format json/yml/sh
This commit is contained in:
@ -1,9 +1,9 @@
|
||||
#!/usr/bin/env nix
|
||||
#! nix shell nixpkgs#bash nixpkgs#git --command bash
|
||||
|
||||
set -o errexit # abort on nonzero exitstatus
|
||||
set -o nounset # abort on unbound variable
|
||||
set -o pipefail # don't hide errors within pipes
|
||||
set -o errexit # abort on nonzero exitstatus
|
||||
set -o nounset # abort on unbound variable
|
||||
set -o pipefail # don't hide errors within pipes
|
||||
|
||||
PROCEED="N"
|
||||
|
||||
@ -50,60 +50,58 @@ GITBASE="systems"
|
||||
FEATUREBRANCH="feature/adding-$MACHINENAME"
|
||||
|
||||
if [ $PROCEED != "Y" ]; then
|
||||
echo "PROCEED is not set correctly, please validate the below partitions and update the script accordingly"
|
||||
lsblk -ao NAME,FSTYPE,FSSIZE,FSUSED,SIZE,MOUNTPOINT
|
||||
echo "PROCEED is not set correctly, please validate the below partitions and update the script accordingly"
|
||||
lsblk -ao NAME,FSTYPE,FSSIZE,FSUSED,SIZE,MOUNTPOINT
|
||||
fi
|
||||
|
||||
|
||||
|
||||
if [ $CREATEPARTS = "Y" ]; then
|
||||
# Create partition table
|
||||
sudo parted "/dev/$DRIVE" -- mklabel gpt
|
||||
# Create partition table
|
||||
sudo parted "/dev/$DRIVE" -- mklabel gpt
|
||||
|
||||
# Create boot part
|
||||
sudo parted "/dev/$DRIVE" -- mkpart ESP fat32 1MB 1024MB
|
||||
sudo parted "/dev/$DRIVE" -- set 1 esp on
|
||||
sudo mkfs.fat -F 32 -n NIXBOOT "/dev/${DRIVE}1"
|
||||
# Create boot part
|
||||
sudo parted "/dev/$DRIVE" -- mkpart ESP fat32 1MB 1024MB
|
||||
sudo parted "/dev/$DRIVE" -- set 1 esp on
|
||||
sudo mkfs.fat -F 32 -n NIXBOOT "/dev/${DRIVE}1"
|
||||
|
||||
# Create luks part
|
||||
sudo parted "/dev/$DRIVE" -- mkpart primary ext4 1024MB 100%
|
||||
sudo parted "/dev/$DRIVE" -- set 2 lvm on
|
||||
|
||||
LUKSPART="nixos-pv"
|
||||
sudo cryptsetup luksFormat "/dev/${DRIVE}p2"
|
||||
sudo cryptsetup luksOpen "/dev/${DRIVE}p2" "$LUKSPART"
|
||||
# Create luks part
|
||||
sudo parted "/dev/$DRIVE" -- mkpart primary ext4 1024MB 100%
|
||||
sudo parted "/dev/$DRIVE" -- set 2 lvm on
|
||||
|
||||
# Create lvm part
|
||||
sudo pvcreate "/dev/mapper/$LUKSPART"
|
||||
sudo pvresize "/dev/mapper/$LUKSPART"
|
||||
sudo pvdisplay
|
||||
LUKSPART="nixos-pv"
|
||||
sudo cryptsetup luksFormat "/dev/${DRIVE}p2"
|
||||
sudo cryptsetup luksOpen "/dev/${DRIVE}p2" "$LUKSPART"
|
||||
|
||||
# Create volume group
|
||||
sudo vgcreate "$VOLGROUP" "/dev/mapper/$LUKSPART"
|
||||
sudo vgchange -a y "$VOLGROUP"
|
||||
sudo vgdisplay
|
||||
# Create lvm part
|
||||
sudo pvcreate "/dev/mapper/$LUKSPART"
|
||||
sudo pvresize "/dev/mapper/$LUKSPART"
|
||||
sudo pvdisplay
|
||||
|
||||
# Create swap part on LVM
|
||||
if [ $SWAPSIZE != 0 ]; then
|
||||
sudo lvcreate -L "$SWAPSIZE" "$VOLGROUP" -n swap
|
||||
sudo mkswap -L NIXSWAP -c "$SWAPPATH"
|
||||
fi
|
||||
# Create volume group
|
||||
sudo vgcreate "$VOLGROUP" "/dev/mapper/$LUKSPART"
|
||||
sudo vgchange -a y "$VOLGROUP"
|
||||
sudo vgdisplay
|
||||
|
||||
# Create home part on LVM, leaving plenty of room for snapshots
|
||||
sudo lvcreate -l 50%FREE "$VOLGROUP" -n home
|
||||
sudo mkfs.ext4 -L NIXHOME -c "$HOMEPATH"
|
||||
# Create swap part on LVM
|
||||
if [ $SWAPSIZE != 0 ]; then
|
||||
sudo lvcreate -L "$SWAPSIZE" "$VOLGROUP" -n swap
|
||||
sudo mkswap -L NIXSWAP -c "$SWAPPATH"
|
||||
fi
|
||||
|
||||
# Create root part on LVM, keeping in mind most data will be on /home or /nix
|
||||
sudo lvcreate -L 5G "$VOLGROUP" -n root
|
||||
sudo mkfs.ext4 -L NIXROOT -c "$ROOTPATH"
|
||||
