From f327b8e868d99c2775e7afde84472566fe805c8d Mon Sep 17 00:00:00 2001 From: DannyDannyDanny Date: Tue, 31 Mar 2026 14:26:46 +0200 Subject: [PATCH] =?UTF-8?q?feat:=20add=20post-install=20provisioning=20scr?= =?UTF-8?q?ipt=20=F0=9F=9B=A0=EF=B8=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Standalone script for completing provisioning after disko-install (mounts installed system, clones dotfiles, installs SSH key, generates hardware config). Run via curl for single-command provisioning. --- scripts/post-install-provision.sh | 55 +++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100755 scripts/post-install-provision.sh diff --git a/scripts/post-install-provision.sh b/scripts/post-install-provision.sh new file mode 100755 index 0000000..2532b11 --- /dev/null +++ b/scripts/post-install-provision.sh @@ -0,0 +1,55 @@ +#!/bin/bash +# Run after disko-install when LUKS is already open. +# Usage: curl -fsSL https://raw.githubusercontent.com/DannyDannyDanny/dotfiles/main/scripts/post-install-provision.sh | sudo bash -s -- phantom-ship +set -euo pipefail + +HOSTNAME="${1:-phantom-ship}" +USB_DATA="/tmp/usb-data" +REPO="https://github.com/DannyDannyDanny/dotfiles.git" + +echo "=== Post-install provisioning for ${HOSTNAME} ===" + +# Mount installed system (LUKS already open from disko-install) +mount /dev/mapper/crypted /mnt +mount /dev/disk/by-partlabel/disk-main-ESP /mnt/boot 2>/dev/null || true +for d in dev proc sys; do mount --bind /$d /mnt/$d; done + +# Clone dotfiles +if [[ ! -d /mnt/etc/dotfiles ]]; then + chroot /mnt nix run --extra-experimental-features "nix-command flakes" nixpkgs#git -- \ + clone "$REPO" /etc/dotfiles + echo "[ok] dotfiles cloned" +else + echo "[skip] dotfiles already present" +fi + +# Install SSH key +if [[ -f "$USB_DATA/authorized_keys" ]]; then + mkdir -p /mnt/home/danny/.ssh + cp "$USB_DATA/authorized_keys" /mnt/home/danny/.ssh/authorized_keys + chmod 700 /mnt/home/danny/.ssh + chmod 600 /mnt/home/danny/.ssh/authorized_keys + chroot /mnt chown -R danny:users /home/danny/.ssh + echo "[ok] SSH key installed" +else + echo "[warn] no authorized_keys on USB — add SSH key manually after boot" +fi + +# Generate hardware config +nixos-generate-config --show-hardware-config --root /mnt \ + > /mnt/etc/dotfiles/nixos/hosts/${HOSTNAME}-hardware.nix +echo "[ok] hardware config saved to hosts/${HOSTNAME}-hardware.nix" + +# Copy hardware config to USB for committing from Mac +mkdir -p "$USB_DATA" +cp /mnt/etc/dotfiles/nixos/hosts/${HOSTNAME}-hardware.nix "$USB_DATA/" +echo "[ok] hardware config also copied to USB ($USB_DATA/)" + +umount -R /mnt +cryptsetup close crypted 2>/dev/null || true + +echo "" +echo "=== Done! Remove USB and reboot. ===" +echo "After unlocking LUKS, SSH in: ssh danny@${HOSTNAME}" +echo "Then: cd /etc/dotfiles/nixos && sudo nixos-rebuild switch --flake .#${HOSTNAME}" +echo "Commit ${HOSTNAME}-hardware.nix from the USB back to the repo."