jaspermayone.com
@jaspermayone.com's dotfiles
try and rekey again
+95
-27
+69
scripts/deploy
+69
scripts/deploy
···
1
+
#!/usr/bin/env bash
2
+
set -euo pipefail
3
+
4
+
FLAKE_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
5
+
6
+
usage() {
7
+
echo "Usage: deploy <hostname> [options]"
8
+
echo ""
9
+
echo "Deploy NixOS configuration to a machine"
10
+
echo ""
11
+
echo "Options:"
12
+
echo " -l, --local Use local flake instead of GitHub"
13
+
echo " -b, --boot Only build and set as boot config (don't switch)"
14
+
echo " -t, --test Test config without adding to boot menu"
15
+
echo " -h, --help Show this help"
16
+
echo ""
17
+
echo "Examples:"
18
+
echo " deploy alastor # Deploy to alastor from GitHub"
19
+
echo " deploy alastor -l # Deploy to alastor from local flake"
20
+
echo " deploy remus --boot # Build for remus, activate on next boot"
21
+
exit 1
22
+
}
23
+
24
+
[[ $# -lt 1 ]] && usage
25
+
26
+
HOST="$1"
27
+
shift
28
+
29
+
FLAKE="github:jaspermayone/dots"
30
+
ACTION="switch"
31
+
32
+
while [[ $# -gt 0 ]]; do
33
+
case "$1" in
34
+
-l|--local)
35
+
FLAKE="$FLAKE_ROOT"
36
+
shift
37
+
;;
38
+
-b|--boot)
39
+
ACTION="boot"
40
+
shift
41
+
;;
42
+
-t|--test)
43
+
ACTION="test"
44
+
shift
45
+
;;
46
+
-h|--help)
47
+
usage
48
+
;;
49
+
*)
50
+
echo "Unknown option: $1"
51
+
usage
52
+
;;
53
+
esac
54
+
done
55
+
56
+
CURRENT_HOST=$(hostname)
57
+
58
+
echo "Deploying $HOST ($ACTION) from $FLAKE"
59
+
60
+
if [[ "$HOST" == "$CURRENT_HOST" ]]; then
61
+
# Local deploy
62
+
sudo nixos-rebuild "$ACTION" --flake "$FLAKE#$HOST"
63
+
else
64
+
# Remote deploy
65
+
nixos-rebuild "$ACTION" \
66
+
--flake "$FLAKE#$HOST" \
67
+
--target-host "$HOST" \
68
+
--use-remote-sudo
69
+
fi
+6
-6
secrets/bore-token.age
+6
-6
secrets/bore-token.age
···
1
1
age-encryption.org/v1
2
-
-> ssh-ed25519 1uIO/w NKXV7eGMvfEkqJB1Tx6C0AA8u9VVucyK1TB524TV/lY
3
-
j8TY/6N5yTrREhjht/UPh4/7fm9jFv2oGetdA/Ooew4
4
-
-> X25519 41EKixt7uUThdtUMHe6fazvkG6Xmh/Y+Zo+dULWrHQk
5
-
p2RVvOoE7wKANJo2jhL3HxI7WU1dkP0fRvO2i7hq4eY
6
-
--- X3rDAetP/QLjS5pVWD6jaMxT7QVfzvuGL/2AvkyRWIg
7
-
��h�ll�im>vh>�V��+�R�VUg
Ѥ̄���/`m���F ��0�|�]����k�cs�dA����'���W
�S��&|B� �?
�Yo6�� F�
2
+
-> ssh-ed25519 1uIO/w i4xIBsz48J5D9nyFRQNanpzUZeF3zHLadBzUVH00YSU
3
+
pqZG/oZrr+DqKZASc5BhifaeXmcWSibxGhtn734pdWU
4
+
-> ssh-ed25519 U0D80g q8YKmiWrxPCUx5JTO9TbW2kjgs85ecMtCJdkMOUCqBw
5
+
eVQfYKa4LwOogaGRnKvvMubezn5DW6dvVilKo28YjR0
6
+
--- YxiZUYTwPg9DKp0G3KvYXg/jUkgS43ErqFOMs1QQylY
7
+
�7
�CE�5�S����N]���[��=�gv!9)�{,��z�����**��O�����4B� ����#������/��N|HB*����+�"l��w��
secrets/cloudflare-credentials.age
secrets/cloudflare-credentials.age
This is a binary file and will not be displayed.
