53 lines
1.6 KiB
Nix
53 lines
1.6 KiB
Nix
let
|
|
sources = import ./nix/sources.nix;
|
|
pkgs = import sources.nixpkgs { };
|
|
|
|
nix-pre-commit-hooks = import sources."pre-commit-hooks.nix";
|
|
|
|
pre-commit-check = nix-pre-commit-hooks.run {
|
|
src = ./.;
|
|
hooks = {
|
|
nixpkgs-fmt.enable = true;
|
|
};
|
|
};
|
|
|
|
scripts = {
|
|
update-sources = ''
|
|
set -e
|
|
git diff --exit-code -s nix/sources.json || (echo "File nix/sources.json has unstaged changes, refusing to update." >&2 && exit 1)
|
|
git diff --cached --exit-code -s nix/sources.json || (echo "File nix/sources.json has staged changes, refusing to update." >&2 && exit 1)
|
|
niv update
|
|
git diff --exit-code -s nix/sources.json && echo "Already up to date." && exit 0
|
|
git commit -m "Update sources" nix/sources.json
|
|
'';
|
|
|
|
deploy = ''
|
|
set -e
|
|
$(nix-build --no-out-link deploy.nix -A "$1")
|
|
'';
|
|
|
|
unlock = ''
|
|
set -eo pipefail
|
|
machine="$1"
|
|
hostname="$(nix-instantiate --eval --json machines -A "$1".target | ${pkgs.jq}/bin/jq -r . | cut -d@ -f2)"
|
|
ssh \
|
|
-oStrictHostKeyChecking=no \
|
|
-oGlobalKnownHostsFile=<(echo "[$hostname]:2222 ssh-ed25519 $(ssh-keygen -l -f <(ssh-keygen -y -f<(pass "nixos/machines/$machine/initrd-ssh-host-key")) | cut -d' ' -f2)") \
|
|
-4 \
|
|
-p 2222 \
|
|
"root@$hostname" \
|
|
"cat > /crypt-ramfs/passphrase" < <(pass "devices/$machine/luks")
|
|
'';
|
|
};
|
|
in
|
|
pkgs.mkShell {
|
|
buildInputs = (with pkgs; [
|
|
git
|
|
niv
|
|
nixpkgs-fmt
|
|
]) ++ (builtins.attrValues (builtins.mapAttrs pkgs.writeShellScriptBin scripts));
|
|
shellHook = ''
|
|
${pre-commit-check.shellHook}
|
|
'';
|
|
}
|