diff options
| author | tv <tv@krebsco.de> | 2023-06-15 15:02:48 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2023-06-15 15:02:48 +0200 |
| commit | da7133a088b74fd21dde255c24edac7facc58209 (patch) | |
| tree | b3a087bdc539b8000e7f818d2b88cccdfdd058c1 | |
initial commit
| -rw-r--r-- | README | 34 | ||||
| -rw-r--r-- | config.nix | 48 | ||||
| -rw-r--r-- | kexec.nix | 64 |
3 files changed, 146 insertions, 0 deletions
@@ -0,0 +1,34 @@ +# Install NixOS on OCI VM.Standard.E2.1.Micro + +target=INSERT_YOUR_PUBLIC_IP_HERE + +kexec_tarball=$(nix-build --no-out-link '<nixpkgs/nixos>' -A config.system.build.kexec_tarball -I nixos-config=./kexec.nix) +scp $kexec_tarball/tarball/nixos-system-x86_64-linux.tar.xz ubuntu@$target:/tmp/ + +ssh ubuntu@$target +cd / && sudo tar xf /tmp/nixos-system-x86_64-linux.tar.xz && sudo /kexec_nixos + +sed -i "/^$target /d" ~/.ssh/known_hosts +ssh root@$target + +printf '%s\n' label:gpt ,512M,U ,4G,S ,,L | sfdisk /dev/sda +mkfs.fat -F 32 -n boot /dev/sda1 +mkswap -L swap /dev/sda2 +mkfs.ext4 -L root /dev/sda3 + +mkdir -m 0000 -p /mnt && mount /dev/disk/by-label/root /mnt +mkdir -m 0000 -p /mnt/boot && mount /dev/disk/by-label/boot /mnt/boot +swapon /dev/disk/by-label/swap + +mount -o remount,size=800M /nix/.rw-store/ + +nix-channel --add https://nixos.org/channels/nixos-23.05 nixpkgs +nix-channel --update + +scp config.nix root@$target:/mnt/etc/nixos/configuration.nix + +nixos-install --no-root-passwd +shutdown -r now + +sed -i "/^$target /d" ~/.ssh/known_hosts +ssh root@$target diff --git a/config.nix b/config.nix new file mode 100644 index 0000000..5e57f59 --- /dev/null +++ b/config.nix @@ -0,0 +1,48 @@ +{ modulesPath, ... }: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = throw "insert yout hostname here"; + + boot.kernelParams = [ + "console=ttyS0" + "console=tty1" + "nvme.shutdown_timeout=10" + "libiscsi.debug_libiscsi_eh=1" + "net.ifnames=0" + ]; + + boot.initrd.kernelModules = [ + "nvme" + ]; + boot.kernelModules = [ + "kvm-amd" + ]; + + networking.useDHCP = false; + networking.interfaces.eth0.useDHCP = true; + + fileSystems."/" = { + device = "/dev/disk/by-label/root"; + fsType = "ext4"; + }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; + swapDevices = [{ + device = "/dev/disk/by-label/swap"; + }]; + + services.openssh.enable = true; + + users.users.root.openssh.authorizedKeys.keys = [ + (throw "insert your ssh key here") + ]; + + system.stateVersion = "23.05"; +} diff --git a/kexec.nix b/kexec.nix new file mode 100644 index 0000000..0487197 --- /dev/null +++ b/kexec.nix @@ -0,0 +1,64 @@ +# Based on https://gist.github.com/misuzu/89fb064a2cc09c6a75dc9833bb3995bf +{ config, lib, pkgs, ... }@attrs: { + imports = [ + # this will work only under qemu, uncomment next line for full image + # <nixpkgs/nixos/modules/installer/netboot/netboot-minimal.nix> + <nixpkgs/nixos/modules/installer/netboot/netboot.nix> + <nixpkgs/nixos/modules/profiles/qemu-guest.nix> + ]; + + # stripped down version of https://github.com/cleverca22/nix-tests/tree/master/kexec + system.build = { + image = pkgs.runCommand "image" { buildInputs = [ pkgs.nukeReferences ]; } '' + mkdir $out + cp ${config.system.build.kernel}/bzImage $out/kernel + cp ${config.system.build.netbootRamdisk}/initrd $out/initrd + nuke-refs $out/kernel + ''; + kexec_script = pkgs.writeTextFile { + executable = true; + name = "kexec-nixos"; + text = '' + #!${pkgs.stdenv.shell} + set -efu + ${pkgs.kexectools}/bin/kexec -l ${config.system.build.image}/kernel --initrd=${config.system.build.image}/initrd --append="init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}" + sync + echo "executing kernel, filesystems will be improperly umounted" >&2 + ${pkgs.kexectools}/bin/kexec -e + ''; + }; + kexec_tarball = pkgs.callPackage <nixpkgs/nixos/lib/make-system-tarball.nix> { + storeContents = [ + { + object = config.system.build.kexec_script; + symlink = "/kexec_nixos"; + } + ]; + contents = [ ]; + }; + }; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" ]; + boot.kernelParams = [ + "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues + "console=ttyS0" # enable serial console + "console=tty1" + ]; + boot.kernel.sysctl."vm.overcommit_memory" = "1"; + + environment.systemPackages = [ pkgs.cryptsetup ]; + environment.variables.GC_INITIAL_HEAP_SIZE = "1M"; + + networking.hostName = "kexec"; + + services.getty.autologinUser = "root"; + + services.openssh.enable = true; + services.openssh.settings.KbdInteractiveAuthentication = false; + services.openssh.settings.PasswordAuthentication = false; + + users.users.root.openssh.authorizedKeys.keys = + (import ./config.nix attrs).users.users.root.openssh.authorizedKeys.keys; + + system.stateVersion = "23.05"; +} |