrets" -type f -name 'key.txt' | sed -E 's|^.*/secrets/([^/]+)/key.txt$|\1|' | sort -u
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
@@ -13,7 +13,7 @@ usage() {
|
||||
}
|
||||
|
||||
check_root() {
|
||||
if [[ "${EUID}" -ne 0 ]]; then
|
||||
if [[ "$EUID" -ne 0 ]]; then
|
||||
echo "Please run the script as root."
|
||||
exit 1
|
||||
fi
|
||||
@@ -27,41 +27,41 @@ check_network() {
|
||||
}
|
||||
|
||||
check_flake() {
|
||||
if [[ ! -f "${flake}/flake.nix" ]]; then
|
||||
echo "flake.nix not found in ${flake}."
|
||||
if [[ ! -f "$flake/flake.nix" ]]; then
|
||||
echo "flake.nix not found in $flake."
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
check_host() {
|
||||
if ! nix flake show --quiet --json "${flake}" 2>/dev/null | jq -e ".nixosConfigurations[\"${host}\"]" &>/dev/null; then
|
||||
echo "Host '${host}' not found in flake."
|
||||
if ! nix flake show --quiet --json "$flake" 2>/dev/null | jq -e ".nixosConfigurations[\"$host\"]" &>/dev/null; then
|
||||
echo "Host '$host' not found in flake."
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
check_key() {
|
||||
if [[ -n "${key}" ]] && [[ ! -f "${flake}/secrets/${key}/key.txt" ]]; then
|
||||
echo "Key '${key}' not found."
|
||||
if [[ -n "$key" ]] && [[ ! -f "$flake/secrets/$key/key.txt" ]]; then
|
||||
echo "Key '$key' not found."
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
set_password_file() {
|
||||
if [[ -n "${password_file}" ]]; then
|
||||
if [[ ! -f "${password_file}" ]]; then
|
||||
echo "LUKS key file '${password_file}' not found."
|
||||
if [[ -n "$password_file" ]]; then
|
||||
if [[ ! -f "$password_file" ]]; then
|
||||
echo "LUKS key file '$password_file' not found."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
ln -sf "${password_file}" /tmp/installer.key
|
||||
ln -sf "$password_file" /tmp/installer.key
|
||||
else
|
||||
echo "Enter password for LUKS encryption:"
|
||||
IFS= read -r -s password
|
||||
echo "Enter password again to confirm: "
|
||||
IFS= read -r -s password_check
|
||||
[ "${password}" != "${password_check}" ]
|
||||
echo -n "${password}" > /tmp/installer.key
|
||||
[ "$password" != "$password_check" ]
|
||||
echo -n "$password" > /tmp/installer.key
|
||||
unset password password_check
|
||||
fi
|
||||
}
|
||||
@@ -69,35 +69,34 @@ set_password_file() {
|
||||
prepare_disk() {
|
||||
local disko_mode="$1"
|
||||
root=$(mktemp -d /mnt/install.XXXXXX)
|
||||
disko -m "${disko_mode}" --yes-wipe-all-disks --root-mountpoint "${root}" "${flake}/hosts/${host}/format.nix" --arg device "\"${device}\""
|
||||
disko -m "$disko_mode" --yes-wipe-all-disks --root-mountpoint "$root" "$flake/hosts/$host/format.nix" --arg device "\"$device\""
|
||||
}
|
||||
|
||||
copy_keys() {
|
||||
mkdir -p "${root}/persist/etc/ssh"
|
||||
cp "${flake}/hosts/${host}/secrets/ssh_host_ed25519_key" "${root}/persist/etc/ssh/ssh_host_ed25519_key"
|
||||
mkdir -p "$root/persist/etc/ssh"
|
||||
cp "$flake/hosts/$host/secrets/ssh_host_ed25519_key" "$root/persist/etc/ssh/ssh_host_ed25519_key"
|
||||
|
||||
for path in "${flake}/hosts/${host}/users"/*; do
|
||||
if [[ -z "${key}" ]]; then
|
||||
for path in "$flake/hosts/$host/users"/*; do
|
||||
if [[ -z "$key" ]]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
user=$(basename "${path}")
|
||||
mkdir -p "${root}/persist/home/${user}/.config/sops-nix"
|
||||
cp "${flake}/secrets/${key}/key.txt" "${root}/persist/home/${user}/.config/sops-nix/key.txt"
|
||||
uid=$(cat "${flake}/hosts/${host}/users/${user}/uid")
|
||||
gid=100
|
||||
chown -R "${uid}:${gid}" "${root}/persist/home/${user}"
|
||||
local user
|
||||
user=$(basename "$path")
|
||||
mkdir -p "$root/persist/home/$user/.config/sops-nix"
|
||||
cp "$flake/secrets/$key/key.txt" "$root/persist/home/$user/.config/sops-nix/key.txt"
|
||||
chown -R "$(cat "$flake/hosts/$host/users/$user/uid"):100" "$root/persist/home/$user"
|
||||
done
|
||||
}
|
||||
|
||||
install() {
|
||||
nixos-install --root "${root}" --flake "${flake}#${host}" --no-root-passwd
|
||||
nixos-install --root "$root" --flake "$flake#$host" --no-root-passwd
|
||||
}
|
||||
|
||||
copy_config() {
|
||||
echo "Copying configuration..."
