-
Notifications
You must be signed in to change notification settings - Fork 0
/
shell.nix
89 lines (82 loc) · 2.35 KB
/
shell.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
{pkgs ? import <nixpkgs> {}, ...}: let
aliases = [
{
name = "host-switch";
command = ''
git add --all
nh os switch . -- --impure
'';
description = "switch host config";
}
{
name = "host-update";
command = "nh os switch . --update";
description = "update host config";
}
{
name = "ssh-new-user-key";
command = ''
ssh-keygen -f ./host/$1/user_$2_ssh_id_ed25519 -t ed25519 -C $2@$1
printf "\nage key:\n"
ssh-to-age < ./host/$1/user_$2_ssh_id_ed25519.pub
'';
description = "[host user] create a new user key";
}
{
name = "ssh-new-host-key";
command = ''
ssh-keygen -f ./host/$1/ssh_host_ed25519_key -t ed25519 -C root@$1
printf "\nadd this key to .sops.yaml\n"
ssh-to-age < ./host/$1/ssh_host_ed25519_key.pub
printf "\nand run sops-update-keys\n"
'';
description = "[host] create a new host key";
}
{
name = "sops";
command = "sops";
description = "[file] update secrets";
}
{
name = "sops-mkpasswd";
command = "echo \"$1\" | mkpasswd -s";
description = "[password] generate password";
}
{
name = "sops-updatekeys";
command = "sops updatekeys";
description = "[file] update secrets keys";
}
{
name = "build";
command = "nix build .#$1";
description = "[package] build package";
}
{
name = "install-remote";
command = ''
temp=$(mktemp -d)
cleanup() {
rm -rf "$temp"
}
trap cleanup EXIT
install -d -m755 "$temp/persist/etc/ssh"
cat ./host/$1/ssh_host_ed25519_key > "$temp/persist/etc/ssh/ssh_host_ed25519_key"
chmod 600 "$temp/persist/etc/ssh/ssh_host_ed25519_key"
nixos-anywhere --extra-files "$temp" --flake .#$1 $2 --option pure-eval false
'';
description = "[host user@ip] install on remote host";
}
];
in {
default = pkgs.mkShell {
buildInputs =
[pkgs.nh pkgs.ssh-to-age pkgs.sops pkgs.nixos-anywhere]
++ (map (alias: pkgs.writeShellScriptBin alias.name alias.command) aliases);
shellHook = ''
printf "\e[33m
${builtins.concatStringsSep "\n" (map (alias: "\\e[1m${alias.name}\\e[0m\\e[33m \t\t -> ${alias.description}") aliases)}
\e[0m"
'';
};
}