jan-leila/nix-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

fixed sops age keyFile getting sent to instal target

Browse source
This commit is contained in:
Leyla Becker 2024-09-15 19:49:30 -05:00
parent e65143b835
commit 16bb44f5e8
3 changed files with 60 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -21,7 +21,7 @@ keys for decrypting password secrets for each users located at `/var/lib/sops-ni
updating passwords: `sops secrets/secrets.yaml` updating passwords: `sops secrets/secrets.yaml`
`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#hostname' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` `./install.sh --target 192.168.1.130 --flake hostname`
> how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU

6
enviroments/common/default.nix
View file

@ -31,13 +31,17 @@
sops = { sops = {
defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml"; defaultSopsFormat = "yaml";
gnupg.sshKeyPaths = [];
age ={ age ={
keyFile = "/var/lib/sops-nix/key.txt"; keyFile = "/var/lib/sops-nix/key.txt";
# sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; sshKeyPaths = [];
# generateKey = true; # generateKey = true;
}; };
}; };
environment.sessionVariables = {
AGE_KEY_FILE_LOCATION = "/var/lib/sops-nix/";
};
# List packages installed in system profile. # List packages installed in system profile.
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

54
install.sh Executable file
View file

@ -0,0 +1,54 @@
#!/usr/bin/env bash
while [ $# -gt 0 ]; do
case "$1" in
--target*|-t*)
if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=`
target="${1#*=}"
;;
--flake*|-f*)
if [[ "$1" != *=* ]]; then shift; fi
flake="${1#*=}"
;;
--user*|-u*)
if [[ "$1" != *=* ]]; then shift; fi
user="${1#*=}"
;;
--help|-h)
echo "--help -h: print this message"
echo "--target -t: set the target system to install on"
echo "--flake -f: set the flake to install on the target system"
echo "--user -u: set the user to install flake as on the target system"
exit 0
;;
*)
echo "Error: Invalid argument $1"
exit 1
;;
esac
shift
done
if [ -z ${target} ]; then
echo "target is blank";
exit 1;
fi
if [ -z ${flake} ]; then
echo "flake is blank";
exit 1;
fi
temp=$(mktemp -d)
# Function to cleanup temporary directory on exit
cleanup() {
rm -rf "$temp"
}
trap cleanup EXIT
# copy key file to temp folder to copy over to target
mkdir -p $temp$AGE_KEY_FILE_LOCATION
cp -r $AGE_KEY_FILE_LOCATION/* $temp$AGE_KEY_FILE_LOCATION
# commit number in this is because the main branch of nixos-anywhere is broken right now
nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target