From 3d127819eadaf3dd5e3d02ae5ffa29d5da3d9bc6 Mon Sep 17 00:00:00 2001 From: Christoph Schmatzler Date: Sat, 23 Aug 2025 16:37:54 +0000 Subject: [PATCH] up Signed-off-by: Christoph Schmatzler --- apps/aarch64-darwin/apply | 230 ++----------------------------- apps/aarch64-darwin/build | 32 +++-- apps/aarch64-darwin/build-switch | 60 ++++---- apps/aarch64-darwin/check-keys | 33 ----- apps/aarch64-darwin/copy-keys | 68 --------- apps/aarch64-darwin/create-keys | 46 ------- apps/aarch64-darwin/rollback | 45 ++++-- apps/x86_64-linux/apply | 168 ++-------------------- apps/x86_64-linux/build | 30 ++-- apps/x86_64-linux/build-switch | 45 ++++-- apps/x86_64-linux/rollback | 51 +++++++ flake.nix | 3 - hosts/darwin/chidi/default.nix | 23 +--- hosts/nixos/tahani/default.nix | 16 --- modules/nixos/default.nix | 1 + modules/postgresql.nix | 34 +++++ 16 files changed, 252 insertions(+), 633 deletions(-) delete mode 100755 apps/aarch64-darwin/check-keys delete mode 100755 apps/aarch64-darwin/copy-keys delete mode 100755 apps/aarch64-darwin/create-keys create mode 100644 apps/x86_64-linux/rollback create mode 100644 modules/postgresql.nix diff --git a/apps/aarch64-darwin/apply b/apps/aarch64-darwin/apply index 9cb6450..d8b16ce 100755 --- a/apps/aarch64-darwin/apply +++ b/apps/aarch64-darwin/apply @@ -1,231 +1,25 @@ #!/usr/bin/env bash +set -euo pipefail + RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' -NC='\033[0m' # No Color +BLUE='\033[0;34m' +NC='\033[0m' -# Determine the operating system -export OS=$(uname) - -# Primary network interface -if [[ "$OS" != "Darwin" ]]; then - export PRIMARY_IFACE=$(ip -o -4 route show to default | awk '{print $5}') - echo -e "${GREEN}Found primary network interface $PRIMARY_IFACE${NC}" -fi - -# Custom print function -_print() { - if [[ "$OS" == "Darwin" ]]; then - echo -e "$1" - else - echo "$1" - fi +print_info() { + echo -e "${BLUE}ℹ ${NC} $1" } -# Custom prompt function -_prompt() { - local message="$1" - local variable="$2" - - _print "$message" - read -r $variable +print_success() { + echo -e "${GREEN}✓${NC} $1" } -insert_secrets_output() { - local pattern="outputs = { self, darwin, nix-homebrew, homebrew-bundle, homebrew-core, homebrew-cask, home-manager, nixpkgs, agenix } @inputs:" - local insert_text="secrets " +HOSTNAME="${1:-$(scutil --get LocalHostName 2>/dev/null || hostname -s)}" - awk -v pat="$pattern" -v insert="$insert_text" ' - $0 ~ pat { - sub(/} @inputs:/, ", " insert "} @inputs:"); # Replace the closing brace with the insert text followed by the brace - gsub(/ ,/, ","); # Correct any spaces before commas - print - next - } - { print } - ' flake.nix > flake.nix.tmp +print_info "Applying configuration for $HOSTNAME" - mv flake.nix.tmp flake.nix -} +nix run nix-darwin -- switch --flake ".#$HOSTNAME" "${@:2}" -insert_secrets_input() { - # Define file path - FILE_PATH="flake.nix" - - # Backup the original file - cp "$FILE_PATH" "${FILE_PATH}.bak" - - # Temporary file for the text to insert - TEMP_FILE="temp_insert.txt" - - # Write the formatted text to the temporary file -cat > "$TEMP_FILE" << 'EOF' - secrets = { - url = "git+ssh://git@github.com/%GITHUB_USER%/%GITHUB_SECRETS_REPO%.git"; - flake = false; - }; -EOF - - # Check if the 'secrets' block already exists - if grep -q 'url = "git+ssh://git@github.com/%GITHUB_USER%/%GITHUB_SECRETS_REPO%.git"' "$FILE_PATH"; then - echo "The 'secrets' block already exists in the file." - rm "$TEMP_FILE" - rm "${FILE_PATH}.bak" - exit 0 - fi - - # Find the start and end line numbers of the 'disko' block - START_LINE=$(grep -n 'disko = {' "$FILE_PATH" | head -n 1 | cut -d: -f1) - END_LINE=$(tail -n +$START_LINE "$FILE_PATH" | grep -n '};' | head -n 1 | cut -d: -f1) - END_LINE=$((START_LINE + END_LINE - 1)) - - # Create a new file with the insertion - { - sed -n "1,${END_LINE}p" "$FILE_PATH" - cat "$TEMP_FILE" - sed -n "$((END_LINE + 1)),\$p" "$FILE_PATH" - } > "${FILE_PATH}.new" - - # Replace the original file with the new file - mv "${FILE_PATH}.new" "$FILE_PATH" - - # Clean up the temporary files - rm "$TEMP_FILE" - rm "${FILE_PATH}.bak" -} - - - -# Fetch username from the system -export USERNAME=$(whoami) - -# If the username is 'nixos' or 'root', ask the user for their username -if [[ "$USERNAME" == "nixos" ]] || [[ "$USERNAME" == "root" ]]; then - _prompt "${YELLOW}You're running as $USERNAME. Please enter your desired username: ${NC}" USERNAME -fi - -# Check if git is available -if command -v git >/dev/null 2>&1; then - # Fetch email and name from git config - export GIT_EMAIL=$(git config --get user.email) - export GIT_NAME=$(git config --get user.name) -else - _print "${RED}Git is not available on this system.${NC}" -fi - -# If git email is not found or git is not available, ask the user -if [[ -z "$GIT_EMAIL" ]]; then - _prompt "${YELLOW}Please enter your email: ${NC}" GIT_EMAIL -fi - -# If git name is not found or git is not available, ask the user -if [[ -z "$GIT_NAME" ]]; then - _prompt "${YELLOW}Please enter your name: ${NC}" GIT_NAME -fi - -_prompt "${YELLOW}Please enter your Github username: ${NC}" GITHUB_USER -_prompt "${YELLOW}Please enter your Github secrets repository name: ${NC}" GITHUB_SECRETS_REPO - -export GITHUB_USER -export GITHUB_SECRETS_REPO - -select_boot_disk() { - local disks - local _boot_disk - - _print "${YELLOW}Available disks:${NC}" - disks=$(lsblk -nd --output NAME,SIZE | grep -v loop) - echo "$disks" - - # Warning message for data deletion - _print "${RED}WARNING: All data on the chosen disk will be erased during the installation!${NC}" - _prompt "${YELLOW}Please enter the name of your boot disk (e.g., sda, nvme0n1). Do not include the full path ("/dev/"): ${NC}" _boot_disk - - # Confirmation for disk selection to prevent accidental data loss - _print "${YELLOW}You have selected $_boot_disk as the boot disk. This will delete everything on this disk. Are you sure? (Y/N): ${NC}" - read -r confirmation - if [[ "$confirmation" =~ ^[Yy]$ ]]; then - export BOOT_DISK=$_boot_disk - else - _print "${RED}Disk selection cancelled by the user. Please run the script again to select the correct disk.${NC}" - exit 1 - fi -} - -# Set hostname and find primary disk if this is NixOS -if [[ "$OS" != "Darwin" ]]; then - _prompt "${YELLOW}Please enter a hostname for the system: ${NC}" HOST_NAME - export HOST_NAME - select_boot_disk -fi - -# Confirmation step -confirm_details() { - _print "${GREEN}Username: $USERNAME" - _print "Email: $GIT_EMAIL" - _print "Name: $GIT_NAME${NC}" - - if([[ "$OS" != "Darwin" ]]); then - _print "${GREEN}Primary interface: $PRIMARY_IFACE" - _print "Boot disk: $BOOT_DISK" - _print "Hostname: $HOST_NAME${NC}" - fi - - _print "${GREEN}Secrets repository: $GITHUB_USER/$GITHUB_SECRETS_REPO${NC}" - - _prompt "${YELLOW}Is this correct? yes/no: ${NC}" choice - - case "$choice" in - [Nn] | [Nn][Oo] ) - _print "${RED}Exiting script.${NC}" - exit 1 - ;; - [Yy] | [Yy][Ee][Ss] ) - _print "${GREEN}Continuing...${NC}" - ;; - * ) - _print "${RED}Invalid option. Exiting script.