# Create home part on LVM, leaving plenty of room for snapshots
|
||||
sudo lvcreate -l 50%FREE "$VOLGROUP" -n home
|
||||
sudo mkfs.ext4 -L NIXHOME -c "$HOMEPATH"
|
||||
|
||||
# Create nix part on LVM
|
||||
sudo lvcreate -L 100G "$VOLGROUP" -n nix-store
|
||||
sudo mkfs.ext4 -L NIXSTORE -c "$NIXSTOREPATH"
|
||||
# Create root part on LVM, keeping in mind most data will be on /home or /nix
|
||||
sudo lvcreate -L 5G "$VOLGROUP" -n root
|
||||
sudo mkfs.ext4 -L NIXROOT -c "$ROOTPATH"
|
||||
|
||||
sudo lvdisplay
|
||||
# Create nix part on LVM
|
||||
sudo lvcreate -L 100G "$VOLGROUP" -n nix-store
|
||||
sudo mkfs.ext4 -L NIXSTORE -c "$NIXSTOREPATH"
|
||||
|
||||
lsblk -ao NAME,FSTYPE,FSSIZE,FSUSED,SIZE,MOUNTPOINT
|
||||
sudo lvdisplay
|
||||
|
||||
lsblk -ao NAME,FSTYPE,FSSIZE,FSUSED,SIZE,MOUNTPOINT
|
||||
fi
|
||||
|
||||
# Mount partitions
|
||||
@ -116,7 +114,7 @@ sudo mount $BOOTPART /mnt/boot
|
||||
|
||||
# Enable swap if SWAPSIZE is non-zero
|
||||
if [ $SWAPSIZE != 0 ]; then
|
||||
sudo swapon "/dev/$VOLGROUP/swap"
|
||||
sudo swapon "/dev/$VOLGROUP/swap"
|
||||
fi
|
||||
|
||||
# Clone the repo
|
||||
@ -135,31 +133,31 @@ read -r -p "get this into github so you can check everything in, then hit enter
|
||||
cat "$DOTS/id_ed25519_ghdeploy.pub"
|
||||
|
||||
if [ $SOPS == "Y" ]; then
|
||||
# Create ssh host-keys
|
||||
sudo ssh-keygen -A
|
||||
sudo mkdir -p /mnt/etc/ssh
|
||||
sudo cp "/etc/ssh/ssh_host_*" /mnt/etc/ssh
|
||||
# Create ssh host-keys
|
||||
sudo ssh-keygen -A
|
||||
sudo mkdir -p /mnt/etc/ssh
|
||||
sudo cp "/etc/ssh/ssh_host_*" /mnt/etc/ssh
|
||||
|
||||
# Get line where AGE comment is and insert new AGE key two lines down
|
||||
AGELINE=$(grep "Generate AGE keys from SSH keys with" "$DOTS/.sops.yaml" -n | awk -F ':' '{print ($1+2)}')
|
||||
AGEKEY=$(nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age')
|
||||
sudo sed -i "${AGELINE}i\\ - &${MACHINENAME} $AGEKEY\\" "$DOTS/.sops.yaml"
|
||||
# Get line where AGE comment is and insert new AGE key two lines down
|
||||
AGELINE=$(grep "Generate AGE keys from SSH keys with" "$DOTS/.sops.yaml" -n | awk -F ':' '{print ($1+2)}')
|
||||
AGEKEY=$(nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age')
|
||||
sudo sed -i "${AGELINE}i\\ - &${MACHINENAME} $AGEKEY\\" "$DOTS/.sops.yaml"
|
||||
|
||||
# Add server name
|
||||
SERVERLINE=$(grep 'servers: &servers' "$DOTS/.sops.yaml" -n | awk -F ':' '{print ($1+1)}')
|
||||
sudo sed -i "${SERVERLINE}i\\ - *${MACHINENAME}\\" "$DOTS/.sops.yaml"
|
||||
# Add server name
|
||||
SERVERLINE=$(grep 'servers: &servers' "$DOTS/.sops.yaml" -n | awk -F ':' '{print ($1+1)}')
|
||||
sudo sed -i "${SERVERLINE}i\\ - *${MACHINENAME}\\" "$DOTS/.sops.yaml"
|
||||
|
||||
# Add creation rules
|
||||
CREATIONLINE=$(grep 'creation_rules' "$DOTS/.sops.yaml" -n | awk -F ':' '{print ($1+1)}')
|
||||
# TODO: below was not working when last attempted
|
||||
read -r -d '' PATHRULE <<-EOF
|
||||
# Add creation rules
|
||||
CREATIONLINE=$(grep 'creation_rules' "$DOTS/.sops.yaml" -n | awk -F ':' '{print ($1+1)}')
|
||||
# TODO: below was not working when last attempted
|
||||
read -r -d '' PATHRULE <<-EOF
|
||||
- path_regex: $GITBASE/$MACHINENAME/secrets\.yaml$
|
||||
key_groups:
|
||||
- pgp: *$OWNERORADMINS
|
||||
age:
|
||||
- *$MACHINENAME
|
||||
EOF
|
||||
sudo sed -i "${CREATIONLINE}i\\${PATHRULE}\\" "$DOTS/.sops.yaml"
|
||||
sudo sed -i "${CREATIONLINE}i\\${PATHRULE}\\" "$DOTS/.sops.yaml"
|
||||
fi
|
||||
|
||||
read -r -p "press enter to continue"
|
||||
|
||||
Reference in New Issue
Block a user