provision.sh

#!/usr/bin/env nix-shell
#! nix-shell -i bash -p git curl gnupg pinentry gum sops

# shellcheck shell=bash

# HOSTNAME=$(gum input --placeholder "Enter hostname...")


function setup_disks() {
  # Format
  nix build --extra-experimental-features nix-command --extra-experimental-features flakes ".#nixosConfigurations.hexane.config.system.build.formatScript" --impure --no-link --print-out-paths | sh "$(cat -)" < /dev/tty

  # Mount
  nix build --extra-experimental-features nix-command --extra-experimental-features flakes ".#nixosConfigurations.hexane.config.system.build.mountScript" --impure --no-link --print-out-paths | sh "$(cat -)"

}

# Gpg & Yubikey
function setup_secrets() {
  chown root "$(tty)"

  gpg-agent --homedir /root/.gnupg --daemon --pinentry-program "$(which pinentry)"

  # Prompt for starting the unlock process
  echo "Please insert your Yubikey and press enter to continue..."
  read -r

  curl -sSL https://github.com/shebpamm.gpg | gpg --import -
  gpg --card-status

  # Copy deployment key from repo
  cd /root/dots-nix || exit
  sops -d secrets/age.key > /etc/ssh/ssh_sops_key

  # Copy secrets to mount
  mkdir -p /mnt/etc/ssh
  cp /etc/ssh/ssh_sops_key /mnt/etc/ssh/ssh_sops_key
}

function bootstrap() {
  echo "Bootstrapping home folder..."
  cp -r /root/dots-nix /mnt/home/shebpamm/dotfiles

  chown shebpamm:users -R /mnt/home/shebpamm
}

cd /root || exit
git clone --recurse-submodules -j8 https://github.com/shebpamm/dots-nix

nixos-generate-config --no-filesystems --dir /root/config-gen
cp /root/config-gen/hardware-configuration.nix /root/dots-nix/hosts/hexane/hardware-configuration.nix

cd dots-nix || exit

setup_disks
setup_secrets

bootstrap

nixos-install --no-root-passwd --flake ".#hexane"