diff options
Diffstat (limited to 'infra/nix/bootstrap.nix')
| -rw-r--r-- | infra/nix/bootstrap.nix | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/infra/nix/bootstrap.nix b/infra/nix/bootstrap.nix index f5b86af..a94a3c0 100644 --- a/infra/nix/bootstrap.nix +++ b/infra/nix/bootstrap.nix @@ -1,3 +1,4 @@ +{ self, ... }: { perSystem = { pkgs, ... }: @@ -55,5 +56,62 @@ program = "${bin}/bin/bootstrap-indra"; meta.description = "bootstrap the indra machine by doing a fresh installation"; }; + + apps.infra-bootstrap-plato = + let + bin = pkgs.writeShellApplication { + name = "bootstrap-plato"; + runtimeInputs = [ + # keep-sorted start + pkgs.disko + pkgs.git + pkgs.openssh + pkgs.sops + pkgs.ssh-to-age + pkgs.yq-go + # keep-sorted end + ]; + text = '' + # The live installer creates its own hostid which results in the import of + # the ZFS pool failing. Instead forcefully set the hostid as configured in Nix. + sudo rm -rf /etc/hostid + sudo zgenhostid -f "${self.nixosConfigurations.plato.config.networking.hostId}" + + rootdir="$(git rev-parse --show-toplevel)" + + extrafiles="$(mktemp -d)" + trap 'rm -rf "$extrafiles"' EXIT + + keydir="$extrafiles/persist/etc/ssh" + mkdir --parents "$keydir" + + privatekey="$keydir/ssh_host_ed25519_key" + publickey="$privatekey.pub" + + ssh-keygen -t ed25519 -N "" -f "$privatekey" + chmod 600 "$privatekey" + chmod 644 "$publickey" + + agekey="$(ssh-to-age < "$publickey")" + + yq \ + --inplace \ + "(.keys | .. | select(anchor == \"plato\")) = \"$agekey\"" \ + "$rootdir/infra/.sops.yaml" + + sops updatekeys --yes "$rootdir/infra/modules/base/secrets.yaml" + + sudo disko-install \ + --flake "$rootdir#plato" \ + --disk main "/dev/disk/by-id/ata-CONSISTENT_SSD_S7_512GB_09092225J0987" \ + --extra-files "$keydir" "/persist/etc/ssh" + ''; + }; + in + { + type = "app"; + program = "${bin}/bin/bootstrap-plato"; + meta.description = "bootstrap the plato machine by doing a fresh installation (run on the live installer after copying over the repo)"; + }; }; } |