nixos/configure.sh

#!/usr/bin/env bash

# Change into script dir.
cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null || exit
nixosDir=$(pwd)

# Defaults
defaultHostname="nixos"
defaultSwap="8G"
defaultName="grmrgecko"
defaultDescription="James Coleman"
defaultGitName="GRMrGecko"
defaultGitEmail="grmrgecko@gmail.com"

# A simple function to print an array.
CHOICE=0
chooseOpts() {
    local opts i
    CHOICE=-1
    opts=("$@")
    # Keep an index to properly index the options.
    i=0
    echo
    # For each option, print it and increment the index.
    for opt in "${opts[@]}"; do
        echo "$i) $opt"
        i=$((i+1))
    done
    # Ask for their choice.
    echo
    echo -n "Enter choice: "
    read -r CHOICE
    # Check inputted index range.
    if ((CHOICE >= ${#opts[@]} || CHOICE < 0)); then
        echo "Invalid range"
        chooseOpts "$@"
    fi
}

# A looping function to choose Y or N.
chooseYN() {
    # Determine the default based on upper case Y or N in prompt.
    local default=""
    if [[ "$1" =~ \[.*([YN]).*\] ]]; then
        default=${BASH_REMATCH[1]}
    fi

    # Loop for the choice.
    while true; do
        # Prompt for choice.
        echo -n "$1: "
        read -r CHOICE

        # If choice is empty, set choice to the default.
        [[ -z $CHOICE ]] && CHOICE=$default

        # If choice does not equal Y or N, continue.
        # Otherwise set the global CHOICE variable to lowercase y or n.
        # Lowercase allows for easy logic in code that calls this function.
        if [[ "$CHOICE" =~ ^[yY]$ ]]; then
            CHOICE="y"
        elif [[ "$CHOICE" =~ ^[nN]$ ]]; then
            CHOICE="n"
        else
            continue
        fi
        break
    done
}

remoteAddr=""
echo "If you are configuring a remote machine, ensure you have ssh access with keys."
echo -n "Configuring [local machine]: "
read -r CHOICE
if [[ -n $CHOICE ]]; then
    remoteAddr="$CHOICE"
fi
sshCmd=""
if [[ -n $remoteAddr ]]; then
    if ssh "$remoteAddr" /usr/bin/env true; then
        sshCmd="ssh $remoteAddr"
    else
        echo "Unable to confirm connection to remote $remoteAddr"
    fi
fi

# Determine video drivers based on PCI devices.
videoDrivers="unknown"
pciRaw=$($sshCmd lspci | grep -E 'VGA')
if [[ "$pciRaw" =~ QXL ]]; then
    videoDrivers="qxl"
elif [[ "$pciRaw" =~ NVIDIA ]]; then
    videoDrivers="nvidia"
elif [[ "$pciRaw" =~ AMD ]]; then
    videoDrivers="amdgpu"
fi

# Get the packages souce, rather its unstable or stable.
PACKAGESOPTS=(
    "stable"
    "unstable"
)
echo "Packages source"
chooseOpts "${PACKAGESOPTS[@]}"
PACKAGES=${PACKAGESOPTS[$CHOICE]}

# Get the profile for this system.
PROFILEOPTS=()
# Build profile list from profiles directory.
for profile in ./profiles/*.nix; do
    PROFILEOPTS+=("$(basename "${profile%.*}")")
done
echo "Choose your profile"
chooseOpts "${PROFILEOPTS[@]}"
PROFILE=${PROFILEOPTS[$CHOICE]}

# Get the hostname.
echo -n "Choose hostname [$defaultHostname]: "
read -r hostName
[[ -z $hostName ]] && hostName=$defaultHostname

# Determine default disk.
diskDefault=""
[[ -e /dev/sda ]] && diskDefault="/dev/sda"
[[ -e /dev/vda ]] && diskDefault="/dev/vda"
echo
echo "Select a disk from the list below:"
# List disks to allow a choice to be made without stopping
# configuration and verifying available disks.
$sshCmd lsblk -o PATH,ID-LINK,SIZE -t
echo
echo -n "Choose disk (/dev/disk/by-id/{ID-LINK}) [$diskDefault]: "
read -r disk
# If selected disk is none, use the default disk determined above.
[[ -z $disk ]] && disk=$diskDefault