${NC}" - exit 1 - ;; - esac -} - -# Call the confirmation function -confirm_details - -# Function to replace tokens in each file -replace_tokens() { - local file="$1" - if [[ $(basename $1) != "apply" ]]; then - if [[ "$OS" == "Darwin" ]]; then - # macOS - LC_ALL=C LANG=C sed -i '' -e "s/%USER%/$USERNAME/g" "$file" - LC_ALL=C LANG=C sed -i '' -e "s/%EMAIL%/$GIT_EMAIL/g" "$file" - LC_ALL=C LANG=C sed -i '' -e "s/%NAME%/$GIT_NAME/g" "$file" - LC_ALL=C LANG=C sed -i '' -e "s/%GITHUB_USER%/$GITHUB_USER/g" "$file" - LC_ALL=C LANG=C sed -i '' -e "s/%GITHUB_SECRETS_REPO%/$GITHUB_SECRETS_REPO/g" "$file" - else - # Linux or other - sed -i -e "s/%USER%/$USERNAME/g" "$file" - sed -i -e "s/%EMAIL%/$GIT_EMAIL/g" "$file" - sed -i -e "s/%NAME%/$GIT_NAME/g" "$file" - sed -i -e "s/%INTERFACE%/$PRIMARY_IFACE/g" "$file" - sed -i -e "s/%DISK%/$BOOT_DISK/g" "$file" - sed -i -e "s/%HOST%/$HOST_NAME/g" "$file" - sed -i -e "s/%GITHUB_USER%/$GITHUB_USER/g" "$file" - sed -i -e "s/%GITHUB_SECRETS_REPO%/$GITHUB_SECRETS_REPO/g" "$file" - fi - fi -} - -# Insert secrets repo into flake -insert_secrets_input -insert_secrets_output - -# Traverse directories and call replace_tokens on each Nix file -export -f replace_tokens -find . -type f -exec bash -c 'replace_tokens "$0"' {} \; - -echo "$USERNAME" > /tmp/username.txt -_print "${GREEN}User $USERNAME information applied.${NC}" +print_success "Configuration applied successfully" \ No newline at end of file diff --git a/apps/aarch64-darwin/build b/apps/aarch64-darwin/build index 0c4ca11..e9b30ee 100755 --- a/apps/aarch64-darwin/build +++ b/apps/aarch64-darwin/build @@ -1,19 +1,29 @@ -#!/bin/sh -e +#!/usr/bin/env bash -GREEN='\033[1;32m' +set -euo pipefail + +RED='\033[0;31m' +GREEN='\033[0;32m' YELLOW='\033[1;33m' -RED='\033[1;31m' +BLUE='\033[0;34m' NC='\033[0m' -SYSTEM_TYPE="aarch64-darwin" -FLAKE_SYSTEM="darwinConfigurations.${SYSTEM_TYPE}.system" +print_info() { + echo -e "${BLUE}ℹ ${NC} $1" +} -export NIXPKGS_ALLOW_UNFREE=1 +print_success() { + echo -e "${GREEN}✓${NC} $1" +} -echo "${YELLOW}Starting build...${NC}" -nix --extra-experimental-features 'nix-command flakes' build .#$FLAKE_SYSTEM $@ +HOSTNAME="${1:-$(scutil --get LocalHostName 2>/dev/null || hostname -s)}" -echo "${YELLOW}Cleaning up...${NC}" -unlink ./result +print_info "Building configuration for $HOSTNAME" -echo "${GREEN}Switch to new generation complete!${NC}" +nix build ".#darwinConfigurations.$HOSTNAME.system" --show-trace "${@:2}" + +if [[ -L ./result ]]; then + unlink ./result +fi + +print_success "Build completed successfully" \ No newline at end of file diff --git a/apps/aarch64-darwin/build-switch b/apps/aarch64-darwin/build-switch index ac7daec..07ba530 100755 --- a/apps/aarch64-darwin/build-switch +++ b/apps/aarch64-darwin/build-switch @@ -1,37 +1,35 @@ -#!/bin/sh -e +#!/usr/bin/env bash -GREEN='\033[1;32m' +set -euo pipefail + +RED='\033[0;31m' +GREEN='\033[0;32m' YELLOW='\033[1;33m' -RED='\033[1;31m' +BLUE='\033[0;34m' NC='\033[0m' -if [ $# -gt 0 ]; then - MACHINE_NAME="$1" - shift -else - MACHINE_NAME=$(hostname | cut -d'.' -f1) +print_info() { + echo -e "${BLUE}ℹ ${NC} $1" +} + +print_success() { + echo -e "${GREEN}✓${NC} $1" +} + +HOSTNAME="${1:-$(scutil --get LocalHostName 2>/dev/null || hostname -s)}" + +print_info "Building and switching configuration for $HOSTNAME" + +# Build +print_info "Building configuration..." +nix build ".#darwinConfigurations.$HOSTNAME.system" --show-trace "${@:2}" + +# Switch +print_info "Switching to new configuration..." +./result/sw/bin/darwin-rebuild switch --flake ".#$HOSTNAME" "${@:2}" + +if [[ -L ./result ]]; then + unlink ./result fi -if [ ! -d "hosts/darwin/$MACHINE_NAME" ]; then - echo "${RED}Error: Machine configuration '$MACHINE_NAME' not found in hosts/darwin/${NC}" - echo "${YELLOW}Available machines:${NC}" - ls -1 hosts/darwin/ | grep -v "default.nix\|shared.nix" || echo " No machine configurations found" - echo "" - echo "${YELLOW}Usage: $0 [machine-name] [additional-nix-args]${NC}" - echo " If no machine name is provided, uses current hostname: $(hostname | cut -d'.' -f1)" - exit 1 -fi - -FLAKE_SYSTEM="darwinConfigurations.