From 879113c00847bcd287bbcd87ea029285f56b6a24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Sat, 28 Dec 2024 14:11:03 +0100 Subject: [PATCH] feat: catchup local installer to remote --- SwarselSystems.org | 219 +++++++++++++++++++++---- flake.nix | 5 + pkgs/default.nix | 1 + pkgs/swarsel-postinstall/default.nix | 7 + profiles/common/home/sway.nix | 3 +- profiles/common/nixos/impermanence.nix | 1 + programs/bash/.bash_history | 2 +- programs/etc/issue | 2 +- scripts/swarsel-install.sh | 111 +++++++++---- scripts/swarsel-postinstall.sh | 74 +++++++++ 10 files changed, 355 insertions(+), 70 deletions(-) create mode 100644 pkgs/swarsel-postinstall/default.nix create mode 100644 scripts/swarsel-postinstall.sh diff --git a/SwarselSystems.org b/SwarselSystems.org index 79bcf2f..417b6aa 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -1074,6 +1074,11 @@ In this section I am creating some attributes that define general concepts of my program = "${self.packages.${system}.swarsel-install}/bin/swarsel-install"; }; + postinstall = { + type = "app"; + program = "${self.packages.${system}.swarsel-postinstall}/bin/swarsel-postinstall"; + }; + rebuild = { type = "app"; program = "${self.packages.${system}.swarsel-rebuild}/bin/swarsel-rebuild"; @@ -1864,14 +1869,14 @@ For added convenience, the live environment displays a helpful text on login, we IP of primary interface: \4 The Password for all users & root is 'setup'. Install the system remotely by running 'bootstrap -n -d ' on a machine with deployed secrets. - Alternatively, run 'swarsel-install -d -n ' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access). + Alternatively, run 'swarsel-install -n ' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access). #+end_src Also, an initial bash history is provided to allow for a very quick local deployment: #+begin_src shell :tangle programs/bash/.bash_history -swarsel-install -f chaostheatre -d /dev/vda +swarsel-install -n chaostheatr #+end_src @@ -2176,6 +2181,7 @@ Note: The structure of generating the packages was changed in commit =2cf03a3 re "bootstrap" "swarsel-rebuild" "swarsel-install" + "swarsel-postinstall" "t2ts" "ts2t" "vershell" @@ -3261,29 +3267,33 @@ This program sets up a new NixOS host locally. set -eo pipefail target_config="chaostheatre" + target_hostname="chaostheatre" target_user="swarsel" - fs_type="ext4" - disk="" + persist_dir="" + disk_encryption=0 function help_and_exit() { echo echo "Locally installs SwarselSystem on this machine." echo - echo "USAGE: $0 -d [OPTIONS]" + echo "USAGE: $0 -n [OPTIONS]" echo echo "ARGS:" - echo " -d specify disk to install on." echo " -n specify the nixos config to deploy." echo " Default: chaostheatre" echo " Default: chaostheatre" echo " -u specify user to deploy for." echo " Default: swarsel" - echo " -t specify file system type to deploy for." - echo " Default: ext4" echo " -h | --help Print this help." exit 0 } + function red() { + echo -e "\x1B[31m[!] $1 \x1B[0m" + if [ -n "${2-}" ]; then + echo -e "\x1B[31m[!] $($2) \x1B[0m" + fi + } function green() { echo -e "\x1B[32m[+] $1 \x1B[0m" if [ -n "${2-}" ]; then @@ -3302,19 +3312,12 @@ This program sets up a new NixOS host locally. -n) shift target_config=$1 + target_hostname=$1 ;; -u) shift target_user=$1 ;; - -t) - shift - fs_type=$1 - ;; - -d) - shift - disk=$1 - ;; -h | --help) help_and_exit ;; ,*) echo "Invalid option detected." @@ -3324,14 +3327,59 @@ This program sets up a new NixOS host locally. shift done + function cleanup() { + sudo rm -rf .cache/nix + sudo rm -rf /root/.cache/nix + } + trap cleanup exit + + green "~SwarselSystems~ remote installer" + cd /home/"$target_user" + sudo rm -rf /root/.cache/nix sudo rm -rf .cache/nix sudo rm -rf .dotfiles green "Cloning repository from GitHub" git clone https://github.com/Swarsel/.dotfiles.git + green "Reading system information for $target_config ..." + DISK="$(nix eval --raw ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.rootDisk)" + green "Root Disk: $DISK" + + CRYPTED="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isCrypted)" + if [[ $CRYPTED == "true" ]]; then + green "Encryption: ✓" + disk_encryption=1 + else + red "Encryption: X" + disk_encryption=0 + fi + + IMPERMANENCE="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isImpermanence)" + if [[ $IMPERMANENCE == "true" ]]; then + green "Impermanence: ✓" + persist_dir="/persist" + else + red "Impermanence: X" + persist_dir="" + fi + + SWAP="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isSwap)" + if [[ $SWAP == "true" ]]; then + green "Swap: ✓" + else + red "Swap: X" + fi + + SECUREBOOT="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isSecureBoot)" + if [[ $SECUREBOOT == "true" ]]; then + green "Secure Boot: ✓" + else + red "Secure Boot: X" + fi + local_keys=$(ssh-add -L || true) pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/nbl-imba-2.pub) read -ra pub_arr <<< "$pub_key" @@ -3346,33 +3394,38 @@ This program sets up a new NixOS host locally. green "Valid SSH key found! Continuing with installation" fi - green "Creating /boot partition" - sudo parted -a optimal --script "$disk" mklabel gpt - sudo parted -a optimal --script "$disk" mkpart "boot" fat32 1MiB 1025MiB - sudo parted -a optimal --script "$disk" set 1 esp on - - green "Creating / partition" - sudo parted -a optimal --script "$disk" mkpart "root" "$fs_type" 1025MiB 100% - sudo parted -a optimal --script "$disk" type 2 4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709 + if [ "$disk_encryption" -eq 1 ]; then + while true; do + green "Set disk encryption passphrase:" + read -rs luks_passphrase + green "Please confirm passphrase:" + read -rs luks_passphrase_confirm + if [[ $luks_passphrase == "$luks_passphrase_confirm" ]]; then + echo "$luks_passphrase" > /tmp/disko-password + break + else + red "Passwords do not match" + fi + done + fi - green "Ensuring proper file systems" - sudo mkfs.fat -F32 "$disk"1 - sudo mkfs."${fs_type}" -F "$disk"2 + green "Setting up disk" + sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks + sudo mkdir -p /mnt/"$persist_dir"/home/"$target_user"/ + sudo cp -r /home/"$target_user"/.dotfiles /mnt/"$persist_dir"/home/"$target_user"/ + sudo chown -R 1000:100 /mnt/"$persist_dir"/home/"$target_user" green "Generating hardware configuration" - sudo mount "$disk"2 /mnt - sudo mkdir -p /mnt/boot - sudo mount "$disk"1 /mnt/boot - sudo nixos-generate-config --root /mnt --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/ + sudo nixos-generate-config --root /mnt --no-filesystems --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/ + + green "Injecting initialSetup" + sudo sed -i '/ boot.extraModulePackages /a \ swarselsystems.initialSetup = true;' /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix - # sudo rm -rf /root/.nix-defexpr/channels - # sudo rm -rf /nix/var/nix/profiles/per-user/channels sudo mkdir -p /root/.local/share/nix/ printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | sudo tee /root/.local/share/nix/trusted-settings.json > /dev/null green "Installing flake $target_config" sudo nixos-install --flake .#"$target_config" - yellow "Please keep in mind that this is only a demo of the configuration. Things might break unexpectedly." green "Installation finished! Reboot to see changes" #+end_src @@ -3388,6 +3441,100 @@ This program sets up a new NixOS host locally. } #+end_src +**** swarsel-postinstall + +This program sets up a new NixOS host locally. + +#+begin_src shell :tangle scripts/swarsel-postinstall.sh + set -eo pipefail + + target_config="chaostheatre" + target_user="swarsel" + + function help_and_exit() { + echo + echo "Locally installs SwarselSystem on this machine." + echo + echo "USAGE: $0 -d [OPTIONS]" + echo + echo "ARGS:" + echo " -d specify disk to install on." + echo " -n specify the nixos config to deploy." + echo " Default: chaostheatre" + echo " Default: chaostheatre" + echo " -u specify user to deploy for." + echo " Default: swarsel" + echo " -h | --help Print this help." + exit 0 + } + + function green() { + echo -e "\x1B[32m[+] $1 \x1B[0m" + if [ -n "${2-}" ]; then + echo -e "\x1B[32m[+] $($2) \x1B[0m" + fi + } + + while [[ $# -gt 0 ]]; do + case "$1" in + -n) + shift + target_config=$1 + ;; + -u) + shift + target_user=$1 + ;; + -h | --help) help_and_exit ;; + ,*) + echo "Invalid option detected." + help_and_exit + ;; + esac + shift + done + + function cleanup() { + sudo rm -rf .cache/nix + sudo rm -rf /root/.cache/nix + } + trap cleanup exit + + sudo rm -rf .cache/nix + sudo rm -rf /root/.cache/nix + + green "~SwarselSystems~ remote post-installer" + + cd /home/"$target_user"/.dotfiles + + SECUREBOOT="$(nix eval ~/.dotfiles#nixosConfigurations."$target_config".config.swarselsystems.isSecureBoot)" + + if [[ $SECUREBOOT == "true" ]]; then + green "Setting up secure boot keys" + sudo mkdir -p /var/lib/sbctl + sbctl create-keys || true + sbctl enroll-keys --ignore-immutable --microsoft || true + fi + + green "Disabling initialSetup" + sed -i '/swarselsystems\.initialSetup = true;/d' /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix + sudo nixos-rebuild --flake .#"$target_config" switch + green "Post-install finished!" + +#+end_src + + + +#+begin_src nix :tangle pkgs/swarsel-postinstall/default.nix + { writeShellApplication, git }: + + writeShellApplication { + name = "swarsel-postinstall"; + runtimeInputs = [ git ]; + text = builtins.readFile ../../scripts/swarsel-postinstall.sh; + } +#+end_src + **** t2ts :PROPERTIES: :CUSTOM_ID: h:5ad99997-e54c-4f0b-9ab7-15f76b1e16e1 @@ -5679,6 +5826,7 @@ Normally, doing that also resets the lecture that happens on the first use of =s "/etc/nix" "/etc/NetworkManager/system-connections" # "/etc/secureboot" + "/home/swarsel/.dotfiles" "/var/db/sudo" "/var/cache" "/var/lib" @@ -10463,7 +10611,8 @@ Currently, I am too lazy to explain every option here, but most of it is very se "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; - "${modifier}+m" = "exec swarselcheck -s"; + "${modifier}+m" = "exec swaymsg workspace back_and_forth"; + "${modifier}+a" = "exec swarselcheck -s"; "${modifier}+x" = "exec swarselcheck -k"; "${modifier}+d" = "exec swarselcheck -d"; "${modifier}+w" = "exec swarselcheck -e"; diff --git a/flake.nix b/flake.nix index 795120a..2915b74 100644 --- a/flake.nix +++ b/flake.nix @@ -218,6 +218,11 @@ program = "${self.packages.${system}.swarsel-install}/bin/swarsel-install"; }; + postinstall = { + type = "app"; + program = "${self.packages.${system}.swarsel-postinstall}/bin/swarsel-postinstall"; + }; + rebuild = { type = "app"; program = "${self.packages.${system}.swarsel-rebuild}/bin/swarsel-rebuild"; diff --git a/pkgs/default.nix b/pkgs/default.nix index 2e02ba0..5491cf6 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -19,6 +19,7 @@ let "bootstrap" "swarsel-rebuild" "swarsel-install" + "swarsel-postinstall" "t2ts" "ts2t" "vershell" diff --git a/pkgs/swarsel-postinstall/default.nix b/pkgs/swarsel-postinstall/default.nix new file mode 100644 index 0000000..6191846 --- /dev/null +++ b/pkgs/swarsel-postinstall/default.nix @@ -0,0 +1,7 @@ +{ writeShellApplication, git }: + +writeShellApplication { + name = "swarsel-postinstall"; + runtimeInputs = [ git ]; + text = builtins.readFile ../../scripts/swarsel-postinstall.sh; +} diff --git a/profiles/common/home/sway.nix b/profiles/common/home/sway.nix index aaab608..8b76bce 100644 --- a/profiles/common/home/sway.nix +++ b/profiles/common/home/sway.nix @@ -47,7 +47,8 @@ in "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; - "${modifier}+m" = "exec swarselcheck -s"; + "${modifier}+m" = "exec swaymsg workspace back_and_forth"; + "${modifier}+a" = "exec swarselcheck -s"; "${modifier}+x" = "exec swarselcheck -k"; "${modifier}+d" = "exec swarselcheck -d"; "${modifier}+w" = "exec swarselcheck -e"; diff --git a/profiles/common/nixos/impermanence.nix b/profiles/common/nixos/impermanence.nix index 810b453..2baff5b 