ma iso.r: cleanup

This commit is contained in:
makefu 2022-05-30 12:57:12 +02:00
parent 12436ad8be
commit cdc73d611e
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
3 changed files with 26 additions and 24 deletions

View File

@ -9,17 +9,22 @@ with import <stockholm/lib>;
# <stockholm/makefu/2configs/tools/core.nix> # <stockholm/makefu/2configs/tools/core.nix>
./justdoit.nix ./justdoit.nix
{ {
environment.systemPackages = [ (pkgs.writeScriptBin "network-setup" ''
#!/bin/sh
ip addr add 178.254.30.202/255.255.252.0 dev ens3
ip route add default via 178.254.28.1
echo nameserver 1.1.1.1 > /etc/resolv.conf
'')];
kexec.justdoit = { kexec.justdoit = {
# bootSize = 512; bootSize = 512;
rootDevice = "/dev/sdb"; rootDevice = "/dev/vda";
swapSize = 1024;
bootType = "vfat"; bootType = "vfat";
luksEncrypt = true; luksEncrypt = false;
uefi = true; uefi = false;
}; };
} }
]; ];
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; # boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
# cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso/config.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso/config.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
#krebs.build.host = { cores = 0; }; #krebs.build.host = { cores = 0; };
@ -33,7 +38,6 @@ with import <stockholm/lib>;
EDITOR=vim EDITOR=vim
''; '';
# iso-specific # iso-specific
boot.kernelParams = [ "copytoram" ];
services.openssh = { services.openssh = {
enable = true; enable = true;
hostKeys = [ hostKeys = [

View File

@ -67,29 +67,22 @@ in {
unit: sectors unit: sectors
${lib.optionalString (cfg.bootType != "zfs") "1 : size=${toString (2048 * cfg.bootSize)}, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4"} ${lib.optionalString (cfg.bootType != "zfs") "1 : size=${toString (2048 * cfg.bootSize)}, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4"}
${lib.optionalString (! cfg.uefi) "4 : size=4096, type=21686148-6449-6E6F-744E-656564454649"} ${lib.optionalString (! cfg.uefi) "4 : size=4096, type=21686148-6449-6E6F-744E-656564454649"}
2 : size=${toString (2048 * cfg.swapSize)}, type=0657FD6D-A4AB-43C4-84E5-0933C84B4F4F 2 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
3 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
EOF EOF
${if cfg.luksEncrypt then '' ${if cfg.luksEncrypt then ''
cryptsetup luksFormat ${cfg.rootDevice}${x}2 cryptsetup luksFormat ${cfg.rootDevice}${x}2
cryptsetup open --type luks ${cfg.rootDevice}${x}2 swap cryptsetup open --type luks ${cfg.rootDevice}${x}2 root
cryptsetup luksFormat ${cfg.rootDevice}${x}3
cryptsetup open --type luks ${cfg.rootDevice}${x}3 root
export ROOT_DEVICE=/dev/mapper/root export ROOT_DEVICE=/dev/mapper/root
export SWAP_DEVICE=/dev/mapper/swap
'' else '' '' else ''
export ROOT_DEVICE=${cfg.rootDevice}${x}3 export ROOT_DEVICE=${cfg.rootDevice}${x}2
export SWAP_DEVICE=${cfg.rootDevice}${x}2
''} ''}
${lib.optionalString (cfg.bootType != "zfs") "export NIXOS_BOOT=${cfg.rootDevice}${x}1"} ${lib.optionalString (cfg.bootType != "zfs") "export NIXOS_BOOT=${cfg.rootDevice}${x}1"}
mkdir -p /mnt mkdir -p /mnt
${mkBootTable.${cfg.bootType}} ${mkBootTable.${cfg.bootType}}
mkswap $SWAP_DEVICE -L NIXOS_SWAP
zpool create -o ashift=12 -o altroot=/mnt ${cfg.poolName} $ROOT_DEVICE zpool create -o ashift=12 -o altroot=/mnt ${cfg.poolName} $ROOT_DEVICE
zfs create -o mountpoint=legacy ${cfg.poolName}/root zfs create -o mountpoint=legacy ${cfg.poolName}/root
zfs create -o mountpoint=legacy ${cfg.poolName}/home zfs create -o mountpoint=legacy ${cfg.poolName}/home
zfs create -o mountpoint=legacy ${cfg.poolName}/nix zfs create -o mountpoint=legacy ${cfg.poolName}/nix
swapon $SWAP_DEVICE
mount -t zfs ${cfg.poolName}/root /mnt/ mount -t zfs ${cfg.poolName}/root /mnt/
mkdir /mnt/{home,nix,boot} mkdir /mnt/{home,nix,boot}
mount -t zfs ${cfg.poolName}/home /mnt/home/ mount -t zfs ${cfg.poolName}/home /mnt/home/
@ -111,8 +104,7 @@ in {
networking.hostId = "$hostId"; # required for zfs use networking.hostId = "$hostId"; # required for zfs use
${lib.optionalString cfg.luksEncrypt '' ${lib.optionalString cfg.luksEncrypt ''
boot.initrd.luks.devices = [ boot.initrd.luks.devices = [
{ name = "swap"; device = "${cfg.rootDevice}${x}2"; preLVM = true; } { name = "root"; device = "${cfg.rootDevice}${x}2"; preLVM = true; }
{ name = "root"; device = "${cfg.rootDevice}${x}3"; preLVM = true; }
]; ];
''} ''}
} }
@ -120,9 +112,9 @@ in {
nixos-install nixos-install
umount /mnt/home /mnt/nix ${lib.optionalString (cfg.bootType != "zfs") "/mnt/boot"} /mnt umount /mnt/home /mnt/nix ${lib.optionalString (cfg.bootType != "zfs") "/mnt/boot"} /mnt
zpool export ${cfg.poolName} zpool export ${cfg.poolName}
swapoff $SWAP_DEVICE
''; '';
environment.systemPackages = [ config.system.build.justdoit ]; environment.systemPackages = [ config.system.build.justdoit ];
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb" ];
}; };
} }

