47 lines
1.1 KiB
Bash
Executable file
47 lines
1.1 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
|
|
set -euo pipefail
|
|
IFS=$'\n\t'
|
|
|
|
servername="${1-}"
|
|
|
|
hostname="${2-}"
|
|
|
|
if [ -z "$servername" ] || [ -z "$hostname" ]
|
|
then
|
|
echo "Usage: $0 SERVERNAME HOSTNAME"
|
|
exit 1
|
|
fi
|
|
|
|
confirmation="Yes, wipe ${servername}."
|
|
|
|
echo "⚠️ This will wipe ${servername} completely! ⚠️"
|
|
echo "Confirm by typing: \"${confirmation}\""
|
|
read response
|
|
|
|
if [ "$response" != "$confirmation" ]; then
|
|
echo "Aborting."
|
|
exit 1
|
|
fi
|
|
|
|
# Create a temporary directory
|
|
temp=$(mktemp -d)
|
|
|
|
# Function to cleanup temporary directory on exit
|
|
cleanup() {
|
|
rm -rf "$temp"
|
|
}
|
|
trap cleanup EXIT
|
|
|
|
# Create directory where age key will go.
|
|
# Nixos-anywhere creates a kind of overlay and retains this structure on the final file system.
|
|
mkdir -p "$temp/root/.config/sops/age"
|
|
|
|
# Extract and copy server's age key.
|
|
sops -d --extract "[\"${servername}\"]" secrets/serverKeys.yaml > "$temp/root/.config/sops/age/keys.txt"
|
|
|
|
# Set the correct permissions
|
|
chmod 600 "$temp/root/.config/sops/age/keys.txt"
|
|
|
|
# Install NixOS to the host system with our age identity
|
|
nixos-anywhere --extra-files "$temp" --flake ".#${servername}" "root@${hostname}"
|