janezicmatej/matej.nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: improve scripts setup (lint, format, refactor)

Browse Source
This commit is contained in:
Matej Janezic
2026-03-21 17:38:19 +01:00
parent 7fcd8b2ec8
commit d8ab6207d5
7 changed files with 310 additions and 202 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.pre-commit-config.yaml
View File

@@ -12,3 +12,13 @@ repos:
language: system language: system
files: \.nix$ files: \.nix$
pass_filenames: false pass_filenames: false
- repo: https://github.com/koalaman/shellcheck-precommit
rev: v0.11.0
hooks:
- id: shellcheck
args: [-x, -P, scripts]
- repo: https://github.com/scop/pre-commit-shfmt
rev: v3.12.0-2
hooks:
- id: shfmt
args: [-d]

2
flake.nix
View File

@@ -147,6 +147,8 @@
packages = [ packages = [
pkgs.pre-commit pkgs.pre-commit
pkgs.statix pkgs.statix
pkgs.shellcheck
pkgs.shfmt
pkgs.qemu pkgs.qemu
]; ];
}; };

91
packages/ahab/update.sh
View File

@@ -1,5 +1,6 @@
#!/usr/bin/env nix-shell #!/usr/bin/env nix-shell
#!nix-shell -i bash -p curl jq nix-prefetch #!nix-shell -i bash -p curl jq nix-prefetch
# shellcheck shell=bash
set -euo pipefail set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
@@ -9,54 +10,62 @@ PKG_FILE="$SCRIPT_DIR/package.nix"
cd "$ROOT_DIR" cd "$ROOT_DIR"
extract_hash() { extract_hash() {
sed 's/\x1b\[[0-9;]*m//g' | grep 'got:' | tail -1 | grep -oP 'sha256-[A-Za-z0-9+/]+=' sed 's/\x1b\[[0-9;]*m//g' | grep 'got:' | tail -1 | grep -oP 'sha256-[A-Za-z0-9+/]+='
} }
echo "fetching latest version..." main() {
LATEST=$(curl -sf "https://git.janezic.dev/api/v1/repos/janezicmatej/ahab/tags?limit=1" | jq -r '.[0].name') echo "fetching latest version..."
CURRENT=$(grep 'version = ' "$PKG_FILE" | head -1 | sed 's/.*"\(.*\)".*/\1/') local latest current
latest=$(curl -sf "https://git.janezic.dev/api/v1/repos/janezicmatej/ahab/tags?limit=1" | jq -r '.[0].name')
current=$(grep 'version = ' "$PKG_FILE" | head -1 | sed 's/.*"\(.*\)".*/\1/')
if [[ "$CURRENT" == "$LATEST" ]]; then if [[ "$current" == "$latest" ]]; then
echo "ahab already at $LATEST" echo "ahab already at $latest"
exit 0 return 0
fi fi
echo "updating ahab: $CURRENT -> $LATEST" echo "updating ahab: $current -> $latest"
echo " prefetching source..." echo " prefetching source..."
BASE32=$(nix-prefetch-url --unpack "https://git.janezic.dev/janezicmatej/ahab/archive/${LATEST}.tar.gz" 2>/dev/null) local base32 src_hash
SRC_HASH=$(nix hash convert --to sri "sha256:$BASE32") base32=$(nix-prefetch-url --unpack "https://git.janezic.dev/janezicmatej/ahab/archive/${latest}.tar.gz" 2>/dev/null)
echo " source: $SRC_HASH" src_hash=$(nix hash convert --to sri "sha256:$base32")
echo " source: $src_hash"
echo " computing cargo hash..." echo " computing cargo hash..."
BUILD_OUTPUT=$(nix build --no-link --impure --expr " local build_output cargo_hash
let build_output=$(nix build --no-link --impure --expr "
pkgs = (builtins.getFlake \"path:$ROOT_DIR\").inputs.nixpkgs.legacyPackages.\${builtins.currentSystem}; let
in pkgs.rustPlatform.fetchCargoVendor { pkgs = (builtins.getFlake \"path:$ROOT_DIR\").inputs.nixpkgs.legacyPackages.\${builtins.currentSystem};
src = pkgs.fetchFromGitea { in pkgs.rustPlatform.fetchCargoVendor {
domain = \"git.janezic.dev\"; src = pkgs.fetchFromGitea {
owner = \"janezicmatej\"; domain = \"git.janezic.dev\";
repo = \"ahab\"; owner = \"janezicmatej\";
rev = \"$LATEST\"; repo = \"ahab\";
hash = \"$SRC_HASH\"; rev = \"$latest\";
}; hash = \"$src_hash\";
hash = \"\"; };
} hash = \"\";
" 2>&1) || true }
CARGO_HASH=$(echo "$BUILD_OUTPUT" | extract_hash) || true " 2>&1) || true
cargo_hash=$(echo "$build_output" | extract_hash) || true
if [[ -z "$CARGO_HASH" ]]; then if [[ -z "$cargo_hash" ]]; then
echo " error: failed to compute cargo hash" echo "error: failed to compute cargo hash" >&2
echo "$BUILD_OUTPUT" echo "$build_output" >&2
exit 1 exit 1
fi fi
echo " cargo: $CARGO_HASH" echo " cargo: $cargo_hash"
OLD_SRC=$(grep 'sha256 = ' "$PKG_FILE" | grep -oP 'sha256-[A-Za-z0-9+/]+=') local old_src old_cargo
OLD_CARGO=$(grep 'cargoHash = ' "$PKG_FILE" | grep -oP 'sha256-[A-Za-z0-9+/]+=') old_src=$(grep 'sha256 = ' "$PKG_FILE" | grep -oP 'sha256-[A-Za-z0-9+/]+=')
old_cargo=$(grep 'cargoHash = ' "$PKG_FILE" | grep -oP 'sha256-[A-Za-z0-9+/]+=')
sed -i "s|version = \"$CURRENT\"|version = \"$LATEST\"|" "$PKG_FILE" sed -i "s|version = \"$current\"|version = \"$latest\"|" "$PKG_FILE"
sed -i "s|$OLD_SRC|$SRC_HASH|" "$PKG_FILE" sed -i "s|$old_src|$src_hash|" "$PKG_FILE"
sed -i "s|$OLD_CARGO|$CARGO_HASH|" "$PKG_FILE" sed -i "s|$old_cargo|$cargo_hash|" "$PKG_FILE"
echo "ahab updated to $LATEST" echo "ahab updated to $latest"
}
main "$@"

