l: move initscript to pkgs

lass/2configs/websites/lassulus.nix

@@ -5,7 +5,6 @@ let
   inherit (import <stockholm/lib>)
     genid
   ;
-  inherit (import ../../4lib { inherit lib; }) initscript;
 
 in {
   imports = [
@@ -102,8 +101,12 @@ in {
       fastcgi_param SCRIPT_NAME ${script};
     '';
 
-    locations."/init".extraConfig = ''
-      alias ${pkgs.writeText "init" (initscript { pubkey = config.krebs.users.lass.pubkey; })};
+    locations."/init".extraConfig = let
+      initscript = pkgs.init.override {
+        pubkey = config.krebs.users.lass.pubkey;
+      };
+    in ''
+      alias ${initscript};
     '';
 
     enableSSL = true;

lass/4lib/default.nix

@@ -7,134 +7,4 @@ rec {
   getDefaultGateway = ip:
     concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
 
-  initscript = { pubkey ? config.krebs.users.lass.pubkey, disk ? "/dev/sda", vgname ? "vga", luksmap ? "ca" }: ''
-    #! /bin/sh
-    # usage: curl xu/~tv/init | sh
-    set -efu
-    # TODO nix-env -f '<nixpkgs>' -iA jq # if not exists (also version)
-    #       install at tmp location
-
-
-    case $(cat /proc/cmdline) in
-       *' root=LABEL=NIXOS_ISO '*) :;;
-       *) echo Error: unknown operating system >&2; exit 1;;
-    esac
-
-    disk=${disk}
-
-    bootdev=${disk}1
-
-    luksdev=${disk}2
-    luksmap=/dev/mapper/${luksmap}
-
-    vgname=${vgname}
-
-    rootdev=/dev/mapper/${vgname}-root
-    homedev=/dev/mapper/${vgname}-home
-    bkudev=/dev/mapper/${vgname}-bku
-
-    #
-    # partitioning
-    #
-
-    # http://en.wikipedia.org/wiki/GUID_Partition_Table
-    # undo:
-    #   dd if=/dev/zero bs=512 count=34 of=/dev/sda
-    # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda)
-    if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then
-      parted "$disk" \
-          mklabel gpt \
-          mkpart ESP fat32 1MiB 1024MiB  set 1 boot on \
-          mkpart primary 1024MiB 100%
-    fi
-
-    if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ESP; then
-      echo zonk
-      exit 23
-    fi
-
-    if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then
-      echo zonk2
-      exit 23
-    fi
-
-    if ! cryptsetup isLuks "$luksdev"; then
-      # aes xts-plain64
-      cryptsetup luksFormat "$luksdev" \
-          -h sha512 \
-          --iter-time 5000
-    fi
-
-    if ! test -e "$luksmap"; then
-      cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")"
-    fi
-    # cryptsetup close
-
-    if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then
-      pvcreate "$luksmap"
-    fi
-
-    if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi
-
-    lvchange -a y /dev/mapper/"$vgname"
-
-    if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi
-    if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi
-    if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi
-
-    # lvchange -a n "$vgname"
-
-
-    #
-    # formatting
-    #
-
-    if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then
-      mkfs.vfat "$bootdev"
-    fi
-
-    if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then
-      mkfs.btrfs "$rootdev"
-    fi
-
-    if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then
-      mkfs.btrfs "$homedev"
-    fi
-
-    if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then
-      mkfs.btrfs "$bkudev"
-    fi
-
-
-    if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then
-      mount "$rootdev" /mnt
-    fi
-    if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then
-      mkdir -m 0000 -p /mnt/boot
-      mount "$bootdev" /mnt/boot
-    fi
-    if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then
-      mkdir -m 0000 -p /mnt/home
-      mount "$homedev" /mnt/home
-    fi
-    if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then
-      mkdir -m 0000 -p /mnt/bku
-      mount "$bkudev" /mnt/bku
-    fi
-
-    # umount -R /mnt
-
-
-    parted "$disk" print
-    lsblk "$disk"
-
-    key='${pubkey}'
-    if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then
-      mkdir -p /root/.ssh
-      echo "$key" > /root/.ssh/authorized_keys
-    fi
-    systemctl start sshd
-    ip route
-    echo READY.
-  '';
 }

lass/5pkgs/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, ... }@args:
 
