Add install script

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>

hosts/common/configs/system/backup/backup.completion.zsh

@@ -1,7 +1,7 @@
 _backup_completion() {
   local options=(
-    '-m[specify partition to mount for backup]:partition:($(_partitions))'
-    '-b[specify backup directory]:backup directory:_files -/'
+    '-m[Partition to mount for backup]:partition:($(_partitions))'
+    '-b[Backup directory]:backup directory:_files -/'
   )
   local curcontext="$curcontext" state line
   typeset -A opt_args

hosts/common/configs/system/backup/backup.sh

@@ -10,7 +10,7 @@ usage() {
 
 cleanup() {
   if [ -d "/persist.bak" ]; then btrfs -q subvolume delete "/persist.bak"; fi
-  if [ -n "${backup_location}" ] && [ -f "${backup_location}.tmp" ]; then rm "${backup_location}.tmp"; fi
+  if [ -n "${backup_location}" ]; then rm -f "${backup_location}.tmp"; fi
 
   if [ -n "${mount_location}" ]; then
     if mount | grep -q "${mount_location}"; then umount "${mount_location}"; fi

hosts/common/configs/system/nix-install/default.nix

@@ -0,0 +1,22 @@
+{ pkgs, inputs, ... }:
+{
+  environment.systemPackages = [
+    (pkgs.writeShellApplication {
+      name = "nix-install";
+      runtimeInputs = with pkgs; [
+        coreutils
+        iputils
+        jq
+        nix
+        inputs.disko.packages.${system}.disko
+      ];
+      text = builtins.readFile ./install.sh;
+    })
+  ];
+
+  home-manager.sharedModules = [
+    {
+      programs.zsh.initExtra = builtins.readFile ./install.completion.zsh;
+    }
+  ];
+}

hosts/common/configs/system/nix-install/install.completion.zsh

@@ -0,0 +1,30 @@
+_nix-install_completion() {
+  local -a options
+  options=(
+    '1:flake:_directories'
+    '-m[Mode: 'install' or 'repair']:mode:(install repair)'
+    '-h[Host to configure]:host:($(_list_hosts))'
+    '-k[Key file to copy to user config]:key:($(_list_keys))'
+    '-p[LUKS password file to use for encryption]:password_file:_files'
+    '-c[Copy configuration to target]'
+    '-r[Reboot after completion]'
+  )
+
+  _list_hosts() {
+    flake="$(realpath ${words[2]})"
+    if [[ -f "${flake}/flake.nix" ]]; then
+      nix flake show --quiet --json "${flake}" 2>/dev/null | jq -r '.nixosConfigurations | keys[]'
+    fi
+  }
+
+  _list_keys() {
+    flake="$(realpath ${words[2]})"
+    if [[ -d "${flake}/secrets" ]]; then
+      find "${flake}/secrets" -type f -name 'key.txt' | sed -E 's|^.*/secrets/([^/]+)/key.txt$|\1|' | sort -u
+    fi
+  }
+
+  _arguments -s $options
+}
+
+compdef _nix-install_completion nix-install

