diff options
| author | vkcku <[email protected]> | 2026-06-01 18:11:24 +0530 |
|---|---|---|
| committer | vkcku <[email protected]> | 2026-06-01 18:11:24 +0530 |
| commit | c79df776529bd48b33d14f7d7393ab3d9c9abc42 (patch) | |
| tree | 493f7ca142b7b901effe457c1988699854dcf28c | |
| parent | infra(plato): initial configuration (diff) | |
infra(plato): add bootstrap script (kind of)
monorepo-revid: bbd7a4536e8bf3ec262976bcc19e9fbe9c650760
| -rw-r--r-- | infra/.sops.yaml | 2 | ||||
| -rw-r--r-- | infra/nix/bootstrap.nix | 58 |
2 files changed, 60 insertions, 0 deletions
diff --git a/infra/.sops.yaml b/infra/.sops.yaml index 37fe5d1..1e90cd3 100644 --- a/infra/.sops.yaml +++ b/infra/.sops.yaml @@ -4,9 +4,11 @@ keys: - &vkcku "age1jtl0m9t7rtfmh674zres8pecmcugv7yxamv8hkvlf3tk2g8p25nsnccslh" - &hosts '': - &indra "age13tmf72y2hgwhqmyyqh78fhf8f25jd4lggruuhzrrpyjnv7auryks340rqv" + - &plato "" creation_rules: - path_regex: modules/base/secrets.yaml key_groups: - age: - *vkcku - *indra + - *plato diff --git a/infra/nix/bootstrap.nix b/infra/nix/bootstrap.nix index f5b86af..a94a3c0 100644 --- a/infra/nix/bootstrap.nix +++ b/infra/nix/bootstrap.nix @@ -1,3 +1,4 @@ +{ self, ... }: { perSystem = { pkgs, ... }: @@ -55,5 +56,62 @@ program = "${bin}/bin/bootstrap-indra"; meta.description = "bootstrap the indra machine by doing a fresh installation"; }; + + apps.infra-bootstrap-plato = + let + bin = pkgs.writeShellApplication { + name = "bootstrap-plato"; + runtimeInputs = [ + # keep-sorted start + pkgs.disko + pkgs.git + pkgs.openssh + pkgs.sops + pkgs.ssh-to-age + pkgs.yq-go + # keep-sorted end + ]; + text = '' + # The live installer creates its own hostid which results in the import of + # the ZFS pool failing. Instead forcefully set the hostid as configured in Nix. + sudo rm -rf /etc/hostid + sudo zgenhostid -f "${self.nixosConfigurations.plato.config.networking.hostId}" + + rootdir="$(git rev-parse --show-toplevel)" + + extrafiles="$(mktemp -d)" + trap 'rm -rf "$extrafiles"' EXIT + + keydir="$extrafiles/persist/etc/ssh" + mkdir --parents "$keydir" + + privatekey="$keydir/ssh_host_ed25519_key" + publickey="$privatekey.pub" + + ssh-keygen -t ed25519 -N "" -f "$privatekey" + chmod 600 "$privatekey" + chmod 644 "$publickey" + + agekey="$(ssh-to-age < "$publickey")" + + yq \ + --inplace \ + "(.keys | .. | select(anchor == \"plato\")) = \"$agekey\"" \ + "$rootdir/infra/.sops.yaml" + + sops updatekeys --yes "$rootdir/infra/modules/base/secrets.yaml" + + sudo disko-install \ + --flake "$rootdir#plato" \ + --disk main "/dev/disk/by-id/ata-CONSISTENT_SSD_S7_512GB_09092225J0987" \ + --extra-files "$keydir" "/persist/etc/ssh" + ''; + }; + in + { + type = "app"; + program = "${bin}/bin/bootstrap-plato"; + meta.description = "bootstrap the plato machine by doing a fresh installation (run on the live installer after copying over the repo)"; + }; }; } |