View File

@ -1,12 +1,12 @@
{ lib, ... }: { pkgs, lib, ... }:
{ {
imports = [ ./hardware-configuration.nix ./generated.nix ]; imports = [ ./hardware-configuration.nix ./generated.nix ];
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.version = 2; boot.loader.grub.version = 2;
boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
boot.zfs.forceImportRoot = false; #boot.zfs.forceImportRoot = false;
boot.zfs.forceImportAll = false; #boot.zfs.forceImportAll = false;
boot.kernelParams = [ boot.kernelParams = [
"boot.shell_on_fail" "boot.shell_on_fail"
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
@ -18,8 +18,15 @@
SystemMaxUse=1G SystemMaxUse=1G
RuntimeMaxUse=128M RuntimeMaxUse=128M
''; '';
environment.systemPackages = [ (pkgs.writeScriptBin "network-setup" ''
#!/bin/sh
ip addr add 178.254.30.202/255.255.252.0 dev ens3
ip route add default via 178.254.28.1
echo nameserver 1.1.1.1 > /etc/resolv.conf
'')];
# minimal # minimal
boot.supportedFilesystems = [ "zfs" ];
programs.command-not-found.enable = false; programs.command-not-found.enable = false;
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
programs.ssh.startAgent = false; programs.ssh.startAgent = false;
@ -36,5 +43,4 @@
"net.ipv6.conf.all.use_tempaddr" = lib.mkDefault "2"; "net.ipv6.conf.all.use_tempaddr" = lib.mkDefault "2";
"net.ipv6.conf.default.use_tempaddr" = lib.mkDefault "2"; "net.ipv6.conf.default.use_tempaddr" = lib.mkDefault "2";
}; };
services.nscd.enable = false;
} }