Pim Kunis
b4fbc0b955
- deploy age identity - make script machine indepdendent - add sanity check for wiping the system create nix shell for running the script
43 lines
1,003 B
Bash
Executable file
43 lines
1,003 B
Bash
Executable file
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
IFS=$'\n\t'
|
|
|
|
servername="${1-}"
|
|
|
|
if [ -z "$servername" ]
|
|
then
|
|
echo "Usage: $0 SERVERNAME"
|
|
exit 1
|
|
fi
|
|
|
|
confirmation="Yes, wipe ${servername}."
|
|
|
|
echo "⚠️ This will wipe ${servername} completely! ⚠️"
|
|
echo "Confirm by typing: \"${confirmation}\""
|
|
read response
|
|
|
|
if [ "$response" != "$confirmation" ]; then
|
|
echo "Aborting."
|
|
exit 1
|
|
fi
|
|
|
|
# Create a temporary directory
|
|
temp=$(mktemp -d)
|
|
|
|
# Function to cleanup temporary directory on exit
|
|
cleanup() {
|
|
rm -rf "$temp"
|
|
}
|
|
trap cleanup EXIT
|
|
|
|
# Create directory where age key will go.
|
|
# Nixos-anwhere creates a kind of overlay and retains this structure on the final file system.
|
|
mkdir "$temp/root"
|
|
|
|
secret-tool lookup age-identity "$servername" > "$temp/root/age_ed25519"
|
|
|
|
# Set the correct permissions
|
|
chmod 600 "$temp/root/age_ed25519"
|
|
|
|
# Install NixOS to the host system with our age identity
|
|
nix run github:numtide/nixos-anywhere -- --extra-files "$temp" --flake '.#hypervisor' "root@$servername.hyp"
|