93
packages/ggman/update.sh
View File

@@ -1,5 +1,6 @@
#!/usr/bin/env nix-shell #!/usr/bin/env nix-shell
#!nix-shell -i bash -p curl jq nix-prefetch #!nix-shell -i bash -p curl jq nix-prefetch
# shellcheck shell=bash
set -euo pipefail set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
@@ -9,55 +10,63 @@ PKG_FILE="$SCRIPT_DIR/package.nix"
cd "$ROOT_DIR" cd "$ROOT_DIR"
extract_hash() { extract_hash() {
sed 's/\x1b\[[0-9;]*m//g' | grep 'got:' | tail -1 | grep -oP 'sha256-[A-Za-z0-9+/]+=' sed 's/\x1b\[[0-9;]*m//g' | grep 'got:' | tail -1 | grep -oP 'sha256-[A-Za-z0-9+/]+='
} }
echo "fetching latest tag..." main() {
LATEST=$(curl -sf "https://api.github.com/repos/tkw1536/ggman/tags?per_page=1" | jq -r '.[0].name') echo "fetching latest tag..."
CURRENT=$(grep 'version = ' "$PKG_FILE" | head -1 | sed 's/.*"\(.*\)".*/\1/') local latest current
latest=$(curl -sf "https://api.github.com/repos/tkw1536/ggman/tags?per_page=1" | jq -r '.[0].name')
current=$(grep 'version = ' "$PKG_FILE" | head -1 | sed 's/.*"\(.*\)".*/\1/')
if [[ "$CURRENT" == "$LATEST" ]]; then if [[ "$current" == "$latest" ]]; then
echo "ggman already at $LATEST" echo "ggman already at $latest"
exit 0 return 0
fi fi
echo "updating ggman: $CURRENT -> $LATEST" echo "updating ggman: $current -> $latest"
echo " prefetching source..." echo " prefetching source..."
BASE32=$(nix-prefetch-url --unpack "https://github.com/tkw1536/ggman/archive/${LATEST}.tar.gz" 2>/dev/null) local base32 src_hash
SRC_HASH=$(nix hash convert --to sri "sha256:$BASE32") base32=$(nix-prefetch-url --unpack "https://github.com/tkw1536/ggman/archive/${latest}.tar.gz" 2>/dev/null)
echo " source: $SRC_HASH" src_hash=$(nix hash convert --to sri "sha256:$base32")
echo " source: $src_hash"
echo " computing vendor hash..." echo " computing vendor hash..."
BUILD_OUTPUT=$(nix build --no-link --impure --expr " local build_output vendor_hash
let build_output=$(nix build --no-link --impure --expr "
pkgs = (builtins.getFlake \"path:$ROOT_DIR\").inputs.nixpkgs-master.legacyPackages.\${builtins.currentSystem}; let
in (pkgs.buildGoModule.override { go = pkgs.go_1_26; } { pkgs = (builtins.getFlake \"path:$ROOT_DIR\").inputs.nixpkgs-master.legacyPackages.\${builtins.currentSystem};
pname = \"ggman\"; in (pkgs.buildGoModule.override { go = pkgs.go_1_26; } {
version = \"$LATEST\"; pname = \"ggman\";
src = pkgs.fetchFromGitHub { version = \"$latest\";
owner = \"tkw1536\"; src = pkgs.fetchFromGitHub {
repo = \"ggman\"; owner = \"tkw1536\";
rev = \"$LATEST\"; repo = \"ggman\";
hash = \"$SRC_HASH\"; rev = \"$latest\";
}; hash = \"$src_hash\";
vendorHash = \"\"; };
}).goModules vendorHash = \"\";
" 2>&1) || true }).goModules
VENDOR_HASH=$(echo "$BUILD_OUTPUT" | extract_hash) || true " 2>&1) || true
vendor_hash=$(echo "$build_output" | extract_hash) || true
if [[ -z "$VENDOR_HASH" ]]; then if [[ -z "$vendor_hash" ]]; then
echo " error: failed to compute vendor hash" echo "error: failed to compute vendor hash" >&2
echo "$BUILD_OUTPUT" echo "$build_output" >&2
exit 1 exit 1
fi fi
echo " vendor: $VENDOR_HASH" echo " vendor: $vendor_hash"
OLD_SRC=$(grep 'sha256 = ' "$PKG_FILE" | grep -oP 'sha256-[A-Za-z0-9+/]+=') local old_src old_vendor
OLD_VENDOR=$(grep 'vendorHash = ' "$PKG_FILE" | grep -oP 'sha256-[A-Za-z0-9+/]+=') old_src=$(grep 'sha256 = ' "$PKG_FILE" | grep -oP 'sha256-[A-Za-z0-9+/]+=')
old_vendor=$(grep 'vendorHash = ' "$PKG_FILE" | grep -oP 'sha256-[A-Za-z0-9+/]+=')
sed -i "s|version = \"$CURRENT\"|version = \"$LATEST\"|" "$PKG_FILE" sed -i "s|version = \"$current\"|version = \"$latest\"|" "$PKG_FILE"
sed -i "s|$OLD_SRC|$SRC_HASH|" "$PKG_FILE" sed -i "s|$old_src|$src_hash|" "$PKG_FILE"
sed -i "s|$OLD_VENDOR|$VENDOR_HASH|" "$PKG_FILE" sed -i "s|$old_vendor|$vendor_hash|" "$PKG_FILE"
echo "ggman updated to $LATEST" echo "ggman updated to $latest"
}
main "$@"

91
packages/todo-mcp/update.sh
View File

@@ -1,5 +1,6 @@
#!/usr/bin/env nix-shell #!/usr/bin/env nix-shell
#!nix-shell -i bash -p curl jq nix-prefetch #!nix-shell -i bash -p curl jq nix-prefetch
# shellcheck shell=bash
set -euo pipefail set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
@@ -9,54 +10,62 @@ PKG_FILE="$SCRIPT_DIR/package.nix"
cd "$ROOT_DIR" cd "$ROOT_DIR"
extract_hash() { extract_hash() {
sed 's/\x1b\[[0-9;]*m//g' | grep 'got:' | tail -1 | grep -oP 'sha256-[A-Za-z0-9+/]+=' sed 's/\x1b\[[0-9;]*m//g' | grep 'got:' | tail -1 | grep -oP 'sha256-[A-Za-z0-9+/]+='
} }
echo "fetching latest version..." main() {
LATEST=$(curl -sf "https://git.janezic.dev/api/v1/repos/janezicmatej/todo-mcp/tags?limit=1" | jq -r '.[0].name') echo "fetching latest version..."
CURRENT=$(grep 'version = ' "$PKG_FILE" | head -1 | sed 's/.*"\(.*\)".*/\1/') local latest current
latest=$(curl -sf "https://git.janezic.dev/api/v1/repos/janezicmatej/todo-mcp/tags?limit=1" | jq -r '.[0].name')
current=$(grep 'version = ' "$PKG_FILE" | head -1 | sed 's/.*"\(.*\)".*/\1/')
if [[ "$CURRENT" == "$LATEST" ]]; then if [[ "$current" == "$latest" ]]; then
echo "todo-mcp already at $LATEST" echo "todo-mcp already at $latest"
exit 0 return 0
fi fi
echo "updating todo-mcp: $CURRENT -> $LATEST" echo "updating todo-mcp: $current -> $latest"
echo " prefetching source..." echo " prefetching source..."
BASE32=$(nix-prefetch-url --unpack "https://git.janezic.dev/janezicmatej/todo-mcp/archive/${LATEST}.tar.gz" 2>/dev/null) local base32 src_hash
SRC_HASH=$(nix hash convert --to sri "sha256:$BASE32") base32=$(nix-prefetch-url --unpack "https://git.janezic.dev/janezicmatej/todo-mcp/archive/${latest}.tar.gz" 2>/dev/null)
echo " source: $SRC_HASH" src_hash=$(nix hash convert --to sri "sha256:$base32")
echo " source: $src_hash"
echo " computing cargo hash..." echo " computing cargo hash..."
BUILD_OUTPUT=$(nix build --no-link --impure --expr " local build_output cargo_hash
let build_output=$(nix build --no-link --impure --expr "
pkgs = (builtins.getFlake \"path:$ROOT_DIR\").inputs.nixpkgs.legacyPackages.\${builtins.currentSystem}; let
in pkgs.rustPlatform.fetchCargoVendor { pkgs = (builtins.getFlake \"path:$ROOT_DIR\").inputs.nixpkgs.legacyPackages.\${builtins.currentSystem};
src = pkgs.fetchFromGitea { in pkgs.rustPlatform.fetchCargoVendor {
domain = \"git.janezic.dev\"; src = pkgs.fetchFromGitea {
owner = \"janezicmatej\"; domain = \"git.janezic.dev\";
repo = \"todo-mcp\"; owner = \"janezicmatej\";
rev = \"$LATEST\"; repo = \"todo-mcp\";
hash = \"$SRC_HASH\"; rev = \"$latest\";
}; hash = \"$src_hash\";
hash = \"\"; };
} hash = \"\";
" 2>&1) || true }
CARGO_HASH=$(echo "$BUILD_OUTPUT" | extract_hash) || true " 2>&1) || true
cargo_hash=$(echo "$build_output" | extract_hash) || true
if [[ -z "$CARGO_HASH" ]]; then if [[ -z "$cargo_hash" ]]; then
echo " error: failed to compute cargo hash" echo "error: failed to compute cargo hash" >&2
echo "$BUILD_OUTPUT" echo "$build_output" >&2
exit 1 exit 1
fi fi
echo " cargo: $CARGO_HASH" echo " cargo: $cargo_hash"
OLD_SRC=$(grep 'sha256 = ' "$PKG_FILE" | grep -oP 'sha256-[A-Za-z0-9+/]+=') local old_src old_cargo
OLD_CARGO=$(grep 'cargoHash = ' "$PKG_FILE" | grep -oP 'sha256-[A-Za-z0-9+/]+=') old_src=$(grep 'sha256 = ' "$PKG_FILE" | grep -oP 'sha256-[A-Za-z0-9+/]+=')
old_cargo=$(grep 'cargoHash = ' "$PKG_FILE" | grep -oP 'sha256-[A-Za-z0-9+/]+=')
sed -i "s|version = \"$CURRENT\"|version = \"$LATEST\"|" "$PKG_FILE" sed -i "s|version = \"$current\"|version = \"$latest\"|" "$PKG_FILE"
sed -i "s|$OLD_SRC|$SRC_HASH|" "$PKG_FILE" sed -i "s|$old_src|$src_hash|" "$PKG_FILE"
sed -i "s|$OLD_CARGO|$CARGO_HASH|" "$PKG_FILE" sed -i "s|$old_cargo|$cargo_hash|" "$PKG_FILE"
echo "todo-mcp updated to $LATEST" echo "todo-mcp updated to $latest"
}
main "$@"

