diff --git a/docs/install.sh b/docs/install.sh new file mode 100755 index 00000000..5582a05a --- /dev/null +++ b/docs/install.sh @@ -0,0 +1,78 @@ +#!${pkgs.stdenv.shell} + +#set -euo pipefail + +TARGET_HOST="${1:-}" +TARGET_USER="${2:-albert}" + +if [ "$(id -u)" -eq 0 ]; then + echo "ERROR! $(basename "$0") should be run as a regular user" + exit 1 +fi + +if [ ! -d "/tmp/nixos/git/.git" ]; then + git clone --filter=blob:none --no-checkout https://git.sysctl.io/albert/nix "/tmp/nixos/git" + cd /tmp/nixos/git + git sparse-checkout set --cone docs/ home-manager/ keys/ssh/ lib/ nixos/ flake.lock flake.nix shell.nix + git checkout main +fi + +pushd /tmp/nixos/git + +if [[ -z "$TARGET_HOST" ]]; then + echo "ERROR! $(basename "$0") requires a hostname as the first argument" + echo " The following hosts are available" + ls -1 nixos/hosts/*/default.nix | cut -d'/' -f3 | grep -v -E "iso|rpi" + exit 1 +fi + +if [[ -z "$TARGET_USER" ]]; then + echo "ERROR! $(basename "$0") requires a username as the second argument" + echo " The following users are available" + ls -1 nixos/users/ | grep -v -E "nixos|root" + exit 1 +fi + +if [ ! -e "nixos/hosts/$TARGET_HOST/disks.nix" ]; then + echo "ERROR! $(basename "$0") could not find the required nixos/$TARGET_HOST/disks.nix" + exit 1 +fi + +# Check if the machine we're provisioning expects a keyfile to unlock a disk. +# If it does, generate a new key, and write to a known location. +if grep -q "secret.key" "nixos/$TARGET_HOST/disks.nix"; then + echo "Secret key not found. Create one at /tmp/secret.key" + exit 1 +fi + +echo "WARNING! The disks in $TARGET_HOST are about to get wiped" +echo " NixOS will be re-installed" +echo " This is a destructive operation" +echo +read -p "Are you sure? [y/N]" -n 1 -r +echo +if [[ $REPLY =~ ^[Yy]$ ]]; then + sudo true + + sudo nix run github:nix-community/disko \ + --extra-experimental-features "nix-command flakes" \ + --no-write-lock-file \ + -- \ + --mode disko \ + "nixos/hosts/$TARGET_HOST/disks.nix" + + sudo nixos-install --no-root-password --flake ".#$TARGET_HOST" + + # Rsync nix-config to the target install. + sudo mkdir -p "/mnt/etc/nixos" + sudo rsync -a --delete "/tmp/nixos/git/" "/mnt/etc/nixos/git/" + pushd "/mnt/etc/nixos/git/" + popd + + # If there is a keyfile for a data disk, put copy it to the root partition and + # ensure the permissions are set appropriately. + if [[ -f "/tmp/secret.key" ]]; then + sudo cp /tmp/secret.key /mnt/etc/secret.key + sudo chmod 0400 /mnt/etc/secret.key + fi +fi \ No newline at end of file