From 5870b40bdc9920fcbc30d784a254343353138ec1 Mon Sep 17 00:00:00 2001 From: vkcku Date: Mon, 1 Jun 2026 16:56:28 +0530 Subject: infra(indra): add bootstrap script monorepo-revid: 49db3abd92480fb22d7cdb7af7478ab3504cf7bb --- infra/nix/bootstrap.nix | 59 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 infra/nix/bootstrap.nix (limited to 'infra/nix/bootstrap.nix') diff --git a/infra/nix/bootstrap.nix b/infra/nix/bootstrap.nix new file mode 100644 index 0000000..f5b86af --- /dev/null +++ b/infra/nix/bootstrap.nix @@ -0,0 +1,59 @@ +{ + perSystem = + { pkgs, ... }: + { + apps.infra-bootstrap-indra = + let + bin = pkgs.writeShellApplication { + name = "bootstrap-indra"; + runtimeInputs = [ + # keep-sorted start + pkgs.git + pkgs.nixos-anywhere + pkgs.openssh + pkgs.sops + pkgs.ssh-to-age + pkgs.yq-go + # keep-sorted end + ]; + text = '' + rootdir="$(git rev-parse --show-toplevel)" + + extrafiles="$(mktemp -d)" + trap 'rm -rf "$extrafiles"' EXIT + + keydir="$extrafiles/persist/etc/ssh" + mkdir --parents "$keydir" + + privatekey="$keydir/ssh_host_ed25519_key" + publickey="$privatekey.pub" + + ssh-keygen -t ed25519 -N "" -C "root@indra" -f "$privatekey" + chmod 600 "$privatekey" + chmod 644 "$publickey" + + agekey="$(ssh-to-age < "$publickey")" + + yq \ + --inplace \ + "(.keys | .. | select(anchor == \"indra\")) = \"$agekey\"" \ + "$rootdir/infra/.sops.yaml" + + sops updatekeys --yes "$rootdir/infra/modules/base/secrets.yaml" + + nixos-anywhere \ + --flake "$rootdir#indra" \ + --extra-files "$extrafiles" \ + --target-host "root@145.223.22.205" + + printf "\n\nIMPORTANT: Remember to save the changes to the .sops.yaml file!\n" + ''; + }; + in + { + type = "app"; + program = "${bin}/bin/bootstrap-indra"; + meta.description = "bootstrap the indra machine by doing a fresh installation"; + }; + }; +} -- cgit v1.3.1