# Get the swap size.
echo -n "Swap size [$defaultSwap]: "
read -r swapSize
[[ -z $swapSize ]] && swapSize=$defaultSwap

# Determine if we should LUKS encrypt the disk.
luks="false"
chooseYN "Use LUKS Encryption? [N/y]"
if [[ "$CHOICE" == "y" ]]; then
    luks="true"
    # Get a password from the user, with confirmation to ensure
    # we are not setting a typo.
    while true; do
        echo -n "Enter your luks encryption passphrase: "
        read -r -s luksPasswd
        echo
        echo -n "Confirm your luks encryption passphrase: "
        read -r -s confirmLuksPasswd
        echo
        if [[ "$luksPasswd" == "$confirmLuksPasswd" ]]; then
            break
        fi
        echo "Passwords do not match, try again."
    done
    # Save the password to the tmpfs for disko to pick up during partitioning.
    echo -n "$luksPasswd" | $sshCmd dd of=/tmp/secret.key
fi

# Get username for the main user.
echo -n "Main user name [$defaultName]: "
read -r name
[[ -z $name ]] && name=$defaultName

# Get description for the main user.
echo -n "Main user description [$defaultDescription]: "
read -r description
[[ -z $description ]] && description=$defaultDescription

# Determine password for main user, verifying no typos.
while true; do
    echo -n "Enter password for main user: "
    read -r -s mainPasswd
    echo
    echo -n "Confirm your password for main user: "
    read -r -s confirmMainPasswd
    echo
    if [[ "$mainPasswd" == "$confirmMainPasswd" ]]; then
        break
    fi
    echo "Passwords do not match, try again."
done
# Use mkpasswd to create a hashed password with the lastest
# linux password hashing algorithm.
password=$($sshCmd mkpasswd "\"$mainPasswd\"")

# Determine SSH keys to allow into the system.
sshKeys=()
while true; do
    echo "To exit loop, press enter."
    echo -n "Add ssh key (Github Username or ssh key): "
    read -r keyToAdd

    # If empty, exit loop as all keys were selected.
    [[ -z $keyToAdd ]] && break

    # If matches an ssh public key, add to list.
    if [[ "$keyToAdd" =~ ^ssh-.* ]]; then
        echo "Added key: $keyToAdd"
        sshKeys+=("$keyToAdd")
        continue
    fi

    # If is an username, check github for all keys and add them.
    if [[ "$keyToAdd" =~ ([a-zA-Z0-9]+) ]]; then
        githubUsername=${BASH_REMATCH[1]}
        while read -r key; do
            if [[ $key == "Not Found" ]]; then
                echo "Github user provided not found"
                continue
            fi
            echo "Adding key: $key"
            sshKeys+=("$key")
        done < <(curl -s -q "https://github.com/$githubUsername.keys")
    fi
done

# Determine if we want to autologin to the main user,
# this may be desirable on full disk encrypted machines.
autoLogin="false"
chooseYN "Autologin to main user? [N/y]"
if [[ "$CHOICE" == "y" ]]; then
    autoLogin="true"
fi

# Get git name.
echo -n "Git name [$defaultGitName]: "
read -r gitName
[[ -z $gitName ]] && gitName=$defaultGitName

# Get git email.
echo -n "Git email [$defaultGitEmail]: "
read -r gitEmail
[[ -z $gitEmail ]] && gitEmail=$defaultGitEmail

# Generate settings.nix file with above choosen options.
echo "Generating settings.nix:"
cat <<EOF | tee "$nixosDir/settings.nix"
rec {
  system = "x86_64-linux";
  timezone = "America/Chicago";
  locale = "en_US.UTF-8";
  packages = "${PACKAGES}";
  profile = "${PROFILE}";
  hostId = "$(tr -dc a-f0-9 </dev/urandom | head -c 8)";
  hostName = "${hostName}";
  videoDrivers = "${videoDrivers}";
  disk = {
    device = "${disk}";
    swapSize = "${swapSize}";
    luks = ${luks};
  };
  user = {
    name = "${name}";
    description = "${description}";
    hashedPassword = "${password}";
    openssh.authorizedKeys.keys = [$(printf ' "%s"' "${sshKeys[@]}") ];
    autoLogin = ${autoLogin};
  };
  root = {
    hashedPassword = user.hashedPassword;
    openssh.authorizedKeys.keys = user.openssh.authorizedKeys.keys;
  };
  git = {
    name = "${gitName}";
    email = "${gitEmail}";
  };
  networkmanager.profiles = {};
}
EOF

# Generate hardware-configuration.nix without filesystems as we use the disko partitoning flake.
echo
echo "Generating hardware-configuration.nix"
$sshCmd nixos-generate-config --no-filesystems --show-hardware-config | tee "$nixosDir/hardware-configuration.nix"