${MACHINE_NAME}.system" - - -echo "${YELLOW}Building configuration for machine: ${MACHINE_NAME}${NC}" -nix --extra-experimental-features 'nix-command flakes' build .#$FLAKE_SYSTEM "$@" - -echo "${YELLOW}Switching to new generation...${NC}" -sudo ./result/sw/bin/darwin-rebuild switch --flake .#${MACHINE_NAME} - -echo "${YELLOW}Cleaning up...${NC}" -unlink ./result - -echo "${GREEN}Switch to new generation complete for ${MACHINE_NAME}!${NC}" +print_success "Build and switch completed successfully" \ No newline at end of file diff --git a/apps/aarch64-darwin/check-keys b/apps/aarch64-darwin/check-keys deleted file mode 100755 index 4bd9dd8..0000000 --- a/apps/aarch64-darwin/check-keys +++ /dev/null @@ -1,33 +0,0 @@ -#!/usr/bin/env bash -set -e - -RED='\033[0;31m' -GREEN='\033[0;32m' -NC='\033[0m' - -username=${USER} -export SSH_DIR=/Users/${username}/.ssh - -lint_keys() { - if [[ -f "${SSH_DIR}/id_ed25519" && -f "${SSH_DIR}/id_ed25519.pub" && -f "${SSH_DIR}/id_ed25519_agenix" && -f "${SSH_DIR}/id_ed25519_agenix.pub" ]]; then - echo -e "${GREEN}All SSH keys are present.${NC}" - else - echo -e "${RED}Some SSH keys are missing.${NC}" - if [[ ! -f "${SSH_DIR}/id_ed25519" ]]; then - echo -e "${RED}Missing: id_ed25519${NC}" - fi - if [[ ! -f "${SSH_DIR}/id_ed25519.pub" ]]; then - echo -e "${RED}Missing: id_ed25519.pub${NC}" - fi - if [[ ! -f "${SSH_DIR}/id_ed25519_agenix" ]]; then - echo -e "${RED}Missing: id_ed25519_agenix${NC}" - fi - if [[ ! -f "${SSH_DIR}/id_ed25519_agenix.pub" ]]; then - echo -e "${RED}Missing: id_ed25519_agenix.pub${NC}" - fi - echo -e "${GREEN}Run the createKeys command to generate the missing keys.${NC}" - exit 1 - fi -} - -lint_keys diff --git a/apps/aarch64-darwin/copy-keys b/apps/aarch64-darwin/copy-keys deleted file mode 100755 index 904cc15..0000000 --- a/apps/aarch64-darwin/copy-keys +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/env bash -set -e - -RED='\033[0;31m' -GREEN='\033[0;32m' -NC='\033[0m' - -username=${USER} -export SSH_DIR=/Users/${username}/.ssh - -handle_no_usb() { - echo -e ${RED}No USB drive found or mounted.${NC}" - echo -e ${GREEN}If you have not yet set up your keys, run the script to generate new SSH keys.${NC}" - exit 1 -} - -mount_usb() { - MOUNT_PATH="" - for dev in $(diskutil list | grep -o 'disk[0-9]'); do - MOUNT_PATH="$(diskutil info /dev/${dev} | grep \"Mount Point\" | awk -F: '{print $2}' | xargs)" - if [ -n "${MOUNT_PATH}" ]; then - echo -e "${GREEN}USB drive found at ${MOUNT_PATH}.${NC}" - break - fi - done - - if [ -z "${MOUNT_PATH}" ]; then - echo -e "${RED}No USB drive found.${NC}" - fi -} - -copy_keys() { - if [ -n "${MOUNT_PATH}" ]; then - cp "${MOUNT_PATH}/id_ed25519_agenix.pub" ${SSH_DIR} - cp "${MOUNT_PATH}/id_ed25519_agenix" ${SSH_DIR} - chmod 600 ${SSH_DIR}/id_ed25519_{agenix,agenix.pub} - else - echo -e "${RED}No USB drive found. Aborting.${NC}" - exit 1 - fi -} - -setup_ssh_directory() { - mkdir -p ${SSH_DIR} -} - -set_keys() { - cp ${MOUNT_PATH}/id_ed25519_github.pub ${SSH_DIR}/id_ed25519.pub - cp ${MOUNT_PATH}/id_ed25519_github ${SSH_DIR}/id_ed25519 - chmod 600 ${SSH_DIR}/id_ed25519 - chmod 644 ${SSH_DIR}/id_ed25519.pub -} - -change_ownership() { - chown ${username}:staff ${SSH_DIR}/id_ed25519{,.pub} - chown ${username}:staff ${SSH_DIR}/id_ed25519_{agenix,agenix.pub} -} - -setup_ssh_directory -mount_usb - -if [ -z "${MOUNT_PATH}" ]; then - handle_no_usb -else - copy_keys - set_keys - change_ownership -fi diff --git a/apps/aarch64-darwin/create-keys b/apps/aarch64-darwin/create-keys deleted file mode 100755 index 9fdfe43..0000000 --- a/apps/aarch64-darwin/create-keys +++ /dev/null @@ -1,46 +0,0 @@ -#!