chore: Finish up install scripts.

2024-07-19 13:57:30 -04:00 · 2024-07-19 13:57:30 -04:00 · 72b9dd88e5
commit 72b9dd88e5
parent 3c291b8a95
8 changed files with 72 additions and 14 deletions
--- a/nixinfra/commons.nix
+++ b/nixinfra/commons.nix
@ -1,6 +1,6 @@
 let 
  pkgs = import <nixpkgs> {};
-  secret_data = builtins.readFile ./secrets.nix;
+  update_script = builtins.readFile ./update.sh;
 in {
  imports = [
    ./secrets.nix
@ -29,14 +29,10 @@ in {
        chmod -R 644 /etc/rancher 2> /dev/null > /dev/null
        chmod -R 644 /var/lib/rancher 2> /dev/null > /dev/null

-        if [ ! -d "/etc/nixos/git" ]; then
-          echo "Waiting for true internet bringup..."
-          sleep 10
-          echo "Downloading configuration files..."
-          ${pkgs.git}/bin/git clone https://git.hofers.cloud/greysoh/kittehcluster /etc/nixos/
-          cp -r ${pkgs.writeText "secrets.nix" secret_data} /etc/nixos/nixinfra/secrets.nix
-        fi
-
+        # Because I'm lazy (and this works), we use this method to write the file
+        rm -rf /home/clusteradm/update
+        ln -s ${pkgs.writeShellScript "update" update_script} /home/clusteradm/update
+        
        echo "Done."
      '';
    };
--- a/nixinfra/install-script.sh
+++ b/nixinfra/install-script.sh
@ -45,7 +45,29 @@ if [ ! -f "/mnt/etc/nixos/install-script.sh" ]; then
 fi

 sudo mv /tmp/hardware-configuration.nix /mnt/etc/nixos/nixinfra/
-sudo nixos-install -I /mnt/etc/nixos/nixinfra/$NIX_INSTALL_PATH
+sudo mv $SECRETS_PATH /mnt/etc/nixos/nixinfra/secrets.nix

-sudo umount /mnt/boot
-sudo umount /mnt
+sudo bash -c "NIXOS_CONFIG=/mnt/etc/nixos/nixinfra/$NIX_INSTALL_PATH nixos-install"
+RET=$?
+
+if [ $RET -ne 0 ]; then
+  echo "Failed to install! Attempting to spawn bash for debugging..."
+  echo "NOTE: You will not see a bash prompt (for some reason)"
+  bash
+  echo "Bash exited."
+else
+  echo "Successfully installed! Finishing install..."
+  mkdir /mnt/home/clusteradm/.bin
+  echo "NIX_INSTALL_PATH=/etc/nixos/nixinfra/$NIX_INSTALL_PATH" > /mnt/home/clusteradm/.bin/.env
+  echo 'export PATH="$PATH:/home/clusteradm/.bin"' >> /mnt/home/clusteradm/.bashrc
+  echo 'export PATH="$PATH:/home/clusteradm/.bin"' >> /mnt/home/clusteradm/.zshrc
+  sleep 60
+  echo "Rebooting"
+  sudo reboot
+  exit
+fi
+
+echo "Unmounting filesystems..."
+sudo umount -f /mnt/boot
+sudo umount -f /mnt
+echo "Done."
--- a/nixinfra/install.sh
+++ b/nixinfra/install.sh
@ -1,4 +1,10 @@
 #!/usr/bin/env bash
+SSH_SERVER="$1"
+
+ssh-to-srv() {
+  ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" nixos@$SSH_SERVER $@
+}
+
 if [ "$GIT_REPO" == "" ]; then
  export GIT_REPO="https://git.hofers.cloud/greysoh/kittehcluster"
 fi
@ -10,6 +16,20 @@ if [ "$NIX_INSTALL_PATH" == "" ]; then
  exit 1
 fi

+if [ ! -f "secrets.nix" ]; then
+  echo "ERROR: secrets.nix doesn't exit! Copy that file, and setup your secrets, please."
+  exit 1
+fi
+
 echo "Initializing..."
-FILE_ENCODED="$(cat install-script.sh | base64)"
-ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" nixos@$1 bash -c "'echo -n $FILE_ENCODED | base64 -d > /tmp/install.sh; GIT_REPO=$GIT_REPO NIX_INSTALL_PATH=$NIX_INSTALL_PATH bash /tmp/install.sh'"
+
+# Ugh, gotta reimplement ssh-copy-id real quick...
+# TODO: see if there's a way to specify custom arguments to ssh-copy-id's SSH process
+for i in ~/.ssh/id_*.pub; do
+  echo "Copying public key '$i'..."
+  ssh-to-srv bash -c "'mkdir -p ~/.ssh; touch ~/.ssh/authorized_keys; echo -n $(cat $i | base64) | base64 -d > ~/.ssh/authorized_keys'"
+done
+
+ssh-to-srv bash -c "'echo -n $(cat secrets.nix | base64) | base64 -d > /tmp/secrets.nix'"
+ssh-to-srv bash -c "'echo -n $(cat install-script.sh | base64) | base64 -d > /tmp/install.sh'"
+ssh-to-srv bash -c "'GIT_REPO=$GIT_REPO NIX_INSTALL_PATH=$NIX_INSTALL_PATH SECRETS_PATH=/tmp/secrets.nix bash /tmp/install.sh'"
--- a/nixinfra/kitteh-node-1/agent.nix
+++ b/nixinfra/kitteh-node-1/agent.nix
@ -6,4 +6,5 @@ in {
  ];

  networking.hostName = "kitteh-node-1-k3s-agent";
+  environment.variables.NIX_BUILD_ID = "kitteh-node-1/agent";
 }
--- a/nixinfra/kitteh-node-1/server.nix
+++ b/nixinfra/kitteh-node-1/server.nix
@ -9,6 +9,7 @@ in {
  ];

  networking.hostName = "kitteh-node-1-k3s-server";
+  environment.variables.NIX_BUILD_ID = "kitteh-node-1/server";
  
  services.k3s = {
    enable = true;
--- a/nixinfra/kitteh-node-2/agent.nix
+++ b/nixinfra/kitteh-node-2/agent.nix
@ -6,4 +6,5 @@ in {
  ];

  networking.hostName = "kitteh-node-2-k3s-agent";
+  environment.variables.NIX_BUILD_ID = "kitteh-node-2/agent";
 }
--- a/nixinfra/kitteh-node-2/server.nix
+++ b/nixinfra/kitteh-node-2/server.nix
@ -6,4 +6,5 @@ in {
  ];

  networking.hostName = "kitteh-node-2-k3s-server";
+  environment.variables.NIX_BUILD_ID = "kitteh-node-2/server";
 }
--- a/nixinfra/update.sh
+++ b/nixinfra/update.sh
@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+if [[ "$NIX_BUILD_ID" == "" ]]; then
+  echo "ERROR: You have held a (potentially) broken install!"
+  echo "NIX_BUILD_ID is not set (should be set by default!)"
+  echo "Please set NIX_BUILD_ID manually. i.e:"
+  echo "NIX_BUILD_ID=kitteh-node-1/agent updater"
+  exit 1
+fi
+
+if [[ "$UID" != "0" ]]; then
+  sudo $0 $@
+  exit $?
+fi
+
+export NIX_PATH="$(printf $NIX_PATH | sed --expression="s#/etc/nixos/configuration.nix#/etc/nixos/nixinfra/$NIX_BUILD_ID.nix#g")"
+nixos-rebuild switch --upgrade