From e463fedc18e92436c80984a0a62e8259cd8a4330 Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Wed, 16 Oct 2024 02:12:17 +0100 Subject: [PATCH] feat: send initrd SSH keys if available --- .../scripts/install-anywhere/default.nix | 1 + .../install-anywhere/install-anywhere.sh | 28 ++++++++++++++++--- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/nixos/_mixins/scripts/install-anywhere/default.nix b/nixos/_mixins/scripts/install-anywhere/default.nix index c5e2829bf..8bc8666fb 100644 --- a/nixos/_mixins/scripts/install-anywhere/default.nix +++ b/nixos/_mixins/scripts/install-anywhere/default.nix @@ -10,6 +10,7 @@ let runtimeInputs = with pkgs; [ coreutils-full git + tree ]; text = builtins.readFile ./install-anywhere.sh; }; diff --git a/nixos/_mixins/scripts/install-anywhere/install-anywhere.sh b/nixos/_mixins/scripts/install-anywhere/install-anywhere.sh index 0a7fde537..1eba423fe 100755 --- a/nixos/_mixins/scripts/install-anywhere/install-anywhere.sh +++ b/nixos/_mixins/scripts/install-anywhere/install-anywhere.sh @@ -58,16 +58,36 @@ else echo "- WARN! Wiping disks" fi +EXTRA_FILES=0 # https://github.com/nix-community/nixos-anywhere/blob/main/docs/howtos/secrets.md -if [ -e "$HOME/.config/sops/age/keys.txt" ] && [ "$VM_TEST" -eq 0 ]; then +if [ -e "$HOME/.config/sops/age/keys.txt" ]; then install -d -m755 "$FILES/$HOME/.config/sops/age" cp "$HOME/.config/sops/age/keys.txt" "$FILES/$HOME/.config/sops/age/keys.txt" - EXTRA+=" --extra-files $FILES" + chmod 600 "$FILES/$HOME/.config/sops/age/keys.txt" + chown 1000:100 "$FILES/$HOME/.config/sops/age/keys.txt" echo "- INFO: Sending SOPS keys" + EXTRA_FILES=1 else echo "- WARN! No SOPS keys found" fi +if [ -e "$HOME/Keybase/private/wimpress/Secrets/ssh/initrd_ssh_host_ed25519_key" ]; then + install -d -m755 "$FILES/etc/ssh" + cp "$HOME/Keybase/private/wimpress/Secrets/ssh/initrd_ssh_host_ed25519_key" "$FILES/etc/ssh/" + cp "$HOME/Keybase/private/wimpress/Secrets/ssh/initrd_ssh_host_ed25519_key.pub" "$FILES/etc/ssh/" + chmod 600 "$FILES/etc/ssh/initrd_ssh_host_ed25519_key" + chmod 644 "$FILES/etc/ssh/initrd_ssh_host_ed25519_key.pub" + echo "- INFO: Sending initrd SSH keys" + EXTRA_FILES=1 +else + echo "- WARN! No initrd SSH keys found" +fi + +if [ "$EXTRA_FILES" -eq 1 ]; then + EXTRA+=" --extra-files $FILES" + tree -a "$FILES" +fi + REPLY="n" read -p "Proceed with remote install? [y/N]" -n 1 -r echo @@ -78,6 +98,6 @@ fi pushd "$HOME/Zero/nix-config" || exit 1 # shellcheck disable=2086 -nix run github:nix-community/nixos-anywhere -- \ - $EXTRA --flake ".#$HOST" "root@$REMOTE_ADDRESS" +#nix run github:nix-community/nixos-anywhere -- \ +# $EXTRA --flake ".#$HOST" "root@$REMOTE_ADDRESS" popd || true