l 4: add initscript
This commit is contained in:
parent
3759182f0c
commit
0a104ff9df
@ -7,4 +7,134 @@ rec {
|
||||
getDefaultGateway = ip:
|
||||
concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
|
||||
|
||||
initscript = { pubkey ? config.krebs.users.lass.pubkey, disk ? "/dev/sda", vgname ? "vga", luksmap ? "ca" }: ''
|
||||
#! /bin/sh
|
||||
# usage: curl xu/~tv/init | sh
|
||||
set -efu
|
||||
# TODO nix-env -f '<nixpkgs>' -iA jq # if not exists (also version)
|
||||
# install at tmp location
|
||||
|
||||
|
||||
case $(cat /proc/cmdline) in
|
||||
*' root=LABEL=NIXOS_ISO '*) :;;
|
||||
*) echo Error: unknown operating system >&2; exit 1;;
|
||||
esac
|
||||
|
||||
disk=${disk}
|
||||
|
||||
bootdev=${disk}1
|
||||
|
||||
luksdev=${disk}2
|
||||
luksmap=/dev/mapper/${luksmap}
|
||||
|
||||
vgname=${vgname}
|
||||
|
||||
rootdev=/dev/mapper/${vgname}-root
|
||||
homedev=/dev/mapper/${vgname}-home
|
||||
bkudev=/dev/mapper/${vgname}-bku
|
||||
|
||||
#
|
||||
# partitioning
|
||||
#
|
||||
|
||||
# http://en.wikipedia.org/wiki/GUID_Partition_Table
|
||||
# undo:
|
||||
# dd if=/dev/zero bs=512 count=34 of=/dev/sda
|
||||
# TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda)
|
||||
if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then
|
||||
parted "$disk" \
|
||||
mklabel gpt \
|
||||
mkpart ESP fat32 1MiB 1024MiB set 1 boot on \
|
||||
mkpart primary 1024MiB 100%
|
||||
fi
|
||||
|
||||
if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ESP; then
|
||||
echo zonk
|
||||
exit 23
|
||||
fi
|
||||
|
||||
if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then
|
||||
echo zonk2
|
||||
exit 23
|
||||
fi
|
||||
|
||||
if ! cryptsetup isLuks "$luksdev"; then
|
||||
# aes xts-plain64
|
||||
cryptsetup luksFormat "$luksdev" \
|
||||
-h sha512 \
|
||||
--iter-time 5000
|
||||
fi
|
||||
|
||||
if ! test -e "$luksmap"; then
|
||||
cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")"
|
||||
fi
|
||||
# cryptsetup close
|
||||
|
||||
if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then
|
||||
pvcreate "$luksmap"
|
||||
fi
|
||||
|
||||
if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi
|
||||
|
||||
lvchange -a y /dev/mapper/"$vgname"
|
||||
|
||||
if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi
|
||||
if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi
|
||||
if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi
|
||||
|
||||
# lvchange -a n "$vgname"
|
||||
|
||||
|
||||
#
|
||||
# formatting
|
||||
#
|
||||
|
||||
if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then
|
||||
mkfs.vfat "$bootdev"
|
||||
fi
|
||||
|
||||
if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then
|
||||
mkfs.btrfs "$rootdev"
|
||||
fi
|
||||
|
||||
if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then
|
||||
mkfs.btrfs "$homedev"
|
||||
fi
|
||||
|
||||
if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then
|
||||
mkfs.btrfs "$bkudev"
|
||||
fi
|
||||
|
||||
|
||||
if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then
|
||||
mount "$rootdev" /mnt
|
||||
fi
|
||||
if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then
|
||||
mkdir -m 0000 -p /mnt/boot
|
||||
mount "$bootdev" /mnt/boot
|
||||
fi
|
||||
if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then
|
||||
mkdir -m 0000 -p /mnt/home
|
||||
mount "$homedev" /mnt/home
|
||||
fi
|
||||
if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then
|
||||
mkdir -m 0000 -p /mnt/bku
|
||||
mount "$bkudev" /mnt/bku
|
||||
fi
|
||||
|
||||
# umount -R /mnt
|
||||
|
||||
|
||||
parted "$disk" print
|
||||
lsblk "$disk"
|
||||
|
||||
key='${pubkey}'
|
||||
if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then
|
||||
mkdir -p /root/.ssh
|
||||
echo "$key" > /root/.ssh/authorized_keys
|
||||
fi
|
||||
systemctl start sshd
|
||||
ip route
|
||||
echo READY.
|
||||
'';
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user