forked from kalipso/infrastructure
add install script
This commit is contained in:
ahtlon
44
scripts/remote-install-encrypt.sh
Executable file
44
scripts/remote-install-encrypt.sh
Executable file
@@ -0,0 +1,44 @@
|
||||
set -o errexit
|
||||
set -o nounset
|
||||
set -o pipefail
|
||||
|
||||
if [ $# -lt 2 ]; then
|
||||
echo
|
||||
echo "Install NixOS to the host system with secrets and encryption"
|
||||
echo "Usage: $0 <hostname> <ip> (user)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
hostname=$1
|
||||
ipaddress=$2
|
||||
|
||||
# Create a temporary directory
|
||||
temp=$(mktemp -d)
|
||||
|
||||
# Function to cleanup temporary directory on exit
|
||||
cleanup() {
|
||||
rm -rf "$temp"
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
# Create the directory where sshd expects to find the host keys
|
||||
install -d -m755 "$temp/etc/ssh/"
|
||||
|
||||
ssh-keygen -f $temp/etc/ssh/"$hostname" -t ed25519 -N ""
|
||||
ssh-keygen -f $temp/etc/ssh/initrd -t ed25519 -N ""
|
||||
|
||||
# # Set the correct permissions so sshd will accept the key
|
||||
chmod 600 "$temp/etc/ssh/$hostname"
|
||||
chmod 600 "$temp/etc/ssh/initrd"
|
||||
|
||||
# Install NixOS to the host system with our secrets and encription
|
||||
# optional --build-on-remote
|
||||
if [ $# = 3 ]
|
||||
then
|
||||
nix run github:numtide/nixos-anywhere -- --extra-files "$temp" \
|
||||
--disk-encryption-keys /tmp/secret.key <(sops -d machines/$hostname/disk.key) --flake .#$hostname $3@$ipaddress
|
||||
|
||||
else
|
||||
nix run github:numtide/nixos-anywhere -- --extra-files "$temp" \
|
||||
--disk-encryption-keys /tmp/secret.key <(sops -d machines/$hostname/disk.key) --flake .#$hostname root@$ipaddress
|
||||
fi
|
||||
Reference in New Issue
Block a user