infra/scripts/install.sh

#!/usr/bin/env bash

# fail on errors
set -e

die() {
  echo >&2 "$@"
  exit 1
}

# parse args
POSITIONAL_ARGS=()
while [[ $# -gt 0 ]]; do
  case $1 in
    -c|--nixos-config)
      NAME="$2"
      shift # past argument
      shift # past value
      ;;
    -k|--key-dir)
      KEYDIR="$2"
      shift # past argument
      shift # past value
      ;;
    *)
      POSITIONAL_ARGS+=("$1") # save positional arg
      shift # past argument
      ;;
  esac
done

# check args
[ ! -f "$KEYDIR/host.pub" ] && die "host pubkey missing!"
[ ! -f "$KEYDIR/host" ] && die "host privkey missing!"
[ ! -f "$KEYDIR/host_initrd.pub" ] && die "host pubkey (initrd) missing!"
[ ! -f "$KEYDIR/host_initrd" ] && die "host privkey (initrd) missing!"
[ ! -f "$KEYDIR/luks-pw" ] && die "luks pw missing!"

# temp work dir
temp=$(mktemp -d)
cleanup() {
  rm -rf "$temp"
}
trap cleanup EXIT

# prepare host keys
echo "Preparing host keys.."
dir="$temp/persist/etc/ssh"
install -d -m755 "$dir"
cp "$KEYDIR/host" "$dir/ssh_host_ed25519_key"
cp "$KEYDIR/host.pub" "$dir/ssh_host_ed25519_key.pub"
chmod 600 "$dir/ssh_host_ed25519_key"

# prepare host keys (initrd)
echo "Preparing host keys.. (initrd)"
dir="$temp/persist/etc/secrets/initrd"
install -d -m755 "$dir"
cp "$KEYDIR/host" "$dir/ssh_host_ed25519_key"
cp "$KEYDIR/host.pub" "$dir/ssh_host_ed25519_key.pub"
chmod 600 "$dir/ssh_host_ed25519_key"

# nixos-anywhere
echo "Starting install.."
nixos-anywhere \
  --disk-encryption-keys "/tmp/luks-pw" "$KEYDIR/luks-pw" \
  --extra-files "$temp" \
  --flake .#$NAME \
  "${POSITIONAL_ARGS[@]}"

echo -e "Finished install.\n" \
        "Make sure to delete the SSH host keys from here if you are done with them."
Initial commit 2024-10-13 15:16:39 -05:00			`#!/usr/bin/env bash`

			`# fail on errors`
			`set -e`

			`die() {`
			`echo >&2 "$@"`
			`exit 1`
			`}`

			`# parse args`
			`POSITIONAL_ARGS=()`
			`while [[ $# -gt 0 ]]; do`
			`case $1 in`
			`-c\|--nixos-config)`
			`NAME="$2"`
			`shift # past argument`
			`shift # past value`
			`;;`
			`-k\|--key-dir)`
			`KEYDIR="$2"`
			`shift # past argument`
			`shift # past value`
			`;;`
			`*)`
			`POSITIONAL_ARGS+=("$1") # save positional arg`
			`shift # past argument`
			`;;`
			`esac`
			`done`

			`# check args`
			`[ ! -f "$KEYDIR/host.pub" ] && die "host pubkey missing!"`
			`[ ! -f "$KEYDIR/host" ] && die "host privkey missing!"`
			`[ ! -f "$KEYDIR/host_initrd.pub" ] && die "host pubkey (initrd) missing!"`
			`[ ! -f "$KEYDIR/host_initrd" ] && die "host privkey (initrd) missing!"`
			`[ ! -f "$KEYDIR/luks-pw" ] && die "luks pw missing!"`

			`# temp work dir`
			`temp=$(mktemp -d)`
			`cleanup() {`
			`rm -rf "$temp"`
			`}`
			`trap cleanup EXIT`

			`# prepare host keys`
			`echo "Preparing host keys.."`
			`dir="$temp/persist/etc/ssh"`
			`install -d -m755 "$dir"`
			`cp "$KEYDIR/host" "$dir/ssh_host_ed25519_key"`
			`cp "$KEYDIR/host.pub" "$dir/ssh_host_ed25519_key.pub"`
			`chmod 600 "$dir/ssh_host_ed25519_key"`

			`# prepare host keys (initrd)`
			`echo "Preparing host keys.. (initrd)"`
			`dir="$temp/persist/etc/secrets/initrd"`
			`install -d -m755 "$dir"`
			`cp "$KEYDIR/host" "$dir/ssh_host_ed25519_key"`
			`cp "$KEYDIR/host.pub" "$dir/ssh_host_ed25519_key.pub"`
			`chmod 600 "$dir/ssh_host_ed25519_key"`

			`# nixos-anywhere`
			`echo "Starting install.."`
			`nixos-anywhere \`
			`--disk-encryption-keys "/tmp/luks-pw" "$KEYDIR/luks-pw" \`
			`--extra-files "$temp" \`
			`--flake .#$NAME \`
			`"${POSITIONAL_ARGS[@]}"`

			`echo -e "Finished install.\n" \`
			`"Make sure to delete the SSH host keys from here if you are done with them."`