hosts/common/configs/system/nix-install/install.sh

@@ -0,0 +1,173 @@
+usage() {
+  echo "Usage: $0 flake -m install|repair -h host [-k key] [-p password_file] [-c] [-r]"
+  echo
+  echo "Options:"
+  echo "  flake               Directory containing the flake.nix file."
+  echo "  -m mode             Mode: 'install' or 'repair'."
+  echo "  -h host             Host to configure."
+  echo "  -k key              Key file to copy to user config."
+  echo "  -p password_file    LUKS password file to use for encryption."
+  echo "  -c                  Copy configuration to target."
+  echo "  -r                  Reboot after completion."
+  exit 1
+}
+
+check_root() {
+  if [[ "${EUID}" -ne 0 ]]; then
+    echo "Please run the script as root."
+    exit 1
+  fi
+}
+
+check_network() {
+  if ! ping -c 1 google.com &>/dev/null; then
+    echo "Connect to a network before proceeding."
+    exit 1
+  fi
+}
+
+check_flake() {
+  if [[ ! -f "${flake}/flake.nix" ]]; then
+    echo "flake.nix not found in ${flake}."
+    exit 1
+  fi
+}
+
+check_host() {
+  if ! nix flake show --quiet --json "${flake}" 2>/dev/null | jq -e ".nixosConfigurations[\"${host}\"]" &>/dev/null; then
+    echo "Host '${host}' not found in flake."
+    exit 1
+  fi
+}
+
+check_key() {
+  if [[ -n "${key}" ]] && [[ ! -f "${flake}/secrets/${key}/key.txt" ]]; then
+    echo "Key '${key}' not found."
+    exit 1
+  fi
+}
+
+set_password_file() {
+  if [[ -n "${password_file}" ]]; then
+    if [[ ! -f "${password_file}" ]]; then
+      echo "LUKS key file '${password_file}' not found."
+      exit 1
+    fi
+
+    ln -sf "${password_file}" /tmp/installer.key
+  else
+    echo "Enter password for LUKS encryption:"
+    IFS= read -r -s password
+    echo "Enter password again to confirm: "
+    IFS= read -r -s password_check
+    [ "${password}" != "${password_check}" ]
+    echo -n "${password}" > /tmp/installer.key
+    unset password password_check
+  fi
+}
+
+prepare_disk() {
+  local disko_mode="$1"
+  root=$(mktemp -d /mnt/install.XXXXXX)
+  disko -m "${disko_mode}" --yes-wipe-all-disks --root-mountpoint "${root}" "${flake}/hosts/${host}/format.nix" --arg device "\"${device}\""
+}
+
+copy_keys() {
+  mkdir -p "${root}/persist/etc/ssh"
+  cp "${flake}/hosts/${host}/secrets/ssh_host_ed25519_key" "${root}/persist/etc/ssh/ssh_host_ed25519_key"
+
+  for path in "${flake}/hosts/${host}/users"/*; do
+    if [[ -z "${key}" ]]; then
+      continue
+    fi
+
+    user=$(basename "${path}")
+    mkdir -p "${root}/persist/home/${user}/.config/sops-nix"
+    cp "${flake}/secrets/${key}/key.txt" "${root}/persist/home/${user}/.config/sops-nix/key.txt"
+    uid=$(cat "${flake}/hosts/${host}/users/${user}/uid")
+    gid=100
+    chown -R "${uid}:${gid}" "${root}/persist/home/${user}"
+  done
+}
+
+install() {
+  nixos-install --root "${root}" --flake "${flake}#${host}" --no-root-passwd
+}
+
+copy_config() {
+  echo "Copying configuration..."
+  rm -rf "${root}/persist/etc/nixos"
+  cp -r "${flake}" "${root}/persist/etc/nixos"
+}
+
+finish() {
+  echo "Rebooting system..."
+  trap - EXIT
+  cleanup
+  reboot
+}
+
+cleanup() {
+  rm -f /tmp/installer.key
+  if [[ -n "${host}" && -n "${device}" ]]; then disko -m "unmount" "${flake}/hosts/${host}/format.nix" --arg device "\"${device}\""; fi
+  if [[ -d "${root}" ]]; then rmdir "${root}"; fi
+}
+
+check_root
+check_network
+
+if [[ "$#" -lt 1 ]]; then
+  usage
+fi
+
+flake="$(realpath "$1")"
+check_flake
+shift
+
+mode=""
+host=""
+key=""
+password_file=""
+copy_config_flag="false"
+reboot_flag="false"
+
+while getopts "m:h:k:p:cr" opt; do
+  case "${opt}" in
+    m) mode="${OPTARG}" ;;
+    h) host="${OPTARG}" ;;
+    k) key="${OPTARG}" ;;
+    p) password_file="${OPTARG}" ;;
+    c) copy_config_flag="true" ;;
+    r) reboot_flag="true" ;;
+    *) usage ;;
+  esac
+done
+
+if [[ -z "${mode}" || -z "${host}" ]]; then
+  usage
+fi
+
+check_host
+check_key
+until set_password_file; do echo "Passwords did not match, please try again."; done
+
+device=$(grep -oP '(?<=device = ")[^"]+' "${flake}/hosts/${host}/default.nix")
+
+case "${mode}" in
+  install)
+    prepare_disk "destroy,format,mount"
+    copy_keys
+    install
+    if [[ "${copy_config_flag}" == "true" ]]; then copy_config; fi
+    if [[ "${reboot_flag}" == "true" ]]; then finish; fi
+    ;;
+  repair)
+    prepare_disk "mount"
+    install
+    if [[ "${reboot_flag}" == "true" ]]; then finish; fi
+    ;;
+  *)
+    echo "Invalid mode: ${mode}"
+    usage
+    ;;
+esac