+6
-6
secrets/frps-token.age
+6
-6
secrets/frps-token.age
···
1
1
age-encryption.org/v1
2
-
-> ssh-ed25519 1uIO/w GPcOF6opAf8Si7QAfd9fjK9fG6WSQJzj+ymkF40YxyE
3
-
K+ftkKeuhat+NXaYtLxd/izEzW7NHwIRYo3MZ1bijgs
4
-
-> X25519 ucehr5XdtyzkYzksB0Rf6PHQWBjCKjTdCkcJ2/ugg0I
5
-
EncgmPvxRkW4I1Iw/mGhtaSjfFtntAyVWlcuycSic/s
6
-
--- 3c1CqUSjPe5hunZRdDpJb2kcQhUhqZkw4w7pXk/CSbg
7
-
Y�/��B
��0��JPH�%��<�D"w��>-�C~��)�xAْ����
��#m���z�]�:(�;K�r.�_V%�@�{�
r����`(oO��TJt'~�
2
+
-> ssh-ed25519 1uIO/w Md686UNz7vBZlE83XHeb8vS77EEDIzJB3q9oqdV1cWE
3
+
Io/q1QTgJ1njo3c3cFZyzIBzMlFb7W0ZWGdwxML1bbk
4
+
-> ssh-ed25519 U0D80g jllO1wDfFzZYrOeSjJj8Odg4BOz6uW6DA/8n2M7lYGY
5
+
+xsyhi71BGexZD5blmlzXwSj05PiEJfwCBpQgwmff+8
6
+
--- h2egPlh6NieyGrVZS1bsJ5DQi55O1DuOZ1J66ZdOrnk
7
+
�jo��`2��jn�z�����ˮ��y6R�=}L�|�����_?͉�u�P
!�dz�w��[�
W(
�2nP#�
�:Fg��K�����8>
���4
+7
-7
secrets/github-token.age
+7
-7
secrets/github-token.age
···
1
1
age-encryption.org/v1
2
-
-> ssh-ed25519 1uIO/w VQM59EnKPNBJbRz3SC8Q+84muZMunthAGjwutg6UghA
3
-
oITQVPo/Pw9zss1moruLY0FGmzMP+sM+QJxIKOs5nfk
4
-
-> X25519 /hz7+CDvab26gDnuxdsYH7CiyYmT2rrFn7SorGSMjBw
5
-
rVdaSpOSmv/DX5eCS+UO8PJa4VLDKrs2biDjGE8fX3M
6
-
--- OOtTgZmqmD04fbKd+tR/LTBdRkgvm14rpDxEfxPqVWw
7
-
�_�4�[�$�F�[ܛ��N
w����Ҵk���rV
ā�2�x��c���0i
c!�"�S~�F
��?�vc�Kg�r�(Q9�F���o�{��2g���ߏ9��
8
-
�<�?;)�$u�B��Z�1���dkW����R([ ��њtO�
2
+
-> ssh-ed25519 1uIO/w EQiA+QLCsKovZt2Nn9903CUy46SI1m1lKcTq1WtYnHw
3
+
3mZXcu/plHGc4MLpA9H3+I4+TB2vYRXMC7dlOAPT79g
4
+
-> ssh-ed25519 U0D80g fMk1mQIFWSg4FZBjGXDIbJpHrM7w6HBXMfdISTIBZFc
5
+
dw8Wuj/wng/CzSDVAkvTff4IbzTCwGSmgpSwllkb+Jo
6
+
--- jkQfN7uP6S03QaMML6aoT9GCPNkAf42ATG0Z/SocWig
7
+
���
%�Ȟ��$m���ʏ�g�q�K|���-�ʤ�
���n�.��5J}�Pkf[
����R;�r,)��!����eL�yߨ����ڢ���6OQiN�c�cvR�W�WlG���(�³����O��
x-���
8
+
�Qc��"|
secrets/knot-secret.age
secrets/knot-secret.age
This is a binary file and will not be displayed.
secrets/pds-mailer.age
secrets/pds-mailer.age
This is a binary file and will not be displayed.
secrets/pds.age
secrets/pds.age
This is a binary file and will not be displayed.
+1
-1
secrets/secrets.nix
+1
-1
secrets/secrets.nix
···
8
8
jsp = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHm7lo7umraewipgQu1Pifmoo/V8jYGDHjBTmt+7SOCe jsp@remus";
9
9
10
10
# Host SSH public keys (converted to age format with ssh-to-age)
11
-
alastor = "age1ltqszzylcmcvdatezqagnpzyps8layutdq7fae8a672ys6feyadqdufecy";
11
+
alastor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwkC1CiWpLB10NNVaJwu4LSyiL0wM7ExI1VoKqIsgeG root@alastor-vnic";
12
12
13
13
# Groups for convenience
14
14
allUsers = [ jsp ];
+6
-7
secrets/wifi-passwords.age
+6
-7
secrets/wifi-passwords.age
···
1
1
age-encryption.org/v1
2
-
-> ssh-ed25519 1uIO/w FoIbXkdWCMPoAcZbGCmbg+pR6Nq13j+YNA1dPjC4Jwo
3
-
rWD4HVVHWkOZk0Uh/S3x753QaCxDZY/cBYD0MWapsnQ
4
-
-> X25519 jMvBSee7GB2LANtUgs44kFgcXBU8TSeUKrDRFaOt/Xs
5
-
ClWYlZnPhThHb0aPU6IfH3DXzH3M+CUwxUlO01rLcks
6
-
--- 6C//6Op36zDKw48VQVSQfVVDC/CGSWwHVQvZnrvKaNA
7
-
B��1��KN���
]yA_;��
8
-
�)�� ��K�4�oZ�[{��Ixx�<�7�����t�e��ce� �_�g������Y�-�
2
+
-> ssh-ed25519 1uIO/w aJAyeyz5P9v86+CLa4guLId2kUFf0GzeiTinvhr33Ec
3
+
I5R70s12LRNfqLh6RUE/3CCySrfKXMHhpIWXb67b6hg
4
+
-> ssh-ed25519 U0D80g LDlwtocVA/ACCMJTb8ECgeU9KxV49ecWotuhzqiv8X8
5
+
XDgTx5UDNiM0twMYPpax9TByFX0MtX+X3rb30DSTiY4
6
+
--- Nj8WkxFu5ZiExjpY+gWidax7SwMCzP0Y9QCoxeK9F44
7
+
��_���*��jn�fr1|��]t�a��|N|����fa���-("<�(�����Z/�F���
aA���e�=�ͤD�)ٌ��