From c79df776529bd48b33d14f7d7393ab3d9c9abc42 Mon Sep 17 00:00:00 2001
From: vkcku <git@mail.vkcku.com>
Date: Mon, 1 Jun 2026 18:11:24 +0530
Subject: infra(plato): add bootstrap script (kind of)

monorepo-revid: bbd7a4536e8bf3ec262976bcc19e9fbe9c650760
---
 infra/nix/bootstrap.nix | 58 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)

(limited to 'infra/nix/bootstrap.nix')

diff --git a/infra/nix/bootstrap.nix b/infra/nix/bootstrap.nix
index f5b86af..a94a3c0 100644
--- a/infra/nix/bootstrap.nix
+++ b/infra/nix/bootstrap.nix
@@ -1,3 +1,4 @@
+{ self, ... }:
 {
   perSystem =
     { pkgs, ... }:
@@ -55,5 +56,62 @@
           program = "${bin}/bin/bootstrap-indra";
           meta.description = "bootstrap the indra machine by doing a fresh installation";
         };
+
+      apps.infra-bootstrap-plato =
+        let
+          bin = pkgs.writeShellApplication {
+            name = "bootstrap-plato";
+            runtimeInputs = [
+              # keep-sorted start
+              pkgs.disko
+              pkgs.git
+              pkgs.openssh
+              pkgs.sops
+              pkgs.ssh-to-age
+              pkgs.yq-go
+              # keep-sorted end
+            ];
+            text = ''
+              # The live installer creates its own hostid which results in the import of
+              # the ZFS pool failing. Instead forcefully set the hostid as configured in Nix.
+              sudo rm -rf /etc/hostid
+              sudo zgenhostid -f "${self.nixosConfigurations.plato.config.networking.hostId}"
+
+              rootdir="$(git rev-parse --show-toplevel)"
+
+              extrafiles="$(mktemp -d)"
+              trap 'rm -rf "$extrafiles"' EXIT
+
+              keydir="$extrafiles/persist/etc/ssh"
+              mkdir --parents "$keydir"
+
+              privatekey="$keydir/ssh_host_ed25519_key"
+              publickey="$privatekey.pub"
+
+              ssh-keygen -t ed25519 -N "" -f "$privatekey"
+              chmod 600 "$privatekey"
+              chmod 644 "$publickey"
+
+              agekey="$(ssh-to-age < "$publickey")"
+
+              yq \
+                --inplace \
+                "(.keys | .. | select(anchor == \"plato\")) = \"$agekey\"" \
+                "$rootdir/infra/.sops.yaml"
+                
+              sops updatekeys --yes "$rootdir/infra/modules/base/secrets.yaml"
+
+              sudo disko-install \
+                --flake "$rootdir#plato" \
+                --disk main "/dev/disk/by-id/ata-CONSISTENT_SSD_S7_512GB_09092225J0987" \
+                --extra-files "$keydir" "/persist/etc/ssh"
+            '';
+          };
+        in
+        {
+          type = "app";
+          program = "${bin}/bin/bootstrap-plato";
+          meta.description = "bootstrap the plato machine by doing a fresh installation (run on the live installer after copying over the repo)";
+        };
     };
 }
-- 
cgit v1.3.1