193
scripts/ephvm-run.sh
View File

@@ -1,87 +1,156 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
SSH_PORT=2222 setup_colors() {
MEMORY=8G if [ -t 2 ]; then
CPUS=4 red=$'\033[31m'
MOUNTS=() yellow=$'\033[33m'
CLAUDE=false cyan=$'\033[36m'
reset=$'\033[0m'
else
red="" yellow="" cyan="" reset=""
fi
}
die() {
echo "${red}error:${reset} $*" >&2
exit 1
}
warn() {
echo "${yellow}warning:${reset} $*" >&2
}
info() {
echo "${cyan}$*${reset}" >&2
}
# globals for cleanup trap
CLEANUP_OVERLAY=""
cleanup() {
[ -n "$CLEANUP_OVERLAY" ] && rm -rf "$CLEANUP_OVERLAY"
return 0
}
trap cleanup EXIT
usage() { usage() {
cat <<EOF cat <<EOF
Usage: ephvm-run.sh [options] Usage: ephvm-run.sh [options]
Options: Options:
--mount <path> Mount host directory into VM (repeatable) --mount <path> Mount host directory into VM (repeatable)
--claude Mount claude config dir (requires CLAUDE_CONFIG_DIR) --claude Mount claude config dir (requires CLAUDE_CONFIG_DIR)
--disk-size <size> Resize guest disk (e.g. 50G)
--memory <size> VM memory (default: 8G) --memory <size> VM memory (default: 8G)
--cpus <n> VM CPUs (default: 4) --cpus <n> VM CPUs (default: 4)
--ssh-port <port> SSH port forward (default: 2222) --ssh-port <port> SSH port forward (default: 2222)
-h, --help Show usage
EOF EOF
exit 1 exit "${1:-0}"
} }
while [ $# -gt 0 ]; do main() {
case "$1" in setup_colors
--mount) MOUNTS+=("$2"); shift 2 ;;
--claude) CLAUDE=true; shift ;;
--memory) MEMORY="$2"; shift 2 ;;
--cpus) CPUS="$2"; shift 2 ;;
--ssh-port) SSH_PORT="$2"; shift 2 ;;
-h|--help) usage ;;
*) echo "unknown option: $1"; usage ;;
esac
done
echo "building ephvm image..." local ssh_port=2222 memory=8G cpus=4 claude=false disk_size=""
IMAGE_DIR=$(nix build --no-link --print-out-paths .#nixosConfigurations.ephvm.config.system.build.images.qemu) local -a mounts=()
IMAGE=$(find "$IMAGE_DIR" -name '*.qcow2' -print -quit)
if [ -z "$IMAGE" ]; then while [ $# -gt 0 ]; do
echo "error: no qcow2 image found in $IMAGE_DIR" case "$1" in
exit 1 --mount)
fi mounts+=("$2")
shift 2
;;
--claude)
claude=true
shift
;;
--disk-size)
disk_size="$2"
shift 2
;;
--memory)
memory="$2"
shift 2
;;
--cpus)
cpus="$2"
shift 2
;;
--ssh-port)
ssh_port="$2"
shift 2
;;
-h | --help) usage ;;
*)
echo "${red}error:${reset} unknown option: $1" >&2
usage 1
;;
esac
done
ACCEL="tcg" info "building ephvm image..."
[ -r /dev/kvm ] && ACCEL="kvm" local image_dir image