/usr/bin/env bash -set -e - -RED='\033[0;31m' -GREEN='\033[0;32m' -NC='\033[0m' - -username=${USER} -export SSH_DIR=/Users/${username}/.ssh - -setup_ssh_directory() { - mkdir -p ${SSH_DIR} -} - -prompt_for_key_generation() { - local key_name=$1 - if [[ -f "${SSH_DIR}/${key_name}" ]]; then - echo -e "${RED}Existing SSH key found for ${key_name}.${NC}" - cat "${SSH_DIR}/${key_name}.pub" - read -p "Do you want to replace it? (y/n) " -n 1 -r - echo - if [[ $REPLY =~ ^[Yy]$ ]]; then - return 0 # Indicate key should be replaced - else - return 1 # Indicate key should be kept - fi - fi - return 0 # Indicate no key exists, so it should be created -} - -generate_key() { - local key_name=$1 - if prompt_for_key_generation "$key_name"; then - ssh-keygen -t ed25519 -f "${SSH_DIR}/${key_name}" -N "" - chown ${username}:staff "${SSH_DIR}/${key_name}"{,.pub} - else - echo -e "${GREEN}Kept existing ${key_name}.${NC}" - fi -} - -setup_ssh_directory -generate_key "id_ed25519" -generate_key "id_ed25519_agenix" - -echo -e "${GREEN}SSH key setup complete.${NC}" -echo -e "${GREEN}Remember to add the necessary keys to Github or other services as required.${NC}" diff --git a/apps/aarch64-darwin/rollback b/apps/aarch64-darwin/rollback index 611ffaa..5997d52 100755 --- a/apps/aarch64-darwin/rollback +++ b/apps/aarch64-darwin/rollback @@ -1,24 +1,41 @@ -#!/bin/sh -e +#!/usr/bin/env bash -GREEN='\033[1;32m' +set -euo pipefail + +RED='\033[0;31m' +GREEN='\033[0;32m' YELLOW='\033[1;33m' -RED='\033[1;31m' +BLUE='\033[0;34m' NC='\033[0m' -FLAKE="macos" +print_info() { + echo -e "${BLUE}ℹ ${NC} $1" +} -echo "${YELLOW}Available generations:${NC}" -/run/current-system/sw/bin/darwin-rebuild --list-generations +print_success() { + echo -e "${GREEN}✓${NC} $1" +} -echo "${YELLOW}Enter the generation number for rollback:${NC}" -read GEN_NUM +print_error() { + echo -e "${RED}✗${NC} $1" +} -if [ -z "$GEN_NUM" ]; then - echo "${RED}No generation number entered. Aborting rollback.${NC}" - exit 1 +print_warning() { + echo -e "${YELLOW}⚠${NC} $1" +} + +print_info "Available generations:" +darwin-rebuild --list-generations + +echo -n "Enter generation number to rollback to: " +read -r GEN_NUM + +if [[ -z "$GEN_NUM" ]]; then + print_error "No generation number provided" + exit 1 fi -echo "${YELLOW}Rolling back to generation $GEN_NUM...${NC}" -/run/current-system/sw/bin/darwin-rebuild switch --flake .#$FLAKE --switch-generation $GEN_NUM +print_warning "Rolling back to generation $GEN_NUM..." +darwin-rebuild switch --switch-generation "$GEN_NUM" -echo "${GREEN}Rollback to generation $GEN_NUM complete!${NC}" +print_success "Rollback to generation $GEN_NUM complete" \ No newline at end of file diff --git a/apps/x86_64-linux/apply b/apps/x86_64-linux/apply index 73f5423..0152197 100755 --- a/apps/x86_64-linux/apply +++ b/apps/x86_64-linux/apply @@ -1,169 +1,29 @@ #!/usr/bin/env bash +set -euo pipefail + RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' -NC='\033[0m' # No Color +BLUE='\033[0;34m' +NC='\033[0m' -# Determine the operating system -export OS=$(uname) - -# Primary network interface -if [[ "$OS" != "Darwin" ]]; then - export PRIMARY_IFACE=$(ip -o -4 route show to default | awk '{print $5}') - echo -e "${GREEN}Found primary network interface $PRIMARY_IFACE${NC}" -fi - -# Custom print function -_print() { - if [[ "$OS" == "Darwin" ]]; then - echo -e "$1" - else - echo "$1" - fi +print_info() { + echo -e "${BLUE}ℹ ${NC} $1" } -# Custom prompt function -_prompt() { - local message="$1" - local variable="$2" - - _print "$message" - read -r $variable +print_success() { + echo -e "${GREEN}✓${NC} $1" } +HOSTNAME="${1:-tahani}" +print_info "Applying configuration for $HOSTNAME" -# Fetch username from the system -export USERNAME=$(whoami) - -# If the username is 'nixos' or 'root', ask the user for their username -if [[ "$USERNAME" == "nixos" ]] || [[ "$USERNAME" == "root" ]]; then - _prompt "${YELLOW}You're running as $USERNAME. Please enter your desired username: ${NC}" USERNAME -fi - -# Check if git is available -if command -v git >/dev/null 2>&1; then - # Fetch email and name from git config - export GIT_EMAIL=$(git config --get user.email) - export GIT_NAME=$(git config --get user.name) +if [[ "$EUID" -ne 0 ]]; then + sudo nixos-rebuild switch --flake ".#$HOSTNAME" "${@:2}" else - _print "${RED}Git is not available on this system.${NC}" + nixos-rebuild switch --flake ".#$HOSTNAME" "${@:2}" fi -# If git email is not found or git is not available, ask the user -if [[ -z "$GIT_EMAIL" ]]; then - _prompt "${YELLOW}Please enter your email: ${NC}" GIT_EMAIL -fi - -# If git name is not found or git is not available, ask the user -if [[ -z "$GIT_NAME" ]]; then - _prompt "${YELLOW}Please enter your name: ${NC}" GIT_NAME -fi - -if [[ -z "$GITHUB_USER" ]]; then - _prompt "${YELLOW}Please enter your Github username: ${NC}" GITHUB_USER -fi - -if [[ -z "$GITHUB_SECRETS_REPO" ]]; then - _prompt "${YELLOW}Please enter your Github secrets repository name: ${NC}" GITHUB_SECRETS_REPO -fi - -export GITHUB_USER -export GITHUB_SECRETS_REPO - -select_boot_disk() { - local disks - local _boot_disk - - _print "${YELLOW}Available disks:${NC}" - disks=$(lsblk -nd --output NAME,SIZE | grep -v loop) - echo "$disks" - - # Warning message for data deletion - _print "${RED}WARNING: All data on the chosen disk will be erased during the installation!${NC}" - _prompt "${YELLOW}Please enter the name of your boot disk (e.g., sda, nvme0n1). Do not include the full path ("/dev/"): ${NC}" _boot_disk - - # Confirmation for disk selection to prevent accidental data loss - _print "${YELLOW}You have selected $_boot_disk as the boot disk. This will delete everything on this disk. Are you sure? (Y/N): ${NC}" - read -r confirmation - if [[ "$confirmation" =~ ^[Yy]$ ]]; then - export BOOT_DISK=$_boot_disk - else - _print "${RED}Disk selection cancelled by the user. Please run the script again to select the correct disk.${NC}" - exit 1 - fi -} - -# Set hostname and find primary disk if this is NixOS -if [[ "$OS" != "Darwin" ]]; then - _prompt "${YELLOW}Please enter a hostname for the system: ${NC}" HOST_NAME - export HOST_NAME - select_boot_disk -fi - -# Confirmation step -confirm_details() { - _print "${GREEN}Username: $USERNAME" - _print "Email: $GIT_EMAIL" - _print "Name: $GIT_NAME${NC}" - - if([[ "$OS" != "Darwin" ]]); then - _print "${GREEN}Primary interface: $PRIMARY_IFACE" - _print "Boot disk: $BOOT_DISK" - _print "Hostname: $HOST_NAME${NC}" - fi - - _print "${GREEN}Secrets repository: $GITHUB_USER/$GITHUB_SECRETS_REPO${NC}" - - _prompt "${YELLOW}Is this correct? yes/no: ${NC}" choice - - case "$choice" in - [Nn] | [Nn][Oo] ) - _print "${RED}Exiting script.${NC}" - exit 1 - ;; - [Yy] | [Yy][Ee][Ss] ) - _print "${GREEN}Continuing...${NC}" - ;; - * ) - _print "${RED}Invalid option. Exiting script.