diff --git a/nixinfra/commons.nix b/nixinfra/commons.nix index d57158f..f58b4f4 100644 --- a/nixinfra/commons.nix +++ b/nixinfra/commons.nix @@ -1,6 +1,6 @@ let pkgs = import {}; - secret_data = builtins.readFile ./secrets.nix; + update_script = builtins.readFile ./update.sh; in { imports = [ ./secrets.nix @@ -29,14 +29,10 @@ in { chmod -R 644 /etc/rancher 2> /dev/null > /dev/null chmod -R 644 /var/lib/rancher 2> /dev/null > /dev/null - if [ ! -d "/etc/nixos/git" ]; then - echo "Waiting for true internet bringup..." - sleep 10 - echo "Downloading configuration files..." - ${pkgs.git}/bin/git clone https://git.hofers.cloud/greysoh/kittehcluster /etc/nixos/ - cp -r ${pkgs.writeText "secrets.nix" secret_data} /etc/nixos/nixinfra/secrets.nix - fi - + # Because I'm lazy (and this works), we use this method to write the file + rm -rf /home/clusteradm/update + ln -s ${pkgs.writeShellScript "update" update_script} /home/clusteradm/update + echo "Done." ''; }; diff --git a/nixinfra/install-script.sh b/nixinfra/install-script.sh index 9f1fec8..0f0087f 100644 --- a/nixinfra/install-script.sh +++ b/nixinfra/install-script.sh @@ -45,7 +45,29 @@ if [ ! -f "/mnt/etc/nixos/install-script.sh" ]; then fi sudo mv /tmp/hardware-configuration.nix /mnt/etc/nixos/nixinfra/ -sudo nixos-install -I /mnt/etc/nixos/nixinfra/$NIX_INSTALL_PATH +sudo mv $SECRETS_PATH /mnt/etc/nixos/nixinfra/secrets.nix -sudo umount /mnt/boot -sudo umount /mnt \ No newline at end of file +sudo bash -c "NIXOS_CONFIG=/mnt/etc/nixos/nixinfra/$NIX_INSTALL_PATH nixos-install" +RET=$? + +if [ $RET -ne 0 ]; then + echo "Failed to install! Attempting to spawn bash for debugging..." + echo "NOTE: You will not see a bash prompt (for some reason)" + bash + echo "Bash exited." +else + echo "Successfully installed! Finishing install..." + mkdir /mnt/home/clusteradm/.bin + echo "NIX_INSTALL_PATH=/etc/nixos/nixinfra/$NIX_INSTALL_PATH" > /mnt/home/clusteradm/.bin/.env + echo 'export PATH="$PATH:/home/clusteradm/.bin"' >> /mnt/home/clusteradm/.bashrc + echo 'export PATH="$PATH:/home/clusteradm/.bin"' >> /mnt/home/clusteradm/.zshrc + sleep 60 + echo "Rebooting" + sudo reboot + exit +fi + +echo "Unmounting filesystems..." +sudo umount -f /mnt/boot +sudo umount -f /mnt +echo "Done." \ No newline at end of file diff --git a/nixinfra/install.sh b/nixinfra/install.sh index 46135eb..86c1d06 100755 --- a/nixinfra/install.sh +++ b/nixinfra/install.sh @@ -1,4 +1,10 @@ #!/usr/bin/env bash +SSH_SERVER="$1" + +ssh-to-srv() { + ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" nixos@$SSH_SERVER $@ +} + if [ "$GIT_REPO" == "" ]; then export GIT_REPO="https://git.hofers.cloud/greysoh/kittehcluster" fi @@ -10,6 +16,20 @@ if [ "$NIX_INSTALL_PATH" == "" ]; then exit 1 fi +if [ ! -f "secrets.nix" ]; then + echo "ERROR: secrets.nix doesn't exit! Copy that file, and setup your secrets, please." + exit 1 +fi + echo "Initializing..." -FILE_ENCODED="$(cat install-script.sh | base64)" -ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" nixos@$1 