image_dir=$(nix build --no-link --print-out-paths .#nixosConfigurations.ephvm.config.system.build.images.qemu)
image=$(find "$image_dir" -name '*.qcow2' -print -quit)
[ -n "$image" ] || die "no qcow2 image found in $image_dir"
QEMU_ARGS=( # create resized overlay when --disk-size is given
qemu-system-x86_64 local drive_arg
-accel "$ACCEL" if [ -n "$disk_size" ]; then
-m "$MEMORY" CLEANUP_OVERLAY=$(mktemp -d)
-smp "$CPUS" local overlay="$CLEANUP_OVERLAY/overlay.qcow2"
-drive "file=$IMAGE,format=qcow2,snapshot=on" qemu-img create -f qcow2 -b "$(realpath "$image")" -F qcow2 "$overlay" "$disk_size"
-nic "user,hostfwd=tcp::${SSH_PORT}-:22" drive_arg="file=$overlay,format=qcow2"
-nographic else
) drive_arg="file=$image,format=qcow2,snapshot=on"
fi
if [ "$ACCEL" != "tcg" ]; then local accel="tcg"
QEMU_ARGS+=(-cpu host) [ -r /dev/kvm ] && accel="kvm"
fi
FS_ID=0 local -a qemu_args=(
for mount_path in "${MOUNTS[@]}"; do qemu-system-x86_64
mount_path=$(realpath "$mount_path") -accel "$accel"
name=$(basename "$mount_path") -m "$memory"
tag="m_${name:0:29}" -smp "$cpus"
QEMU_ARGS+=( -drive "$drive_arg"
-virtfs "local,path=$mount_path,mount_tag=$tag,security_model=none,id=fs${FS_ID}" -nic "user,hostfwd=tcp::${ssh_port}-:22"
) -nographic
FS_ID=$((FS_ID + 1)) )
done
if [ "$CLAUDE" = true ]; then if [ "$accel" != "tcg" ]; then
if [ -z "${CLAUDE_CONFIG_DIR:-}" ]; then qemu_args+=(-cpu host)
echo "error: --claude requires CLAUDE_CONFIG_DIR to be set" fi
exit 1
fi
mkdir -p "$CLAUDE_CONFIG_DIR"
claude_dir=$(realpath "$CLAUDE_CONFIG_DIR")
QEMU_ARGS+=( local fs_id=0 mount_path name tag
-virtfs "local,path=$claude_dir,mount_tag=claude,security_model=none,id=fs${FS_ID}" for mount_path in "${mounts[@]}"; do
) mount_path=$(realpath "$mount_path")
FS_ID=$((FS_ID + 1)) name=$(basename "$mount_path")
fi tag="m_${name:0:29}"
qemu_args+=(
-virtfs "local,path=$mount_path,mount_tag=$tag,security_model=none,id=fs${fs_id}"
)
fs_id=$((fs_id + 1))
done
exec "${QEMU_ARGS[@]}" if [ "$claude" = true ]; then
[ -n "${CLAUDE_CONFIG_DIR:-}" ] || die "--claude requires CLAUDE_CONFIG_DIR to be set"
mkdir -p "$CLAUDE_CONFIG_DIR"
local claude_dir
claude_dir=$(realpath "$CLAUDE_CONFIG_DIR")
qemu_args+=(
-virtfs "local,path=$claude_dir,mount_tag=claude,security_model=none,id=fs${fs_id}"
)
fs_id=$((fs_id + 1))
fi
info "---"
info "Accel: $accel | SSH: ssh -p $ssh_port matej@localhost"
info "---"
exec "${qemu_args[@]}"
}
main "$@"

