karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ba74461ed8c165235984002b0a7ef14b00fa6c47
nix/hosts/common/configs/system/nix-install/install.sh
Nikolaos Karaolidis ba74461ed8 Add impermanence create option 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-05-30 00:13:21 +01:00

163 lines
3.7 KiB
Bash
Raw Blame History

# shellcheck shell=bash
usage() {
echo "Usage: $0 flake -m install|repair -h host [-k key] [-p password_file] [-c] [-r]"
echo
echo "Options:"
echo " flake Directory containing the flake.nix file."
echo " -m mode Mode: 'install' or 'repair'."
echo " -h host Host to configure."
echo " -k key Key file to copy to user config."
echo " -c Copy configuration to target."
echo " -r Reboot after completion."
exit 1
}
check_root() {
if [[ "$EUID" -ne 0 ]]; then
echo "Please run the script as root."
exit 1
fi
}
check_network() {
if ! ping -c 1 google.com &>/dev/null; then
echo "Connect to a network before proceeding."
exit 1
fi
}
check_flake() {
if [[ ! -f "$flake/flake.nix" ]]; then
echo "flake.nix not found in $flake."
exit 1
fi
}
check_host() {
if ! nix flake show --quiet --json "$flake" 2>/dev/null | jq -e ".nixosConfigurations[\"$host\"]" &>/dev/null; then
echo "Host '$host' not found in flake."
exit 1
fi
}
check_key() {
if [[ -n "$key" ]] && [[ ! -f "$flake/secrets/$key/key.txt" ]]; then
echo "Key '$key' not found."
exit 1
fi
}
set_password_file() {
SOPS_AGE_KEY_FILE="$flake/secrets/$key/key.txt"
export SOPS_AGE_KEY_FILE
sops --decrypt --extract "['luks']" "$flake/hosts/$host/secrets/secrets.yaml" > /tmp/keyfile
unset SOPS_AGE_KEY_FILE
}
prepare_disk() {
local disko_mode="$1"
mkdir -p /mnt
root=$(mktemp -d /mnt/install.XXXXXX)
disko -m "$disko_mode" --yes-wipe-all-disks --root-mountpoint "$root" "$flake/hosts/$host/format.nix"
}
copy_keys() {
mkdir -p "$root/persist/state/etc/ssh"
cp -f "$flake/hosts/$host/secrets/ssh_host_ed25519_key" "$root/persist/state/etc/ssh/ssh_host_ed25519_key"
for path in "$flake/hosts/$host/users"/*; do
if [[ -z "$key" ]]; then
continue
fi
local user
user=$(basename "$path")
mkdir -p "$root/persist/state/home/$user/.config/sops-nix"
cp -f "$flake/secrets/$key/key.txt" "$root/persist/state/home/$user/.config/sops-nix/key.txt"
owner=$(cat "$flake/hosts/$host/users/$user/uid")
group=100
chown "$owner:$group" \
"$root/persist/state/home/$user" \
"$root/persist/state/home/$user/.config" \
"$root/persist/state/home/$user/.config/sops-nix" \
"$root/persist/state/home/$user/.config/sops-nix/key.txt"
done
}
install() {
nixos-install --root "$root" --flake "$flake#$host" --no-root-passwd
}
copy_config() {
echo "Copying configuration..."
mkdir -p "$root/persist/user/etc/nixos"
rm -rf "$root/persist/user/etc/nixos"
cp -r "$flake" "$root/persist/user/etc/nixos"
}
finish() {
echo "Rebooting system..."
trap - EXIT
cleanup
reboot
}
cleanup() {
rm -f /tmp/keyfile
if [[ -n "$host" ]]; then disko -m "unmount" "$flake/hosts/$host/format.nix"; fi
if [[ -d "$root" ]]; then rmdir "$root"; fi
}
main() {
check_root
check_network
if [[ "$#" -lt 1 ]]; then usage; fi
flake="$(realpath "$1")"
check_flake
shift
mode=""
host=""
key=""
copy_config_flag="false"
reboot_flag="false"
while getopts "m:h:k:cr" opt; do
case "$opt" in
m) mode="$OPTARG" ;;
h) host="$OPTARG" ;;
k) key="$OPTARG" ;;
c) copy_config_flag="true" ;;
r) reboot_flag="true" ;;
*) usage ;;
esac
done
if [[ -z "$mode" || -z "$host" ]]; then usage; fi
check_host
check_key
set_password_file
case "$mode" in
install) prepare_disk "destroy,format,mount";;
repair) prepare_disk "mount";;
*)
echo "Invalid mode: $mode"
usage
;;
esac
copy_keys
install
[[ "$copy_config_flag" == "true" ]] && copy_config
[[ "$reboot_flag" == "true" ]] && finish
}
main "$@"
Reference in New Issue View Git Blame Copy Permalink