|
||||
rm -rf "${root}/persist/etc/nixos"
|
||||
cp -r "${flake}" "${root}/persist/etc/nixos"
|
||||
rm -rf "$root/persist/etc/nixos"
|
||||
cp -r "$flake" "$root/persist/etc/nixos"
|
||||
}
|
||||
|
||||
finish() {
|
||||
@@ -109,8 +108,8 @@ finish() {
|
||||
|
||||
cleanup() {
|
||||
rm -f /tmp/installer.key
|
||||
if [[ -n "${host}" && -n "${device}" ]]; then disko -m "unmount" "${flake}/hosts/${host}/format.nix" --arg device "\"${device}\""; fi
|
||||
if [[ -d "${root}" ]]; then rmdir "${root}"; fi
|
||||
if [[ -n "$host" && -n "$device" ]]; then disko -m "unmount" "$flake/hosts/$host/format.nix" --arg device "\"$device\""; fi
|
||||
if [[ -d "$root" ]]; then rmdir "$root"; fi
|
||||
}
|
||||
|
||||
check_root
|
||||
@@ -132,18 +131,18 @@ copy_config_flag="false"
|
||||
reboot_flag="false"
|
||||
|
||||
while getopts "m:h:k:p:cr" opt; do
|
||||
case "${opt}" in
|
||||
m) mode="${OPTARG}" ;;
|
||||
h) host="${OPTARG}" ;;
|
||||
k) key="${OPTARG}" ;;
|
||||
p) password_file="${OPTARG}" ;;
|
||||
case "$opt" in
|
||||
m) mode="$OPTARG" ;;
|
||||
h) host="$OPTARG" ;;
|
||||
k) key="$OPTARG" ;;
|
||||
p) password_file="$OPTARG" ;;
|
||||
c) copy_config_flag="true" ;;
|
||||
r) reboot_flag="true" ;;
|
||||
*) usage ;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [[ -z "${mode}" || -z "${host}" ]]; then
|
||||
if [[ -z "$mode" || -z "$host" ]]; then
|
||||
usage
|
||||
fi
|
||||
|
||||
@@ -151,23 +150,23 @@ check_host
|
||||
check_key
|
||||
until set_password_file; do echo "Passwords did not match, please try again."; done
|
||||
|
||||
device=$(grep -oP '(?<=device = ")[^"]+' "${flake}/hosts/${host}/default.nix")
|
||||
device=$(grep -oP '(?<=device = ")[^"]+' "$flake/hosts/$host/default.nix")
|
||||
|
||||
case "${mode}" in
|
||||
case "$mode" in
|
||||
install)
|
||||
prepare_disk "destroy,format,mount"
|
||||
copy_keys
|
||||
install
|
||||
if [[ "${copy_config_flag}" == "true" ]]; then copy_config; fi
|
||||
if [[ "${reboot_flag}" == "true" ]]; then finish; fi
|
||||
if [[ "$copy_config_flag" == "true" ]]; then copy_config; fi
|
||||
if [[ "$reboot_flag" == "true" ]]; then finish; fi
|
||||
;;
|
||||
repair)
|
||||
prepare_disk "mount"
|
||||
install
|
||||
if [[ "${reboot_flag}" == "true" ]]; then finish; fi
|
||||
if [[ "$reboot_flag" == "true" ]]; then finish; fi
|
||||
;;
|
||||
*)
|
||||
echo "Invalid mode: ${mode}"
|
||||
echo "Invalid mode: $mode"
|
||||
usage
|
||||
;;
|
||||
esac
|
||||
|
||||
Reference in New Issue
Block a user