32
scripts/initrd-ssh-keygen.sh
View File

@@ -3,22 +3,22 @@ set -euo pipefail
KEY_DIR="/etc/secrets/initrd" KEY_DIR="/etc/secrets/initrd"
echo "Generating initrd SSH host keys in $KEY_DIR" main() {
echo "generating initrd SSH host keys in $KEY_DIR"
sudo mkdir -p "$KEY_DIR"
sudo mkdir -p "$KEY_DIR" local key_type
for key_type in rsa ed25519; do
local key_file="$KEY_DIR/ssh_host_${key_type}_key"
if [[ ! -f "$key_file" ]]; then
sudo ssh-keygen -t "$key_type" -N "" -f "$key_file"
echo "generated: $key_file"
else
echo "exists: $key_file"
fi
done
if [[ ! -f "$KEY_DIR/ssh_host_rsa_key" ]]; then echo "done. now run nixos-rebuild."
sudo ssh-keygen -t rsa -N "" -f "$KEY_DIR/ssh_host_rsa_key" }
echo "Generated: $KEY_DIR/ssh_host_rsa_key"
else
echo "Exists: $KEY_DIR/ssh_host_rsa_key"
fi
if [[ ! -f "$KEY_DIR/ssh_host_ed25519_key" ]]; then main "$@"
sudo ssh-keygen -t ed25519 -N "" -f "$KEY_DIR/ssh_host_ed25519_key"
echo "Generated: $KEY_DIR/ssh_host_ed25519_key"
else
echo "Exists: $KEY_DIR/ssh_host_ed25519_key"
fi
echo "Done. Now run nixos-rebuild."