l hilum.r: create with disko, add script

This commit is contained in:
lassulus 2023-01-26 16:14:47 +01:00
parent 18efc15b2a
commit 2b01c33282
3 changed files with 95 additions and 14 deletions

View File

@ -0,0 +1,53 @@
{ lib, disk, ... }:
{
disk = {
main = {
type = "disk";
device = disk;
content = {
type = "table";
format = "gpt";
partitions = [
{
name = "boot";
type = "partition";
start = "0";
end = "1M";
part-type = "primary";
flags = ["bios_grub"];
}
{
type = "partition";
name = "ESP";
start = "1MiB";
end = "50%";
fs-type = "fat32";
bootable = true;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
}
{
name = "root";
type = "partition";
start = "50%";
end = "100%";
content = {
type = "luks";
name = "hilum_luks";
# keyFile = "/tmp/secret.key";
content = {
type = "filesystem";
format = "xfs";
mountpoint = "/";
};
};
}
];
};
};
};
}

View File

@ -0,0 +1,27 @@
#!/bin/sh
set -efux
disk=$1
export NIXPKGS_ALLOW_UNFREE=1
stockholm_root=$(git rev-parse --show-toplevel)
ssh root@localhost -t -- $(nix-build \
--no-out-link \
-I nixpkgs=/var/src/nixpkgs \
-I stockholm="$stockholm_root" \
-I secrets="$stockholm_root"/lass/2configs/tests/dummy-secrets \
-E "with import <nixpkgs> {}; (pkgs.nixos [ { mainDisk = \"$disk\"; disko.rootMountPoint = \"/mnt/hilum\"; } ./physical.nix ]).mountScript"
)
$(nix-build \
--no-out-link \
-I nixpkgs=/var/src/nixpkgs \
"$stockholm_root"/lass/krops.nix -A populate \
--argstr name hilum \
--argstr target "root@localhost/mnt/hilum/var/src" \
--arg force true
)
ssh root@localhost << SSH
nixos-install --no-root-password --root /mnt/hilum -I /var/src
nixos-enter --root /mnt/hilum -- nixos-rebuild -I /var/src switch --install-bootloader
umount -Rv /mnt/hilum
SSH

View File

@ -1,11 +1,24 @@
{ lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = [ imports = [
./config.nix ./config.nix
<nixpkgs/nixos/modules/installer/scan/not-detected.nix> <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
{
# nice hack to carry around state passed impurely at the beginning
options.mainDisk = lib.mkOption {
type = lib.types.str;
default = builtins.readFile "/etc/hilum-disk";
};
config.environment.etc.hilum-disk.text = config.mainDisk;
}
]; ];
disko.devices = import ./disk.nix {
inherit lib;
disk = config.mainDisk;
};
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
@ -13,21 +26,9 @@
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.efiSupport = true; boot.loader.grub.efiSupport = true;
boot.loader.grub.device = "/dev/disk/by-id/usb-General_USB_Flash_Disk_0374116060006128-0:0"; boot.loader.grub.device = config.mainDisk;
boot.loader.grub.efiInstallAsRemovable = true; boot.loader.grub.efiInstallAsRemovable = true;
fileSystems."/" =
{ device = "/dev/disk/by-uuid/6db29cdd-ff64-496d-b541-5f1616665dc2";
fsType = "ext4";
};
boot.initrd.luks.devices."usb_nix".device = "/dev/disk/by-uuid/3c8ab3af-57fb-4564-9e27-b2766404f5d4";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/2B9E-5131";
fsType = "vfat";
};
swapDevices = [ ]; swapDevices = [ ];
nix.maxJobs = lib.mkDefault 4; nix.maxJobs = lib.mkDefault 4;