1be74fb9e1
- test_scm_configured.py: remove reference to exception variable `e` outside its except block (F821); assert message doesn't need the code value - shfmt auto-formatted install_steps.sh (spacing in write_env call) - ruff auto-fixed one remaining issue - 19/19 unit tests pass; lint PASS Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
26 lines
1.3 KiB
Bash
26 lines
1.3 KiB
Bash
#!/usr/bin/env bash
|
|
# Stage 1 — convert Debian 12 → NixOS via nixos-infect (pinned revision).
|
|
#
|
|
# nixos-infect generates /etc/nixos/{configuration.nix,hardware-configuration.nix,networking.nix}
|
|
# with Hetzner-correct bootloader (GRUB, not systemd-boot) and networking, then reboots into NixOS.
|
|
#
|
|
# After the reboot:
|
|
# - SSH as root is available (key registered with Hetzner survives infect)
|
|
# - Run Stage 2 per terraform/README.md: clone cc-ci + cc-ci-secrets, provision the bootstrap
|
|
# age key, then `nixos-rebuild switch --flake .#cc-ci-hetzner`
|
|
#
|
|
# Logs are written to /var/log/nixos-infect.log on the server for post-mortem inspection.
|
|
# The server reboots automatically at the end of infect — wait ~5 min before sshing in.
|
|
set -euo pipefail
|
|
|
|
# Pinned nixos-infect revision (2026-03-22: "fixes errors for non efi systems").
|
|
# Update deliberately; verify Hetzner still supported before bumping.
|
|
INFECT_SHA="40f62a680bb0e8f2f607d79abfaaecd99d59401c"
|
|
|
|
export NIX_CHANNEL="nixos-24.11"
|
|
export PROVIDER="hetzner" # tells nixos-infect to use GRUB + Hetzner networking
|
|
export NIXOS_IMPORT="" # no extra imports at infect time; we apply the real flake in Stage 2
|
|
|
|
curl -fsSL "https://raw.githubusercontent.com/elitak/nixos-infect/${INFECT_SHA}/nixos-infect" |
|
|
bash -x 2>&1 | tee /var/log/nixos-infect.log
|