janezicmatej/matej.nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: pregenerate ssh-keys and wire up sops in just provision

Browse Source
This commit is contained in:
Matej Janezic
2026-03-30 01:22:31 +02:00
parent 36630d98a3
commit 18105107a6
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
justfile
View File

@@ -43,7 +43,17 @@ ephvm-ssh port="2222":
# provision a host with nixos-anywhere # provision a host with nixos-anywhere
provision host ip: provision host ip:
nix run github:nix-community/nixos-anywhere -- --flake .#{{host}} --generate-hardware-config nixos-generate-config ./hosts/{{host}}/hardware-configuration.nix root@{{ip}} #!/usr/bin/env bash
set -euo pipefail
tmpdir=$(mktemp -d)
trap 'rm -rf "$tmpdir"' EXIT
install -d -m 755 "$tmpdir/etc/ssh"
ssh-keygen -t ed25519 -f "$tmpdir/etc/ssh/ssh_host_ed25519_key" -N ""
age_key=$(ssh-to-age < "$tmpdir/etc/ssh/ssh_host_ed25519_key.pub")
echo "age key: $age_key"
echo "add this key to .sops.yaml, re-encrypt secrets, then press enter to continue"
read -r
nix run github:nix-community/nixos-anywhere -- --flake .#{{host}} --extra-files "$tmpdir" --generate-hardware-config nixos-generate-config ./hosts/{{host}}/hardware-configuration.nix root@{{ip}}
# deploy config to a remote host # deploy config to a remote host
deploy host remote=host: deploy host remote=host: