update helper script

template/README.md

@@ -39,11 +39,11 @@ nix --extra-experimental-features nix-command --extra-experimental-features flak
   run github:numtide/nixos-anywhere -- --flake '.#mysystem' -p 22 root@192.168.178.106
 ```
 
-To install on remote target machine **and** print the SSH fingerprint of the new system:
+To install on remote target machine **and** print the SSH fingerprint of the new system. If no encrypted disks are set up, the disk password can be left empty:
 
 ```shell
 # yodaHP
-./install-with-ssh-fingerprint.sh 22 root@192.168.178.106
+./install-helper.sh 22 root@192.168.178.106
 ```
 
 ## Updating dependencies

template/flake.nix

@@ -25,8 +25,8 @@
         ./hardware-configs/yodaHP.nix
 
         # Select disko disk layout configuration.
-        ./disk-configs/simple-efi.nix
-        #./disk-configs/zfs.nix
+        #./disk-configs/simple-efi.nix
+        ./disk-configs/luks-btrfs.nix
         #./disk-configs/luks-lvm.nix
 
         # Change device name match your block device.

template/install-helper.sh

@@ -6,21 +6,59 @@ set -e
 #
 
 cleanup() {
+  printf '%s\n' 'Cleanup on exit.'
+  if [ -d "${temp}" ]; then
     printf '%s\n' 'Deleting local copy of SSH ed25519 key ...'
     rm -rf "${temp}"
+  fi
+  if [ -d "${pwd_temp}" ]; then
+    printf '%s\n' 'Deleting local copy of disk encryption password ...'
+    rm -rf "${pwd_temp}"
+  fi
 }
 
 gen_ssh_key() {
   # Create a temporary directory.
   temp="$(mktemp -d)"
-  # Cleanup temporary directory on exit.
-  trap cleanup EXIT
 
   # Create the directory where sshd expects to find the host keys.
   install -d -m755 "${temp}/etc/ssh"
   # Generate host key.
   ssh-keygen -t ed25519 -f "${temp}/etc/ssh/ssh_host_ed25519_key" -q -N ""
 }
+ssh_fingerprint() {
+  printf '%s\n' 'SSH ed25519 fingerprint:'
+  ssh-keygen -lf "${temp}/etc/ssh/ssh_host_ed25519_key"
+}
+
+save_pwd() {
+  # Create a temporary directory.
+  pwd_temp="$(mktemp -d)"
+
+  # Get password from user without echoing.
+  # https://stackoverflow.com/a/3980713
+  stty -echo
+  printf "Disk encryption password: "
+  read -r password
+  stty echo
+  printf "\n"
+
+  stty -echo
+  printf "Retype disk encryption password: "
+  read -r password2
+  stty echo
+  printf "\n"
+
+  if [ "${password}" != "${password2}" ]; then
+    printf '%s\n' 'Passwords don'\''t match!'
+    return 1
+  fi
+
+  # Create password-file.
+  install -m600 /dev/stdin "${pwd_temp}/pwd.key" << EOF
+${password}
+EOF
+}
 
 main(){
   num_args=2
@@ -37,13 +75,23 @@ main(){
   ssh_port="${1}"
   ssh_target="${2}"
 
-  printf '%s\n' 'Generating SSH ed25519 key ...'
+  # Cleanup temporary directories on exit.
+  trap cleanup EXIT
+
   gen_ssh_key
-  printf '%s\n' 'SSH ed25519 fingerprint:'
-  ssh-keygen -lf "${temp}/etc/ssh/ssh_host_ed25519_key"
+  save_pwd
+
+#  echo "$temp"
+#  echo "$pwd_temp"
+#  echo "Press enter start the installation:"
+#  read -r _foo
 
   # Install NixOS to the target machine with our secrets.
   nix --extra-experimental-features nix-command --extra-experimental-features flakes \
-    run github:numtide/nixos-anywhere -- --extra-files "${temp}" --flake '.#mysystem' -p "${ssh_port}" "${ssh_target}"
+    run github:numtide/nixos-anywhere -- --extra-files "${temp}" \
+    --disk-encryption-keys /tmp/secret.key "${pwd_temp}/pwd.key" --flake '.#mysystem' \
+    -p "${ssh_port}" "${ssh_target}"
+
+  ssh_fingerprint
 }
 main "$@"