diff options
| author | vkcku <[email protected]> | 2026-06-01 16:56:28 +0530 |
|---|---|---|
| committer | vkcku <[email protected]> | 2026-06-01 16:56:28 +0530 |
| commit | 5870b40bdc9920fcbc30d784a254343353138ec1 (patch) | |
| tree | c628b3f4f3c6300673d520ffe2a6ad05eff79c8e /infra/nix/bootstrap.nix | |
| parent | infra: configure nix-settings as part of base module (diff) | |
infra(indra): add bootstrap script
monorepo-revid: 49db3abd92480fb22d7cdb7af7478ab3504cf7bb
Diffstat (limited to 'infra/nix/bootstrap.nix')
| -rw-r--r-- | infra/nix/bootstrap.nix | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/infra/nix/bootstrap.nix b/infra/nix/bootstrap.nix new file mode 100644 index 0000000..f5b86af --- /dev/null +++ b/infra/nix/bootstrap.nix @@ -0,0 +1,59 @@ +{ + perSystem = + { pkgs, ... }: + { + apps.infra-bootstrap-indra = + let + bin = pkgs.writeShellApplication { + name = "bootstrap-indra"; + runtimeInputs = [ + # keep-sorted start + pkgs.git + pkgs.nixos-anywhere + pkgs.openssh + pkgs.sops + pkgs.ssh-to-age + pkgs.yq-go + # keep-sorted end + ]; + text = '' + rootdir="$(git rev-parse --show-toplevel)" + + extrafiles="$(mktemp -d)" + trap 'rm -rf "$extrafiles"' EXIT + + keydir="$extrafiles/persist/etc/ssh" + mkdir --parents "$keydir" + + privatekey="$keydir/ssh_host_ed25519_key" + publickey="$privatekey.pub" + + ssh-keygen -t ed25519 -N "" -C "root@indra" -f "$privatekey" + chmod 600 "$privatekey" + chmod 644 "$publickey" + + agekey="$(ssh-to-age < "$publickey")" + + yq \ + --inplace \ + "(.keys | .. | select(anchor == \"indra\")) = \"$agekey\"" \ + "$rootdir/infra/.sops.yaml" + + sops updatekeys --yes "$rootdir/infra/modules/base/secrets.yaml" + + nixos-anywhere \ + --flake "$rootdir#indra" \ + --extra-files "$extrafiles" \ + --target-host "[email protected]" + + printf "\n\nIMPORTANT: Remember to save the changes to the .sops.yaml file!\n" + ''; + }; + in + { + type = "app"; + program = "${bin}/bin/bootstrap-indra"; + meta.description = "bootstrap the indra machine by doing a fresh installation"; + }; + }; +} |