 {
   nixpkgs.config.packageOverrides = rec {
@@ -11,6 +11,7 @@
       ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
       vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};
     };
+    init = pkgs.callPackage ./init/default.nix args;
     mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
     mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
     pop = pkgs.callPackage ./pop/default.nix {};

lass/5pkgs/init/default.nix

@@ -0,0 +1,134 @@
+{ pkgs, lib, pubkey ? "", disk ? "/dev/sda", vgname ? "vga", luksmap ? "ca", ... }:
+
+with lib;
+
+pkgs.writeText "init" ''
+  #! /bin/sh
+  # usage: curl xu/~tv/init | sh
+  set -efu
+  # TODO nix-env -f '<nixpkgs>' -iA jq # if not exists (also version)
+  #       install at tmp location
+
+
+  case $(cat /proc/cmdline) in
+     *' root=LABEL=NIXOS_ISO '*) :;;
+     *) echo Error: unknown operating system >&2; exit 1;;
+  esac
+
+  disk=${disk}
+
+  bootdev=${disk}1
+
+  luksdev=${disk}2
+  luksmap=/dev/mapper/${luksmap}
+
+  vgname=${vgname}
+
+  rootdev=/dev/mapper/${vgname}-root
+  homedev=/dev/mapper/${vgname}-home
+  bkudev=/dev/mapper/${vgname}-bku
+
+  #
+  # partitioning
+  #
+
+  # http://en.wikipedia.org/wiki/GUID_Partition_Table
+  # undo:
+  #   dd if=/dev/zero bs=512 count=34 of=/dev/sda
+  # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda)
+  if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then
+    parted "$disk" \
+        mklabel gpt \
+        mkpart ESP fat32 1MiB 1024MiB  set 1 boot on \
+        mkpart primary 1024MiB 100%
+  fi
+
+  if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ESP; then
+    echo zonk
+    exit 23
+  fi
+
+  if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then
+    echo zonk2
+    exit 23
+  fi
+
+  if ! cryptsetup isLuks "$luksdev"; then
+    # aes xts-plain64
+    cryptsetup luksFormat "$luksdev" \
+        -h sha512 \
+        --iter-time 5000
+  fi
+
+  if ! test -e "$luksmap"; then
+    cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")"
+  fi
+  # cryptsetup close
+
+  if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then
+    pvcreate "$luksmap"
+  fi
+
+  if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi
+
+  lvchange -a y /dev/mapper/"$vgname"
+
+  if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi
+  if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi
+  if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi
+
+  # lvchange -a n "$vgname"
+
+
+  #
+  # formatting
+  #
+
+  if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then
+    mkfs.vfat "$bootdev"
+  fi
+
+  if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then
+    mkfs.btrfs "$rootdev"
+  fi
+
+  if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then
+    mkfs.btrfs "$homedev"
+  fi
+
+  if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then
+    mkfs.btrfs "$bkudev"
+  fi
+
+
+  if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then
+    mount "$rootdev" /mnt
+  fi
+  if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then
+    mkdir -m 0000 -p /mnt/boot
+    mount "$bootdev" /mnt/boot
+  fi
+  if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then
+    mkdir -m 0000 -p /mnt/home
+    mount "$homedev" /mnt/home
+  fi
+  if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then
+    mkdir -m 0000 -p /mnt/bku
+    mount "$bkudev" /mnt/bku
+  fi
+
+  # umount -R /mnt
+
+
+  parted "$disk" print
+  lsblk "$disk"
+
+  key='${pubkey}'
+  if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then
+    mkdir -p /root/.ssh
+    echo "$key" > /root/.ssh/authorized_keys
+  fi
+  systemctl start sshd
+  ip route
+  echo READY.
+''