diff --git a/applications/default.nix b/applications/default.nix index 8c4af38..0e3bb3e 100644 --- a/applications/default.nix +++ b/applications/default.nix @@ -1,3 +1,4 @@ {pkgs}: { write-iso = pkgs.callPackage ./write-iso.nix {}; + install-remote = pkgs.callPackage ./install-remote.nix {}; } diff --git a/applications/install-remote.nix b/applications/install-remote.nix new file mode 100644 index 0000000..1f3bd82 --- /dev/null +++ b/applications/install-remote.nix @@ -0,0 +1,4 @@ +{remote-installer}: { + type = "app"; + program = "${remote-installer}/bin/remote-installer"; +} diff --git a/modules/dk1-iso.nix b/modules/dk1-iso.nix index 3db4931..fbd8b73 100644 --- a/modules/dk1-iso.nix +++ b/modules/dk1-iso.nix @@ -79,6 +79,7 @@ users = { root = { isSystemUser = true; + hashedPassword = null; hashedPasswordFile = config.sops.secrets.root-password.path; openssh.authorizedKeys.keys = with lib.sshKeys; [ lp1.user @@ -88,13 +89,17 @@ user = { isNormalUser = true; extraGroups = ["wheel"]; + hashedPassword = null; hashedPasswordFile = config.sops.secrets.user-password.path; openssh.authorizedKeys.keys = with lib.sshKeys; [ lp1.user lp2.user ]; }; - nixos.hashedPasswordFile = config.sops.secrets.user-password.path; + nixos = { + hashedPassword = null; + hashedPasswordFile = config.sops.secrets.user-password.path; + }; }; }; diff --git a/packages/default.nix b/packages/default.nix index 3ca6ab7..d1ddc20 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -3,4 +3,5 @@ my-site = pkgs.callPackage ./my-site {}; iso-writer = pkgs.callPackage ./iso-writer {}; dk1-iso = pkgs.callPackage ./dk1-iso {}; + remote-installer = pkgs.callPackage ./remote-installer {}; } diff --git a/packages/remote-installer/default.nix b/packages/remote-installer/default.nix new file mode 100644 index 0000000..45bccd8 --- /dev/null +++ b/packages/remote-installer/default.nix @@ -0,0 +1,28 @@ +{ + lib, + stdenvNoCC, + makeWrapper, + coreutils, + nixos-anywhere, +}: let + inherit (lib) makeBinPath; + runtimeInputs = [ + coreutils + nixos-anywhere + ]; +in + stdenvNoCC.mkDerivation { + name = "remote-installer"; + src = ./src; + nativeBuildInputs = [makeWrapper]; + buildInputs = runtimeInputs; + installPhase = '' + mkdir -p $out/bin + cp $src/remote-installer.sh $out/bin/remote-installer + chmod +x $out/bin/remote-installer + ''; + postFixup = '' + wrapProgram $out/bin/remote-installer \ + --set PATH ${makeBinPath runtimeInputs} + ''; + } diff --git a/packages/remote-installer/src/remote-installer.sh b/packages/remote-installer/src/remote-installer.sh new file mode 100644 index 0000000..294bc2e --- /dev/null +++ b/packages/remote-installer/src/remote-installer.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash + +read -a arguments <<< "$@" +number_of_arguments="${#arguments[@]}" +arguments_last_index="$(expr $number_of_arguments - 1)" +for argument_index in $(seq 0 "$arguments_last_index") +do + argument="${arguments[argument_index]}" + next_argument_index="$(expr $argument_index + 1)" + next_argument="${arguments[next_argument_index]}" + case "$argument" in + --*) + name="${argument/--/}" + [ "$argument_index" -eq "$arguments_last_index" \ + -o "${next_argument:0:2}" = "--" ] \ + && declare "$name=$name" + ;; + *) + value="$argument" + [ -n "$name" ] \ + && declare "$name=$value" + name="" + ;; + esac +done + +[ -n "$help" ] \ + && printf "Usage: remote-installer" \ + && printf " [--help]" \ + && printf "\n" \ + && printf "Install a NixOS configuration remotely." \ + && printf "\n" \ + && exit + +[ -z "$flake_address" ] \ + && protocol="git+https" \ + && gitea="gitea.dylanblades.com" \ + && repository="Bladesy/nixos-config" \ + && flake_address="$protocol://$gitea/$repository" +[ -z "$host_name" ] \ + && printf "host_name not provided.\n" \ + && exit +[ -z "$host_address" ] \ + && printf "host_address not provided.\n" \ + && exit + +nixos-anywhere \ + --disko-mode disko \ + --flake "$flake_address#$host_name" \ + --target-host "root@$host_address"