53 lines
1.6 KiB
Makefile
53 lines
1.6 KiB
Makefile
[private]
|
|
default:
|
|
@just --list
|
|
|
|
# rebuild the system
|
|
rebuild op="switch" host=`hostname`:
|
|
nixos-rebuild {{op}} --flake .#{{host}} --sudo
|
|
|
|
# update flake inputs
|
|
update:
|
|
nix flake update
|
|
|
|
# update all packages with update scripts
|
|
update-package:
|
|
@for script in packages/*/update.sh; do bash "$script"; done
|
|
|
|
# build all packages and hosts
|
|
check:
|
|
nix flake check
|
|
|
|
# build installation iso
|
|
iso:
|
|
nixos-rebuild build-image --image-variant iso-installer --flake .#iso
|
|
|
|
# run ephemeral VM
|
|
ephvm *ARGS:
|
|
bash scripts/ephvm-run.sh {{ARGS}}
|
|
|
|
# provision a host with nixos-anywhere
|
|
provision host ip:
|
|
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
tmpdir=$(mktemp -d)
|
|
trap 'rm -rf "$tmpdir"' EXIT
|
|
install -d -m 755 "$tmpdir/etc/ssh"
|
|
ssh-keygen -t ed25519 -f "$tmpdir/etc/ssh/ssh_host_ed25519_key" -N ""
|
|
age_key=$(ssh-to-age < "$tmpdir/etc/ssh/ssh_host_ed25519_key.pub")
|
|
echo "age key: $age_key"
|
|
echo "add this key to .sops.yaml, re-encrypt secrets, then press enter to continue"
|
|
read -r
|
|
nix run github:nix-community/nixos-anywhere -- --no-reboot --flake .#{{host}} --extra-files "$tmpdir" --generate-hardware-config nixos-generate-config ./hosts/{{host}}/hardware-configuration.nix root@{{ip}}
|
|
echo "remove USB and press enter to reboot"
|
|
read -r
|
|
ssh root@{{ip}} reboot
|
|
|
|
# deploy config to a remote host
|
|
deploy op="switch" host=`hostname` remote=host:
|
|
nixos-rebuild {{op}} --flake .#{{host}} --target-host {{remote}} --sudo --ask-sudo-password
|
|
|
|
# garbage collect old generations
|
|
clean host=`hostname`:
|
|
sudo nix-collect-garbage $(nix eval --raw .#nixosConfigurations.{{host}}.config.nix.gc.options)
|