feat(nixos-anywhere): add deploy script and docs in README.md

2025-03-27 07:25:34 +08:00 · 2025-03-27 07:25:34 +08:00 · 8a272b6410
commit 8a272b6410
parent 9a84dbf525
4 changed files with 87 additions and 13 deletions
--- a/configs/shell/scripts/default.nix
+++ b/configs/shell/scripts/default.nix
@ -11,6 +11,7 @@

      (pkgs.writeShellScriptBin "rebuild" (builtins.readFile ./rebuild.sh))
      (pkgs.writeShellScriptBin "byebye" (builtins.readFile ./byebye.sh))
+      (pkgs.writeShellScriptBin "deploy" (builtins.readFile ./deploy.sh))
    ];
  };
 }
--- a/configs/shell/scripts/deploy.sh
+++ b/configs/shell/scripts/deploy.sh
@ -0,0 +1,43 @@
+# Set default values
+flake=".#default" # Default flake attribute if none is provided
+target_host="nixos@<hostname>" # Default target host
+
+# Process command-line arguments
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --flake)
+      flake="$2"
+      shift # past argument
+      shift # past value
+      ;;
+    --target-host)
+      target_host="$2"
+      shift # past argument
+      shift # past value
+      ;;
+    *)
+      echo "Unknown option: $1" >&2
+      exit 1
+      ;;
+  esac
+done
+
+# Prepare temporary directory and copy necessary files
+root=$(mktemp -d)
+sudo mkdir -p ${root}/home/rafiq/.config/sops/age
+sudo cp ~/.config/sops/age/keys.txt "${root}/home/rafiq/.config/sops/age/keys.txt"
+sudo mkdir -p ${root}/home/rafiq/.ssh
+sudo cp ~/.ssh/id_ed25519 "${root}/home/rafiq/.ssh/id_ed25519"
+sudo cp ~/.ssh/id_ed25519.pub "${root}/home/rafiq/.ssh/id_ed25519.pub"
+
+# Run nixos-anywhere
+sudo nix run github:nix-community/nixos-anywhere -- \
+  --flake "${flake}" \
+  --target-host "${target_host}" \
+  --copy-host-keys \
+  --extra-files "${root}" \
+  --chown /home/rafiq/.config 1000:100 \
+  --chown /home/rafiq/.ssh 1000:100
+
+# Clean up the temporary directory
+sudo rm -rf "$root"
--- a/configs/users.nix
+++ b/configs/users.nix
@ -18,19 +18,27 @@
  time.timeZone = "Asia/Singapore";
  i18n.defaultLocale = "en_SG.UTF-8";

-  users.mutableUsers = false; # Always reset users on system activation
+  users = {
+    mutableUsers = false; # Always reset users on system activation

-  users.users.rafiq = {
-    isNormalUser = true;
-    description = "rafiq";
-    hashedPasswordFile = config.sops.secrets.password.path;
-    extraGroups = [
-      "networkmanager"
-      "wheel"
-    ];
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n"
-    ];
+    groups.users = {
+      gid = 100;
+      members = [ "rafiq" ];
+    };
+
+    users.rafiq = {
+      isNormalUser = true;
+      description = "rafiq";
+      hashedPasswordFile = config.sops.secrets.password.path;
+      uid = 1000;
+      extraGroups = [
+        "networkmanager"
+        "wheel"
+      ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n"
+      ];
+    };
  };

  home-manager.users.rafiq.home = {
@ -38,5 +46,4 @@
    homeDirectory = "/home/rafiq";
    stateVersion = "25.05";
  };
-
 }