${NC}" - exit 1 - ;; - esac -} - -# Call the confirmation function -confirm_details - -# Function to replace tokens in each file -replace_tokens() { - local file="$1" - if [[ $(basename $1) != "apply" ]]; then - if [[ "$OS" == "Darwin" ]]; then - # macOS - LC_ALL=C LANG=C sed -i '' -e "s/%USER%/$USERNAME/g" "$file" - LC_ALL=C LANG=C sed -i '' -e "s/%EMAIL%/$GIT_EMAIL/g" "$file" - LC_ALL=C LANG=C sed -i '' -e "s/%NAME%/$GIT_NAME/g" "$file" - LC_ALL=C LANG=C sed -i '' -e "s/%GITHUB_USER%/$GITHUB_USER/g" "$file" - LC_ALL=C LANG=C sed -i '' -e "s/%GITHUB_SECRETS_REPO%/$GITHUB_SECRETS_REPO/g" "$file" - else - # Linux or other - sed -i -e "s/%USER%/$USERNAME/g" "$file" - sed -i -e "s/%EMAIL%/$GIT_EMAIL/g" "$file" - sed -i -e "s/%NAME%/$GIT_NAME/g" "$file" - sed -i -e "s/%INTERFACE%/$PRIMARY_IFACE/g" "$file" - sed -i -e "s/%DISK%/$BOOT_DISK/g" "$file" - sed -i -e "s/%HOST%/$HOST_NAME/g" "$file" - sed -i -e "s/%GITHUB_USER%/$GITHUB_USER/g" "$file" - sed -i -e "s/%GITHUB_SECRETS_REPO%/$GITHUB_SECRETS_REPO/g" "$file" - fi - fi -} - -# Traverse directories and call replace_tokens on each Nix file -export -f replace_tokens -find . -type f -exec bash -c 'replace_tokens "$0"' {} \; - -echo "$USERNAME" > /tmp/username.txt -_print "${GREEN}User $USERNAME information applied.${NC}" +print_success "Configuration applied successfully" \ No newline at end of file diff --git a/apps/x86_64-linux/build b/apps/x86_64-linux/build index f390131..00f2f96 100755 --- a/apps/x86_64-linux/build +++ b/apps/x86_64-linux/build @@ -1,15 +1,29 @@ -#!/bin/sh -e +#!/usr/bin/env bash -GREEN='\033[1;32m' +set -euo pipefail + +RED='\033[0;31m' +GREEN='\033[0;32m' YELLOW='\033[1;33m' -RED='\033[1;31m' +BLUE='\033[0;34m' NC='\033[0m' -HOSTNAME="tahani" +print_info() { + echo -e "${BLUE}ℹ ${NC} $1" +} -export NIXPKGS_ALLOW_UNFREE=1 +print_success() { + echo -e "${GREEN}✓${NC} $1" +} -echo "${YELLOW}Starting build...${NC}" -nix --extra-experimental-features 'nix-command flakes' build --print-out-paths '.#nixosConfigurations."tahani".config.system.build.toplevel' --no-link $@ +HOSTNAME="${1:-tahani}" -echo "${GREEN}Build complete!${NC}" \ No newline at end of file +print_info "Building configuration for $HOSTNAME" + +nix build ".#nixosConfigurations.$HOSTNAME.config.system.build.toplevel" --show-trace "${@:2}" + +if [[ -L ./result ]]; then + unlink ./result +fi + +print_success "Build completed successfully" \ No newline at end of file diff --git a/apps/x86_64-linux/build-switch b/apps/x86_64-linux/build-switch index ed87bb1..904db10 100755 --- a/apps/x86_64-linux/build-switch +++ b/apps/x86_64-linux/build-switch @@ -1,17 +1,44 @@ -#!/bin/sh -e +#!/usr/bin/env bash -VERSION=1.0 +set -euo pipefail -GREEN='\033[1;32m' -RED='\033[1;31m' +RED='\033[0;31m' +GREEN='\033[0;32m' YELLOW='\033[1;33m' +BLUE='\033[0;34m' NC='\033[0m' -HOSTNAME="tahani" +print_info() { + echo -e "${BLUE}ℹ ${NC} $1" +} -echo -e "${YELLOW}Starting...${NC}" +print_success() { + echo -e "${GREEN}✓${NC} $1" +} -# We pass SSH from user to root so root can download secrets from our private Github -sudo SSH_AUTH_SOCK=$SSH_AUTH_SOCK /run/current-system/sw/bin/nixos-rebuild switch --flake .#$HOSTNAME $@ +print_error() { + echo -e "${RED}✗${NC} $1" +} -echo -e "${GREEN}Switch to new generation complete!${NC}" +HOSTNAME="${1:-tahani}" + +print_info "Building and switching configuration for $HOSTNAME" + +# Build +print_info "Building configuration..." +if ! nix build ".#nixosConfigurations.$HOSTNAME.config.system.build.toplevel" --no-link "${@:2}"; then + print_error "Build failed" + exit 1 +fi + +print_success "Build completed" + +# Switch - note this requires sudo permissions +print_info "Switching to new configuration (requires sudo)..." +if [[ "$EUID" -ne 0 ]]; then + sudo nixos-rebuild switch --flake ".#$HOSTNAME" "${@:2}" +else + nixos-rebuild switch --flake ".#$HOSTNAME" "${@:2}" +fi + +print_success "Build and switch completed successfully" \ No newline at end of file diff --git a/apps/x86_64-linux/rollback b/apps/x86_64-linux/rollback new file mode 100644 index 0000000..4c11d87 --- /dev/null +++ b/apps/x86_64-linux/rollback @@ -0,0 +1,51 @@ +#!