bash -c "'echo -n $FILE_ENCODED | base64 -d > /tmp/install.sh; GIT_REPO=$GIT_REPO NIX_INSTALL_PATH=$NIX_INSTALL_PATH bash /tmp/install.sh'" \ No newline at end of file + +# Ugh, gotta reimplement ssh-copy-id real quick... +# TODO: see if there's a way to specify custom arguments to ssh-copy-id's SSH process +for i in ~/.ssh/id_*.pub; do + echo "Copying public key '$i'..." + ssh-to-srv bash -c "'mkdir -p ~/.ssh; touch ~/.ssh/authorized_keys; echo -n $(cat $i | base64) | base64 -d > ~/.ssh/authorized_keys'" +done + +ssh-to-srv bash -c "'echo -n $(cat secrets.nix | base64) | base64 -d > /tmp/secrets.nix'" +ssh-to-srv bash -c "'echo -n $(cat install-script.sh | base64) | base64 -d > /tmp/install.sh'" +ssh-to-srv bash -c "'GIT_REPO=$GIT_REPO NIX_INSTALL_PATH=$NIX_INSTALL_PATH SECRETS_PATH=/tmp/secrets.nix bash /tmp/install.sh'" \ No newline at end of file diff --git a/nixinfra/kitteh-node-1/agent.nix b/nixinfra/kitteh-node-1/agent.nix index 6cf4ee6..a2e3692 100644 --- a/nixinfra/kitteh-node-1/agent.nix +++ b/nixinfra/kitteh-node-1/agent.nix @@ -6,4 +6,5 @@ in { ]; networking.hostName = "kitteh-node-1-k3s-agent"; + environment.variables.NIX_BUILD_ID = "kitteh-node-1/agent"; } \ No newline at end of file diff --git a/nixinfra/kitteh-node-1/server.nix b/nixinfra/kitteh-node-1/server.nix index 3187ea9..6319891 100644 --- a/nixinfra/kitteh-node-1/server.nix +++ b/nixinfra/kitteh-node-1/server.nix @@ -9,6 +9,7 @@ in { ]; networking.hostName = "kitteh-node-1-k3s-server"; + environment.variables.NIX_BUILD_ID = "kitteh-node-1/server"; services.k3s = { enable = true; diff --git a/nixinfra/kitteh-node-2/agent.nix b/nixinfra/kitteh-node-2/agent.nix index f344e33..16002aa 100644 --- a/nixinfra/kitteh-node-2/agent.nix +++ b/nixinfra/kitteh-node-2/agent.nix @@ -6,4 +6,5 @@ in { ]; networking.hostName = "kitteh-node-2-k3s-agent"; + environment.variables.NIX_BUILD_ID = "kitteh-node-2/agent"; } \ No newline at end of file diff --git a/nixinfra/kitteh-node-2/server.nix b/nixinfra/kitteh-node-2/server.nix index 9b0a520..3f6a771 100644 --- a/nixinfra/kitteh-node-2/server.nix +++ b/nixinfra/kitteh-node-2/server.nix @@ -6,4 +6,5 @@ in { ]; networking.hostName = "kitteh-node-2-k3s-server"; + environment.variables.NIX_BUILD_ID = "kitteh-node-2/server"; } \ No newline at end of file diff --git a/nixinfra/update.sh b/nixinfra/update.sh new file mode 100644 index 0000000..44a377f --- /dev/null +++ b/nixinfra/update.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash +if [[ "$NIX_BUILD_ID" == "" ]]; then + echo "ERROR: You have held a (potentially) broken install!" + echo "NIX_BUILD_ID is not set (should be set by default!)" + echo "Please set NIX_BUILD_ID manually. i.e:" + echo "NIX_BUILD_ID=kitteh-node-1/agent updater" + exit 1 +fi + +if [[ "$UID" != "0" ]]; then + sudo $0 $@ + exit $? +fi + +export NIX_PATH="$(printf $NIX_PATH | sed --expression="s#/etc/nixos/configuration.nix#/etc/nixos/nixinfra/$NIX_BUILD_ID.nix#g")" +nixos-rebuild switch --upgrade \ No newline at end of file