From cf3c5ef1f54820c8d713391f3f3eb1197f345b77 Mon Sep 17 00:00:00 2001
From: Jet <jet@extremist.software>
Date: Sat, 21 Mar 2026 01:42:35 -0700
Subject: [PATCH] fix: repaire the flash-pi-sd to use bootstrap age

---
 flake.nix | 39 +++++++++++++++++++++++++++++----------
 1 file changed, 29 insertions(+), 10 deletions(-)

diff --git a/flake.nix b/flake.nix
index 8880ef1..cc2afa3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -105,6 +105,7 @@
           agenix.packages.${system}.default
           pkgs.coreutils
           pkgs.nix
+          pkgs.parted
           pkgs.systemd
           pkgs.util-linux
           pkgs.zstd
@@ -112,6 +113,14 @@
         text = ''
           set -euo pipefail
 
+          PARTPROBE=${pkgs.parted}/bin/partprobe
+          MOUNT=${pkgs.util-linux}/bin/mount
+          UMOUNT=${pkgs.util-linux}/bin/umount
+          MOUNTPOINT=${pkgs.util-linux}/bin/mountpoint
+          FINDMNT=${pkgs.util-linux}/bin/findmnt
+          UDEVADM=${pkgs.systemd}/bin/udevadm
+          ZSTD=${pkgs.zstd}/bin/zstd
+
           if [ "$#" -ne 1 ]; then
             echo "usage: flash-pi-sd /dev/sdX" >&2
             exit 1
@@ -121,12 +130,13 @@
           flake_path=${builtins.toString ./.}
           image_link="$(mktemp -u /tmp/noisebell-sd-image.XXXXXX)"
           mount_dir="$(mktemp -d)"
-          key_file="${builtins.toString ./secrets/bootstrap-identity.age}"
+          secrets_dir="${builtins.toString ./secrets}"
+          key_name="bootstrap-identity.age"
           rules_file="${builtins.toString ./secrets/secrets.nix}"
 
           cleanup() {
-            if mountpoint -q "$mount_dir"; then
-              sudo umount "$mount_dir"
+            if "$MOUNTPOINT" -q "$mount_dir"; then
+              sudo "$UMOUNT" "$mount_dir"
             fi
             rm -rf "$mount_dir"
             rm -f "$image_link"
@@ -154,22 +164,25 @@
 
           echo "Flashing $image to $device..."
           if [ "''${image##*.}" = "zst" ]; then
-            zstd -d --stdout "$image" | sudo dd of="$device" bs=4M conv=fsync status=progress
+            "$ZSTD" -d --stdout "$image" | sudo dd of="$device" bs=4M conv=fsync status=progress
           else
             sudo dd if="$image" of="$device" bs=4M conv=fsync status=progress
           fi
           sync
 
-          sudo partprobe "$device"
-          sudo udevadm settle
+          sudo "$PARTPROBE" "$device"
+          sudo "$UDEVADM" settle
 
-          if findmnt -rn "$boot_part" >/dev/null 2>&1; then
-            sudo umount "$boot_part"
+          if "$FINDMNT" -rn "$boot_part" >/dev/null 2>&1; then
+            sudo "$UMOUNT" "$boot_part"
           fi
 
           echo "Installing bootstrap age identity onto $boot_part..."
-          sudo mount "$boot_part" "$mount_dir"
-          RULES="$rules_file" agenix -d "$key_file" | sudo tee "$mount_dir/noisebell-bootstrap.agekey" >/dev/null
+          sudo "$MOUNT" "$boot_part" "$mount_dir"
+          (
+            cd "$secrets_dir"
+            RULES="$rules_file" agenix -d "$key_name"
+          ) | sudo tee "$mount_dir/noisebell-bootstrap.agekey" >/dev/null
           sudo chmod 600 "$mount_dir/noisebell-bootstrap.agekey"
           sync
 
@@ -226,7 +239,13 @@
 
       devShells.${system}.default = craneLib.devShell {
         packages = [
+          flash-pi-sd
+          pkgs.nix
+          pkgs.parted
           pkgs.rust-analyzer
+          pkgs.systemd
+          pkgs.util-linux
+          pkgs.zstd
           agenix.packages.${system}.default
         ];
       };