/usr/bin/env bash + +set -euo pipefail + +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' + +print_info() { + echo -e "${BLUE}ℹ ${NC} $1" +} + +print_success() { + echo -e "${GREEN}✓${NC} $1" +} + +print_error() { + echo -e "${RED}✗${NC} $1" +} + +print_warning() { + echo -e "${YELLOW}⚠${NC} $1" +} + +print_info "Available system generations:" +if [[ "$EUID" -ne 0 ]]; then + sudo nix-env --profile /nix/var/nix/profiles/system --list-generations +else + nix-env --profile /nix/var/nix/profiles/system --list-generations +fi + +echo -n "Enter generation number to rollback to: " +read -r GEN_NUM + +if [[ -z "$GEN_NUM" ]]; then + print_error "No generation number provided" + exit 1 +fi + +print_warning "Rolling back to generation $GEN_NUM..." +if [[ "$EUID" -ne 0 ]]; then + sudo nix-env --profile /nix/var/nix/profiles/system --switch-generation "$GEN_NUM" && \ + sudo /nix/var/nix/profiles/system/bin/switch-to-configuration switch +else + nix-env --profile /nix/var/nix/profiles/system --switch-generation "$GEN_NUM" && \ + /nix/var/nix/profiles/system/bin/switch-to-configuration switch +fi + +print_success "Rollback to generation $GEN_NUM complete" \ No newline at end of file diff --git a/flake.nix b/flake.nix index 249d20b..87000e5 100644 --- a/flake.nix +++ b/flake.nix @@ -119,9 +119,6 @@ "apply" "build" "build-switch" - "copy-keys" - "create-keys" - "check-keys" "rollback" ]; in { diff --git a/hosts/darwin/chidi/default.nix b/hosts/darwin/chidi/default.nix index c6450ae..781c3f5 100644 --- a/hosts/darwin/chidi/default.nix +++ b/hosts/darwin/chidi/default.nix @@ -7,6 +7,7 @@ }: { imports = [ ../shared.nix + ../../../modules/postgresql.nix ]; networking.hostName = "chidi"; @@ -18,28 +19,6 @@ services.postgresql = { enable = true; - package = pkgs.postgresql_17; - enableTCPIP = true; - port = 5432; - ensureDatabases = ["postgres"]; - ensureUsers = [ - { - name = "postgres"; - ensureDBOwnership = true; - } - { - name = "cschmatzler"; - ensureClauses = { - superuser = true; - createdb = true; - }; - } - ]; - authentication = pkgs.lib.mkForce '' - local all all trust - host all all 127.0.0.1/32 trust - host all all ::1/128 trust - ''; }; services.syncthing.settings.folders = { diff --git a/hosts/nixos/tahani/default.nix b/hosts/nixos/tahani/default.nix index b028823..0f4fa61 100644 --- a/hosts/nixos/tahani/default.nix +++ b/hosts/nixos/tahani/default.nix @@ -67,23 +67,7 @@ services.postgresql = { enable = true; - package = pkgs.postgresql_17; extensions = [pkgs.postgresql17Packages.timescaledb]; - enableTCPIP = true; - ensureDatabases = ["postgres"]; - ensureUsers = [ - { - name = "postgres"; - ensureDBOwnership = true; - } - { - name = "cschmatzler"; - ensureClauses = { - superuser = true; - createdb = true; - }; - } - ]; authentication = pkgs.lib.mkOverride 10 '' local all all trust host all all 127.0.0.1/32 trust diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 9917f6f..c624271 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -8,6 +8,7 @@ }: { imports = [ ../core.nix + ../postgresql.nix ./firewall.nix ./ssh.nix ./adguard.nix diff --git a/modules/postgresql.nix b/modules/postgresql.nix new file mode 100644 index 0000000..8a7b8ca --- /dev/null +++ b/modules/postgresql.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + pkgs, + user, + ... +}: { + config = lib.mkIf config.services.postgresql.enable { + services.postgresql = { + package = pkgs.postgresql_17; + enableTCPIP = true; + settings.port = 5432; + ensureDatabases = ["postgres"]; + ensureUsers = [ + { + name = "postgres"; + ensureDBOwnership = true; + } + { + name = user; + ensureClauses = { + superuser = true; + createdb = true; + }; + } + ]; + authentication = '' + local all all trust + host all all 127.0.0.1/32 trust + host all all ::1/128 trust + ''; + }; + }; +}