SSH_OPTIONS := "-o PubkeyAuthentication=no -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" nixdisk := "vda" nixaddr := "" hostname := lowercase(`hostname -s`) [group('nix')] [doc('update dependencies')] update-deps: nix flake update --commit-lock-file [group('nix')] [doc('a simple check to ensure the nix configuration is OK')] test-nix: nix flake check nix develop -c echo OK [group('nix')] [doc('run various formatting tools')] fmt: nix fmt [group('secrets')] [doc('edit a secret')] [macos] secrets +args: #!/etc/profiles/per-user/fcuny/bin/fish cd secrets && agenix -e {{args}}.age -i (op read "op://Personal/nixos/private key?ssh-format=openssh"|psub) [group('machines')] [doc('build the configuration for the current host')] [macos] build: darwin-rebuild build --flake .#{{hostname}} [group('machines')] [doc('switch the configuration for the current host')] [macos] switch: darwin-rebuild switch --flake .#{{hostname}} [group('machines')] [doc('build the configuration for the current host')] [linux] build: nixos-rebuild build --flake .#{{hostname}} [group('machines')] [doc('switch the configuration for the current host')] [linux] switch: nixos-rebuild switch --flake .#{{hostname}} [group('vm')] vm-bootstrap: #!/usr/bin/env bash set -euxo pipefail ssh {{SSH_OPTIONS}} root@{{nixaddr}} " \ parted /dev/{{nixdisk}} -- mklabel gpt; \ parted /dev/{{nixdisk}} -- mkpart primary 512MB 100%; \ parted /dev/{{nixdisk}} -- mkpart ESP fat32 1MB 512MB; \ parted /dev/{{nixdisk}} -- set 2 esp on; \ sleep 1; \ mkfs.ext4 -L nixos /dev/{{nixdisk}}1; \ mkfs.fat -F 32 -n boot /dev/{{nixdisk}}2; \ sleep 1; \ mount /dev/disk/by-label/nixos /mnt; \ mkdir -p /mnt/boot; \ mount /dev/disk/by-label/boot /mnt/boot; \ nixos-generate-config --root /mnt; \ sed --in-place '/system\.stateVersion = .*/a \ nix.extraOptions = \"experimental-features = nix-command flakes\";\n \ services.openssh.enable = true;\n \ services.openssh.settings.PasswordAuthentication = true;\n \ services.openssh.settings.PermitRootLogin = \"yes\";\n \ users.users.root.initialPassword = \"root\";\n \ ' /mnt/etc/nixos/configuration.nix; \ nixos-install --no-root-passwd && reboot; \ " [group('vm')] vm-copy: #!/usr/bin/env bash rsync -av -e 'ssh {{SSH_OPTIONS}}' \ --exclude='.git/' \ --exclude='result' \ --exclude='.direnv/' \ --rsync-path="sudo rsync" \ $(dirname justfile)/ {{nixaddr}}:/nix-config