Nix configurations for my homelab
yemou.pink
1#!/bin/sh
2# Script to build nixos configuration with hidden values
3# (these values will appear in the nix store)
4
5# Steps:
6# 1. Copy all files into a temp directory that is only readable by root (use `git ls-files`)
7# 2. Check if hidden/network.json exists and is staged
8# 3. Use `sops decrypt --in-place hidden/network.json` to decrypt hidden values for use by nix
9# 4. Run `sudo nixos-rebuild switch --flake $TEMPDIR#$HOSTNAME`
10# 5. Remove temporary directory if build was sucessful
11
12hostname=$(hostname)
13
14temp_dir=$(mktemp -dt nix-config.XXX)
15
16(
17 cd /config || exit 1
18 for file in $(git ls-files)
19 do cp --parents "$file" "$temp_dir/"
20 done
21)
22
23for json in "$temp_dir/hidden/"*".json"
24do SOPS_AGE_KEY_FILE=${SOPS_AGE_KEY_FILE:=/data/keys.txt} sops decrypt --in-place "$json"
25done
26
27nixos-rebuild switch --flake "$temp_dir#$hostname" "$@"
28rm -r "$temp_dir"