100644 --- a/profiles/common/nixos/impermanence.nix +++ b/profiles/common/nixos/impermanence.nix @@ -75,6 +75,7 @@ in "/etc/nix" "/etc/NetworkManager/system-connections" # "/etc/secureboot" + "/home/swarsel/.dotfiles" "/var/db/sudo" "/var/cache" "/var/lib" diff --git a/programs/bash/.bash_history b/programs/bash/.bash_history index 6ede487..cf3b9dd 100644 --- a/programs/bash/.bash_history +++ b/programs/bash/.bash_history @@ -1 +1 @@ -swarsel-install -f chaostheatre -d /dev/vda +swarsel-install -n chaostheatr diff --git a/programs/etc/issue b/programs/etc/issue index 02696c5..630729c 100644 --- a/programs/etc/issue +++ b/programs/etc/issue @@ -2,4 +2,4 @@ IP of primary interface: \4 The Password for all users & root is 'setup'. Install the system remotely by running 'bootstrap -n -d ' on a machine with deployed secrets. -Alternatively, run 'swarsel-install -d -n ' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access). +Alternatively, run 'swarsel-install -n ' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access). diff --git a/scripts/swarsel-install.sh b/scripts/swarsel-install.sh index 729b62c..4d55f1c 100644 --- a/scripts/swarsel-install.sh +++ b/scripts/swarsel-install.sh @@ -1,29 +1,33 @@ set -eo pipefail target_config="chaostheatre" +target_hostname="chaostheatre" target_user="swarsel" -fs_type="ext4" -disk="" +persist_dir="" +disk_encryption=0 function help_and_exit() { echo echo "Locally installs SwarselSystem on this machine." echo - echo "USAGE: $0 -d [OPTIONS]" + echo "USAGE: $0 -n [OPTIONS]" echo echo "ARGS:" - echo " -d specify disk to install on." echo " -n specify the nixos config to deploy." echo " Default: chaostheatre" echo " Default: chaostheatre" echo " -u specify user to deploy for." echo " Default: swarsel" - echo " -t specify file system type to deploy for." - echo " Default: ext4" echo " -h | --help Print this help." exit 0 } +function red() { + echo -e "\x1B[31m[!] $1 \x1B[0m" + if [ -n "${2-}" ]; then + echo -e "\x1B[31m[!] $($2) \x1B[0m" + fi +} function green() { echo -e "\x1B[32m[+] $1 \x1B[0m" if [ -n "${2-}" ]; then @@ -42,19 +46,12 @@ while [[ $# -gt 0 ]]; do -n) shift target_config=$1 + target_hostname=$1 ;; -u) shift target_user=$1 ;; - -t) - shift - fs_type=$1 - ;; - -d) - shift - disk=$1 - ;; -h | --help) help_and_exit ;; *) echo "Invalid option detected." @@ -64,14 +61,59 @@ while [[ $# -gt 0 ]]; do shift done +function cleanup() { + sudo rm -rf .cache/nix + sudo rm -rf /root/.cache/nix +} +trap cleanup exit + +green "~SwarselSystems~ remote installer" + cd /home/"$target_user" +sudo rm -rf /root/.cache/nix sudo rm -rf .cache/nix sudo rm -rf .dotfiles green "Cloning repository from GitHub" git clone https://github.com/Swarsel/.dotfiles.git +green "Reading system information for $target_config ..." +DISK="$(nix eval --raw ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.rootDisk)" +green "Root Disk: $DISK" + +CRYPTED="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isCrypted)" +if [[ $CRYPTED == "true" ]]; then + green "Encryption: ✓" + disk_encryption=1 +else + red "Encryption: X" + disk_encryption=0 +fi + +IMPERMANENCE="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isImpermanence)" +if [[ $IMPERMANENCE == "true" ]]; then + green "Impermanence: ✓" + persist_dir="/persist" +else + red "Impermanence: X" + persist_dir="" +fi + +SWAP="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isSwap)" +if [[ $SWAP == "true" ]]; then + green "Swap: ✓" +else + red "Swap: X" +fi + +SECUREBOOT="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isSecureBoot)" +if [[ $SECUREBOOT == "true" ]]; then + green "Secure Boot: ✓" +else + red "Secure Boot: X" +fi + local_keys=$(ssh-add -L || true) pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/nbl-imba-2.pub) read -ra pub_arr <<< "$pub_key" @@ -86,31 +128,36 @@ else green "Valid SSH key found! Continuing with installation" fi -green "Creating /boot partition" -sudo parted -a optimal --script "$disk" mklabel gpt -sudo parted -a optimal --script "$disk" mkpart "boot" fat32 1MiB 1025MiB -sudo parted -a optimal --script "$disk" set 1 esp on - -green "Creating / partition" -sudo parted -a optimal --script "$disk" mkpart "root" "$fs_type" 1025MiB 100% -sudo parted -a optimal --script "$disk" type 2 4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709 +if [ "$disk_encryption" -eq 1 ]; then + while true; do + green "Set disk encryption passphrase:" + read -rs luks_passphrase + green "Please confirm passphrase:" + read -rs luks_passphrase_confirm + if [[ $luks_passphrase == "$luks_passphrase_confirm" ]]; then + echo "$luks_passphrase" > /tmp/disko-password + break + else + red "Passwords do not match" + fi + done +fi -green "Ensuring proper file systems" -sudo mkfs.fat -F32 "$disk"1 -sudo mkfs."${fs_type}" -F "$disk"2 +green "Setting up disk" +sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks +sudo mkdir -p /mnt/"$persist_dir"/home/"$target_user"/ +sudo cp -r /home/"$target_user"/.dotfiles /mnt/"$persist_dir"/home/"$target_user"/ +sudo chown -R 1000:100 /mnt/"$persist_dir"/home/"$target_user" green "Generating hardware configuration" -sudo mount "$disk"2 /mnt -sudo mkdir -p /mnt/boot -sudo mount "$disk"1 /mnt/boot -sudo nixos-generate-config --root /mnt --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/ +sudo nixos-generate-config --root /mnt --no-filesystems --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/ + +green "Injecting initialSetup" +sudo sed -i '/ boot.extraModulePackages /a \ swarselsystems.initialSetup = true;' /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix -# sudo rm -rf /root/.nix-defexpr/channels -# sudo rm -rf /nix/var/nix/profiles/per-user/channels sudo mkdir -p /root/.local/share/nix/ printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | sudo tee /root/.local/share/nix/trusted-settings.json > /dev/null green "Installing flake $target_config" sudo nixos-install --flake .#"$target_config" -yellow "Please keep in mind that this is only a demo of the configuration. Things might break unexpectedly." green "Installation finished! Reboot to see changes" diff --git a/scripts/swarsel-postinstall.sh b/scripts/swarsel-postinstall.sh new file mode 100644 index 0000000..f7d41bf --- /dev/null +++ b/scripts/swarsel-postinstall.sh @@ -0,0 +1,74 @@ +set -eo pipefail + +target_config="chaostheatre" +target_user="swarsel" + +function help_and_exit() { + echo + echo "Locally installs SwarselSystem on this machine." + echo + echo "USAGE: $0 -d [OPTIONS]" + echo + echo "ARGS:" + echo " -d specify disk to install on." + echo " -n specify the nixos config to deploy." + echo " Default: chaostheatre" + echo " Default: chaostheatre" + echo " -u specify user to deploy for." + echo " Default: swarsel" + echo " -h | --help Print this help." + exit 0 +} + +function green() { + echo -e "\x1B[32m[+] $1 \x1B[0m" + if [ -n "${2-}" ]; then + echo -e "\x1B[32m[+] $($2) \x1B[0m" + fi +} + +while [[ $# -gt 0 ]]; do + case "$1" in + -n) + shift + target_config=$1 + ;; + -u) + shift + target_user=$1 + ;; + -h | --help) help_and_exit ;; + *) + echo "Invalid option detected." + help_and_exit + ;; + esac + shift +done + +function cleanup() { + sudo rm -rf .cache/nix + sudo rm -rf /root/.cache/nix +} +trap cleanup exit + +sudo rm -rf .cache/nix +sudo rm -rf /root/.cache/nix + +green "~SwarselSystems~ remote post-installer" + +cd /home/"$target_user"/.dotfiles + +SECUREBOOT="$(nix eval ~/.dotfiles#nixosConfigurations."$target_config".config.swarselsystems.isSecureBoot)" + +if [[ $SECUREBOOT == "true" ]]; then + green "Setting up secure boot keys" + sudo mkdir -p /var/lib/sbctl + sbctl create-keys || true + sbctl enroll-keys --ignore-immutable --microsoft || true +fi + +green "Disabling initialSetup" +sed -i '/swarselsystems\.initialSetup = true;/d' /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix +sudo nixos-rebuild --flake .#"$target_config" switch +green "Post-install finished!"