-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathJustfile
More file actions
76 lines (56 loc) · 2.53 KB
/
Justfile
File metadata and controls
76 lines (56 loc) · 2.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
default: deploy
inspect:
nix run github:bluskript/nix-inspect -- -p .
install hostname target *FLAGS:
nix run github:nix-community/nixos-anywhere -- \
--flake .#{{ hostname }} \
--target-host {{ target }} \
--copy-host-keys \
--disko-mode disko \
{{ FLAGS }}
bootstrap hostname disk:
nix --extra-experimental-features "nix-command flakes" run 'github:nix-community/disko#disko-install' -- --flake .#{{ hostname }} --disk main {{ disk }}
generate-hardware-config hostname target:
ssh {{ target }} "nix --extra-experimental-features nix-command --extra-experimental-features flakes shell nixpkgs#nixos-install-tools -c nixos-generate-config --show-hardware-config --no-filesystems" > ./configurations/{{ hostname }}/hardware-configuration.nix
build-disko-image hostname:
nix --extra-experimental-features nix-command --extra-experimental-features flakes build .#nixosConfigurations.{{ hostname }}.config.system.build.diskoImages --log-format internal-json |& nom --json
build:
nixos-rebuild build --flake .# --sudo --log-format internal-json |& nom --json
deploy:
nixos-rebuild switch --flake .# --sudo --log-format internal-json |& nom --json
boot:
nixos-rebuild boot --flake .# --sudo --log-format internal-json |& nom --json
dryrun:
nixos-rebuild dry-run --flake .# --sudo --log-format internal-json |& nom --json
darwin-bootstrap:
sudo nix --extra-experimental-features nix-command --extra-experimental-features flakes run nix-darwin -- switch --flake .#
darwin-deploy:
nh darwin switch .#
gc:
# remove all generations older than 7 days
sudo nix profile wipe-history --profile /nix/var/nix/profiles/system --older-than 7d
# garbage collect all unused nix store entries
sudo nix store gc --debug
update:
nix flake update
scan-age-key target:
ssh {{ target }} cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
updatekeys:
sops updatekeys secrets/* -y
rdeploy:
deploy
rdeploy-host hostname:
deploy .#{{ hostname }}
rdeploy-host-bare hostname target:
nixos-rebuild switch --flake .#{{ hostname }} --target-host {{ target }} --log-format internal-json |& nom --json
st-generate:
#!/usr/bin/env sh
export STHOMEDIR=$(mktemp -d)
nix run nixpkgs#syncthing -- generate
export STCERT=$(cat ${STHOMEDIR}/cert.pem)
export STKEY=$(cat ${STHOMEDIR}/key.pem)
export OUTPUT=secrets/st-${HOSTNAME}.yaml
yq --null-input '
.st_cert = strenv(STCERT) | .st_cert style="literal" |
.st_key = strenv(STKEY) | .st_key style="literal"
' | sops -e --filename-override ${OUTPUT} /dev/stdin > ${OUTPUT}