From 60777a578ff0bcf9bf0195eb296abedd2d9a8c95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Krop=C3=A1=C4=8Dek?= Date: Thu, 9 Jan 2025 17:34:18 +0100 Subject: [PATCH] formatting --- scripts/fresh_install.py | 115 +++++++++++++++++++++++++++++---------- secrets/keys.json | 27 +++++---- secrets/mypassword.age | Bin 505 -> 505 bytes 3 files changed, 100 insertions(+), 42 deletions(-) diff --git a/scripts/fresh_install.py b/scripts/fresh_install.py index a706023..d49b419 100755 --- a/scripts/fresh_install.py +++ b/scripts/fresh_install.py @@ -1,11 +1,16 @@ #!/usr/bin/env python3 import argparse import json +import pathlib +import shutil import socket import time from subprocess import check_output +ROOT_DIR = pathlib.Path(__file__).parent.parent +KEYS_FILE = ROOT_DIR / "secrets" / "keys.json" + def _get_available_machines() -> list: output = check_output(["nix", "flake", "show", "--json"]) @@ -14,23 +19,39 @@ def _get_available_machines() -> list: return list(machines) -def _validate_ip(ip: str) -> bool: +def _is_valid_ip(ip: str) -> bool: try: socket.inet_aton(ip) - return False - except socket.error: return True + except socket.error: + return False def _check_ssh_connection(ip: str) -> bool: try: - check_output(["ssh", f"root@{ip}", "echo", "Connected"]) + check_output(["ssh", f"krop@{ip}", "echo", "Connected"]) return True except Exception: return False -def add_key_to_secrets(key: str): - + +def add_key_to_secrets(machine_name: str, key: str): + keys = json.loads(KEYS_FILE.read_text()) + if keys.get("servers").get(machine_name): + raise ValueError(f"Key for {machine_name} already exists, remove it first") + + keys["servers"][machine_name] = key + + for secret in keys.get("secrets"): + keys["secrets"][secret].append(f"servers:{machine_name}") + + KEYS_FILE.write_text(json.dumps(keys, indent=2)) + + +def rekey_secrets(): + agenix_bin = shutil.which("agenix") + check_output([agenix_bin, "-r"], cwd=ROOT_DIR / "secrets") + def bootstrap_machine(ip: str): check_output( @@ -40,7 +61,7 @@ def bootstrap_machine(ip: str): "github:nix-community/nixos-anywhere", "--", "--flake", - '".#bootstrap"', + ".#bootstrap", "--target-host", f"root@{ip}", "--build-on-remote", @@ -48,19 +69,41 @@ def bootstrap_machine(ip: str): ) +def install_machine(machine_name: str, ip: str): + check_output( + [ + "nixos-rebuild", + "boot", + "--flake", + f".#{machine_name}", + "--fast", + "--target-host", + f"krop@{ip}", + "--build-host", + f"krop@{ip}", + "--use-remote-sudo", + ] + ) + + def get_ssh_key(ip: str) -> str: """ This function uses machines ssh-keyscan to get the ssh key and then get the ed25519 key """ - ssh_keys = check_output( - [ - "ssh-keyscan", - "-q", - "-t", - "ed25519", - ip, - ] - ).decode("utf-8").strip().splitlines() + ssh_keys = ( + check_output( + [ + "ssh-keyscan", + "-q", + "-t", + "ed25519", + ip, + ] + ) + .decode("utf-8") + .strip() + .splitlines() + ) if len(ssh_keys) != 1: raise ValueError("Exactly one key should be returned") @@ -69,6 +112,7 @@ def get_ssh_key(ip: str) -> str: return key + def get_machine_config(machine_name: str) -> dict: output = check_output( [ @@ -81,6 +125,17 @@ def get_machine_config(machine_name: str) -> dict: return json.loads(output) +def reboot_machine(ip: str): + check_output( + [ + "ssh", + f"krop@{ip}", + "sudo", + "reboot", + ] + ) + + def main() -> int: parser = argparse.ArgumentParser(description="Install a machine") parser.add_argument( @@ -95,32 +150,32 @@ def main() -> int: f"Machine {machine_name} not found, available machines are: {_get_available_machines()}" ) - if _validate_ip(args.machine_ip): - raise ValueError(f"Invalid IP address {args.machine_ip}") + machine_ip = args.machine_ip + if not _is_valid_ip(machine_ip): + raise ValueError(f"Invalid IP address {machine_ip}") - machine_config = get_machine_config(machine_name) - # We are bootstraping the machine first because we need their ssh keys - print(f"Bootstrapping machine {args.machine_ip}") - bootstrap_machine() + print(f"Bootstrapping machine {machine_ip}") + bootstrap_machine(machine_ip) print("Machine bootstrapped") print("Waiting for ssh connection") - while not _check_ssh_connection(): + while not _check_ssh_connection(machine_ip): time.sleep(5) print("Machine is up and running") print("Getting ssh key") - ssh_key = get_ssh_key(args.machine_ip) + ssh_key = get_ssh_key(machine_ip) + print(f"SSH key: {ssh_key}") print("Adding ssh key to secrets") - add_key_to_secrets(ssh_key) + add_key_to_secrets(machine_name, ssh_key) rekey_secrets() - # Add the ssh key to keys in secrets/keys.json - # and rekey the secrets - - # install_machine() - + print("Installing machine") + install_machine(machine_name, machine_ip) + print("Machine installed, rebooting") + reboot_machine(machine_ip) + print("") return 0 diff --git a/secrets/keys.json b/secrets/keys.json index 9c54dae..53e6e45 100644 --- a/secrets/keys.json +++ b/secrets/keys.json @@ -1,13 +1,16 @@ - { - "hosts": { - "wenar-nix": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJl0Rdo2kHliBeIiPuiO4kYO5M0VZFNXw4siepV1p6Pj", - "lenar": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUnlAjPnMwJYgZb7YuholdTxifOEFnAyXVqI+xFlHw6" - }, - "servers" : { - "test-server": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4ioqiTzYe6Y6H0YfFkWyDBbCB25wYs3gKNZIufE/Sn" - }, - "secrets": { - "mypassword.age": ["hosts:wenar-nix", "hosts:lenar", "servers:test-server"] - } -} + "hosts": { + "wenar-nix": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJl0Rdo2kHliBeIiPuiO4kYO5M0VZFNXw4siepV1p6Pj", + "lenar": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUnlAjPnMwJYgZb7YuholdTxifOEFnAyXVqI+xFlHw6" + }, + "servers": { + "test-server": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4ioqiTzYe6Y6H0YfFkWyDBbCB25wYs3gKNZIufE/Sn" + }, + "secrets": { + "mypassword.age": [ + "hosts:wenar-nix", + "hosts:lenar", + "servers:test-server" + ] + } +} \ No newline at end of file diff --git a/secrets/mypassword.age b/secrets/mypassword.age index f372b0a799e6f3c51b1c627e60033bda54bee2e8..6ae2b0515b274ffac94cbe122168b274498e67fe 100644 GIT binary patch delta 451 zcmV~$OK8(z007|W*d+&#t|CH(U8EM;enxs9sws|*gnm?gQVeTLv zRFJACPhJ#v61)vhGEh&7%#$$iCVJE3WCy?RZ1rq)dGo+`BGQcgTo`dGtVL?Cqi;b% z@O+X|>b7E!ZrPBvd>mIpEc6ky+*ksx+!1`5m~nX}B?ES`2h$V{T`SK+g^}`znPS!L zGD2R}9swM$Q)S8Hgz>!0>)D(IwE;ad7@(O2v)e~%5p1$lt%zD&!O9Ae0X{V(eU2%0 zLvjpL9LPyA)uw@_cb!2uYX@YL*8n5-Tlmm-XfUgHpZr}vnBXoMvFt>tPzq(a0z0N9 zjs%&_!%7SGVPx}(-lx^6OJkH+XkE{2$4wi_qp-s_3ul%NO;fBSj@TouRBt7SaLggX zs?};a;l1HvF2ZgNwB^BkGo@>NM_^(U=7!jrR+34a1eqUfc^Z#>MLWyG2C;v7yYc*^ z^&%S|ZM?tyVeil3yZ8rtci-Ik9p>M!^7*s#hik{DZ?BE+yG7m@Y5Vn!()C|U?pZ7*XsR&Q%ZGfFr`XH7CNX-Q#bbVou$V{Ug& zGD&S$YYJLPSVLM_YI0{#V_7ybc}8V3XJt`oMQ%ezYj!zzb2Lj~L`-l{Nmy`iGzu*~ zAaiqQEoEdfH8n9gAWdjQM{IW>c2{miNn~PSX*M%yF=0?gWkxntM>0q-aBVY7LU}<{ zVNObDbvHRdVs}VI3NU7GNq9#}F*a{-c2_e*RBK3LY)43JXlz(&Q*~KIV_8X8RylZh zL19c$k?|LQO+i_AG;TpPaCTu(OKo;RRAhHacymTJR!cBSH&bJHMR8a-dTl{jcSKPN zbTV2Hp zL2P(!Q8;64Wp6PxZ!~u}Ms#>>P+3fFVMswwF;-P_H8ylba9S}q3W1vcA#T30P1ZyM zs}QEPxrv5!Ac8e#o`eE>5BC!E;4`+MDd%>-Orc~UZD%u#!{&M1*Z&X;pd0F@{ocj$ t^JII_R*769_bBgj@NUeX@p?j=n#kj&o8{{1|EBE~e?4DEE6#NV!J!l!tQG(O