l hilum.r: create with disko, add script

lass/1systems/hilum/disk.nix

@@ -0,0 +1,53 @@
+{ lib, disk, ... }:
+{
+  disk = {
+    main = {
+      type = "disk";
+      device = disk;
+      content = {
+        type = "table";
+        format = "gpt";
+        partitions = [
+          {
+            name = "boot";
+            type = "partition";
+            start = "0";
+            end = "1M";
+            part-type = "primary";
+            flags = ["bios_grub"];
+          }
+          {
+            type = "partition";
+            name = "ESP";
+            start = "1MiB";
+            end = "50%";
+            fs-type = "fat32";
+            bootable = true;
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          }
+          {
+            name = "root";
+            type = "partition";
+            start = "50%";
+            end = "100%";
+            content = {
+              type = "luks";
+              name = "hilum_luks";
+              # keyFile = "/tmp/secret.key";
+              content = {
+                type = "filesystem";
+                format = "xfs";
+                mountpoint = "/";
+              };
+            };
+          }
+        ];
+      };
+    };
+  };
+}
+

lass/1systems/hilum/flash-stick.sh

@@ -0,0 +1,27 @@
+#!/bin/sh
+set -efux
+
+disk=$1
+
+export NIXPKGS_ALLOW_UNFREE=1
+stockholm_root=$(git rev-parse --show-toplevel)
+ssh root@localhost -t -- $(nix-build \
+  --no-out-link \
+  -I nixpkgs=/var/src/nixpkgs \
+  -I stockholm="$stockholm_root" \
+  -I secrets="$stockholm_root"/lass/2configs/tests/dummy-secrets \
+  -E "with import <nixpkgs> {}; (pkgs.nixos [ { mainDisk = \"$disk\"; disko.rootMountPoint = \"/mnt/hilum\"; } ./physical.nix ]).mountScript"
+)
+$(nix-build \
+  --no-out-link \
+  -I nixpkgs=/var/src/nixpkgs \
+  "$stockholm_root"/lass/krops.nix -A populate \
+  --argstr name hilum \
+  --argstr target "root@localhost/mnt/hilum/var/src" \
+  --arg force true
+)
+ssh root@localhost << SSH
+nixos-install --no-root-password --root /mnt/hilum -I /var/src
+nixos-enter --root /mnt/hilum -- nixos-rebuild -I /var/src switch --install-bootloader
+umount -Rv /mnt/hilum
+SSH

lass/1systems/hilum/physical.nix

@@ -1,11 +1,24 @@
-{ lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 {
   imports = [
     ./config.nix
     <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    {
+      # nice hack to carry around state passed impurely at the beginning
+      options.mainDisk = lib.mkOption {
+        type = lib.types.str;
+        default = builtins.readFile "/etc/hilum-disk";
+      };
+      config.environment.etc.hilum-disk.text = config.mainDisk;
+    }
   ];
 
+  disko.devices = import ./disk.nix {
+    inherit lib;
+    disk = config.mainDisk;
+  };
+
   boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
   boot.initrd.kernelModules = [ "dm-snapshot" ];
   boot.kernelModules = [ "kvm-intel" ];
@@ -13,21 +26,9 @@
 
   boot.loader.grub.enable = true;
   boot.loader.grub.efiSupport = true;
-  boot.loader.grub.device = "/dev/disk/by-id/usb-General_USB_Flash_Disk_0374116060006128-0:0";
+  boot.loader.grub.device = config.mainDisk;
   boot.loader.grub.efiInstallAsRemovable = true;
 
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/6db29cdd-ff64-496d-b541-5f1616665dc2";
-      fsType = "ext4";
-    };
-
-  boot.initrd.luks.devices."usb_nix".device = "/dev/disk/by-uuid/3c8ab3af-57fb-4564-9e27-b2766404f5d4";
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/2B9E-5131";
-      fsType = "vfat";
-    };
-
   swapDevices = [ ];
 
   nix.maxJobs = lib.mkDefault 4;