shebpamm · April 3, 2023 05:42
diff --git a/provision.sh b/provision.sh
 #!/usr/bin/env nix-shell
 #! nix-shell -i bash -p git curl gnupg pinentry gum sops

 # shellcheck shell=bash

 # HOSTNAME=$(gum input --placeholder "Enter hostname...")


 function setup_disks() {
  # Format
  nix build --extra-experimental-features nix-command --extra-experimental-features flakes ".#nixosConfigurations.hexane.config.system.build.formatScript" --impure --no-link --print-out-paths | sh "$(cat -)" < /dev/tty

  # Mount
  nix build --extra-experimental-features nix-command --extra-experimental-features flakes ".#nixosConfigurations.hexane.config.system.build.mountScript" --impure --no-link --print-out-paths | sh "$(cat -)"

 }

 # Gpg & Yubikey
 function setup_secrets() {
  chown root "$(tty)"

  gpg-agent --homedir /root/.gnupg --daemon --pinentry-program "$(which pinentry)"

  # Prompt for starting the unlock process
  echo "Please insert your Yubikey and press enter to continue..."
  read -r

  curl -sSL https://github.com/shebpamm.gpg | gpg --import -
  gpg --card-status

  # Copy deployment key from repo
  cd /root/dots-nix || exit
  sops -d secrets/age.key > /etc/ssh/ssh_sops_key

  # Copy secrets to mount
  mkdir -p /mnt/etc/ssh
  cp /etc/ssh/ssh_sops_key /mnt/etc/ssh/ssh_sops_key
 }

 function bootstrap() {
  echo "Bootstrapping home folder..."
  cp -r /root/dots-nix /mnt/home/shebpamm/dotfiles

  chown shebpamm:users -R /mnt/home/shebpamm
 }

 cd /root || exit
 git clone --recurse-submodules -j8 https://github.com/shebpamm/dots-nix

 nixos-generate-config --no-filesystems --dir /root/config-gen
 cp /root/config-gen/hardware-configuration.nix /root/dots-nix/hosts/hexane/hardware-configuration.nix

 cd dots-nix || exit

 setup_disks
 setup_secrets

 bootstrap

 nixos-install --no-root-passwd --flake ".#hexane"
	#!/usr/bin/env nix-shell
	#! nix-shell -i bash -p git curl gnupg pinentry gum sops

	# shellcheck shell=bash

	# HOSTNAME=$(gum input --placeholder "Enter hostname...")


	function setup_disks() {
	# Format
	nix build --extra-experimental-features nix-command --extra-experimental-features flakes ".#nixosConfigurations.hexane.config.system.build.formatScript" --impure --no-link --print-out-paths \| sh "$(cat -)" < /dev/tty

	# Mount
	nix build --extra-experimental-features nix-command --extra-experimental-features flakes ".#nixosConfigurations.hexane.config.system.build.mountScript" --impure --no-link --print-out-paths \| sh "$(cat -)"

	}

	# Gpg & Yubikey
	function setup_secrets() {
	chown root "$(tty)"

	gpg-agent --homedir /root/.gnupg --daemon --pinentry-program "$(which pinentry)"

	# Prompt for starting the unlock process
	echo "Please insert your Yubikey and press enter to continue..."
	read -r

	curl -sSL https://github.com/shebpamm.gpg \| gpg --import -
	gpg --card-status

	# Copy deployment key from repo
	cd /root/dots-nix \|\| exit
	sops -d secrets/age.key > /etc/ssh/ssh_sops_key

	# Copy secrets to mount
	mkdir -p /mnt/etc/ssh
	cp /etc/ssh/ssh_sops_key /mnt/etc/ssh/ssh_sops_key
	}

	function bootstrap() {
	echo "Bootstrapping home folder..."
	cp -r /root/dots-nix /mnt/home/shebpamm/dotfiles

	chown shebpamm:users -R /mnt/home/shebpamm
	}

	cd /root \|\| exit
	git clone --recurse-submodules -j8 https://github.com/shebpamm/dots-nix

	nixos-generate-config --no-filesystems --dir /root/config-gen
	cp /root/config-gen/hardware-configuration.nix /root/dots-nix/hosts/hexane/hardware-configuration.nix

	cd dots-nix \|\| exit

	setup_disks
	setup_secrets

	bootstrap

	nixos-install --no-root-passwd --flake ".#hexane"