squibid/flake-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
flake-config/shell.nix
Squibid 754e4c945e
update the shell
2025-12-01 21:45:43 -05:00

86 lines
2.5 KiB
Nix
Raw Blame History

{
pkgs ?
# If pkgs is not defined, instantiate nixpkgs from locked commit
# yoinked from (github.com/EmergentMind/nix-config)
let
lock = (builtins.fromJSON (builtins.readFile ./flake.lock)).nodes.nixpkgs.locked;
nixpkgs = builtins.fetchTarball {
url = "https://github.com/${lock.owner}/${lock.repo}/archive/${lock.rev}.tar.gz";
sha256 = lock.narHash;
};
in
builtins.import nixpkgs { overlays = [ ]; },
...
}:
pkgs.mkShell {
nativeBuildInputs = with pkgs.buildPackages; [
git
openssh
ssh-to-age
nixos-anywhere
(pkgs.writeShellScriptBin "-sops" "sops updatekeys secrets.yaml")
(pkgs.writeShellScriptBin "-init" ''
USER="root"
if [ -z "$1" ] || [ -z "$2" ]; then
echo "the 1st argument must be the ip address"
echo "the 2nd argument must be the new hostname (the nix flake host)"
echo "the 3rd argument may be the user to ssh with if unset the default is root"
exit 0
fi
IP=$1
HOST=$2
if [ -n "$3" ]; then
USER=$3
fi
# get the remote systems ssh key
key=$(ssh $(USER)@$(IP) 'cat /etc/ssh/ssh_host_ed25519_key.pub' | ssh-to-age)
if [ -z "$key" ]; then
echo "failed to get the remote systems ssh pubkey"
exit 1
fi
# add the new sops key to the .sops.yaml
sed -i '/# new-host marker/i\ - &$(HOST) $(key)' .sops.yaml
sed -i '/# new-host ptr marker/i\ - *$(HOST)' .sops.yaml
# update the keys
sops updatekeys secrets.yaml
# push the flake to the remote system
nixos-anywhere --\
--flake .#$HOST\
--build-on remote\
--copy-host-keys\
--generate-hardware-config nixos-generate-config ./hosts/$HOST/hardware-configuration.nix\
--target-host $USER@$IP
'')
(pkgs.writeShellScriptBin "-deploy" ''
# there shall be no impurity
if [ -n "$(git diff)" ]; then
git add .
git commit -m "auto commit on build" -m "`PAGER=cat git diff --name-only --cached`"
fi
# push flake config to a remote server(s)
nix run github:serokell/deploy-rs . # this needs to be the same version that the flake is using
'')
];
shellHook = ''
cat << EOF
# This is my tiny nix shell to create new machines and update existing ones
# it requires you to have nix and sops installed to correctly setup a new
# system and nix to deploy to an existing one.
#
# Available commands:
# '-sops' -> updates your sops secret file
# '-init' -> initializes a new system with nix-anywhere
# '-deploy' -> deploys the existing flake to all nodes using deploy-rs
EOF
'';
}
Reference in a new issue View git blame Copy permalink