summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-10-27 19:32:48 +0200
committertv <tv@krebsco.de>2016-10-27 19:32:48 +0200
commitc69d8b169f6a4bfc35a7d6906ebc062e76197528 (patch)
treef4d048a8b6b332fb00a0f9a2d37f2d157e3b06f1
-rw-r--r--.gitignore1
-rw-r--r--.rsync-filter4
-rw-r--r--Makefile32
-rw-r--r--README17
-rw-r--r--base.nix60
-rw-r--r--default.nix55
-rw-r--r--install.nix40
-rwxr-xr-xlocal-upload-iso17
8 files changed, 226 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1fe19f6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/keys
diff --git a/.rsync-filter b/.rsync-filter
new file mode 100644
index 0000000..0c858e9
--- /dev/null
+++ b/.rsync-filter
@@ -0,0 +1,4 @@
++ /*.nix
+- /*
+- /.git
+- /.graveyard
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..6b86d4d
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,32 @@
+default: fantasy
+
+serverId := 45474
+
+
+deploy upload-iso: target := root@ni.i
+format mount install: target := root@188.68.36.196
+populate: target ?= root@ni.i
+
+deploy install upload-iso: populate
+
+deploy:
+ ssh "$(target)" nixos-rebuild switch -I /root/config
+
+install:
+ ssh "$(target)" env NIXOS_CONFIG=/root/config/nixos-config \
+ nixos-install -I /root/config
+
+format mount upload-iso: populate
+ ssh "$(target)" ni-$@
+
+populate:
+ rsync -Flprtvz --delete-excluded keys/ $(target):/root/keys
+ rsync -Flprtvz --delete-excluded ./ $(target):/root/config/nixos-config
+ rsync -Flprtvz --delete-excluded ~/stockholm/ $(target):/root/config/stockholm
+ rsync -Flprtvz --delete-excluded --exclude /.git /var/src/nixpkgs/ $(target):/root/config/nixpkgs
+
+kvm-info:
+ umask 0077; vcp kvmInformation $(serverId) > keys/kvm-info.json
+ jq -r '.ftp | "machine \(.host) login \(.user) password \(.pass)"' \
+ < keys/kvm-info.json \
+ > keys/upload-iso.netrc
diff --git a/README b/README
new file mode 100644
index 0000000..e3fa356
--- /dev/null
+++ b/README
@@ -0,0 +1,17 @@
+2016-10-24 installation
+
+ vcp login
+
+ make kvm-info
+ ./local-upload-iso
+
+ vcp attachCdrom 45474 ni-install.iso
+ vcp setBootOrder 45474 cdrom,hd
+ vcp controlAction RESET
+
+ make format
+ make mount
+ make install
+
+ vcp detachCdrom 45474
+ vcp controlAction RESET
diff --git a/base.nix b/base.nix
new file mode 100644
index 0000000..0db539a
--- /dev/null
+++ b/base.nix
@@ -0,0 +1,60 @@
+{ config, lib, pkgs, ... }:
+{
+ options = {
+ ni-disk = lib.mkOption {
+ default = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
+ };
+ ni-key-path = lib.mkOption {
+ # TODO type = types.absolute-path
+ default = "/root/keys";
+ };
+ ni-nix-path = lib.mkOption {
+ # TODO type = types.absolute-path
+ default = "/root/config";
+ };
+ };
+ config = {
+ boot.initrd.availableKernelModules = [
+ "virtio_balloon"
+ "virtio_blk"
+ "virtio_console"
+ "virtio_net"
+ "virtio_pci"
+ "virtio_scsi"
+ ];
+ users.users.root.openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu"
+ ];
+
+ #
+ # XXX following stuff is not necessary for install
+ # XXX but there's stuff that will reduce it's size
+ #
+ environment.systemPackages = [
+ pkgs.rsync
+ pkgs.rxvt_unicode.terminfo
+ ];
+ boot.kernel.sysctl = {
+ "net.ipv6.conf.all.use_tempaddr" = 2;
+ "net.ipv6.conf.default.use_tempaddr" = 2;
+ };
+ environment.noXlibs = true;
+ environment.profileRelativeEnvVars.PATH = lib.mkForce [ "/bin" ];
+ i18n.defaultLocale = "en_US.UTF-8";
+ i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" ];
+ nix.binaryCaches = [ "https://cache.nixos.org" ];
+ nix.requireSignedBinaryCaches = true;
+ #nix.sandboxPaths = [ "/etc/protocols" pkgs.iana_etc.outPath ];
+ nix.useSandbox = true;
+ programs.info.enable = false;
+ programs.man.enable = false;
+ security.hideProcessInformation = true;
+ services.nixosManual.enable = false;
+ services.nscd.enable = false;
+ services.ntp.enable = false;
+ services.openssh.enable = true;
+ services.udisks2.enable = false;
+ sound.enable = false;
+ users.mutableUsers = false;
+ };
+}
diff --git a/default.nix b/default.nix
new file mode 100644
index 0000000..b582d8e
--- /dev/null
+++ b/default.nix
@@ -0,0 +1,55 @@
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ <stockholm/krebs/5pkgs>
+ <stockholm/tv/3modules/iptables.nix>
+ <stockholm/tv/5pkgs>
+ ./base.nix
+ ];
+
+ boot.loader.grub.devices = [ config.ni-disk ];
+ boot.loader.grub.splashImage = null;
+
+ environment.systemPackages = [
+ pkgs.htop
+ pkgs.iptables
+ (pkgs.writeDashBin "ni-upload-iso" ''
+ export NIX_PATH=${config.ni-nix-path}
+ set -efux
+ ${pkgs.nix}/bin/nix-build \
+ -A config.system.build.isoImage \
+ -I nixos-config=${config.ni-nix-path}/nixos-config/install.nix \
+ -o ${config.ni-nix-path}/isoImage \
+ ${config.ni-nix-path}/nixpkgs/nixos
+ ftpHost=$(${pkgs.jq}/bin/jq -r .ftp.host ${config.ni-key-path}/kvm-info.json); \
+ ${pkgs.curl}/bin/curl -n --netrc-file ${config.ni-key-path}/upload-iso.netrc \
+ -T ${config.ni-nix-path}/isoImage/iso/ni-install.iso \
+ "ftp://$ftpHost/cdrom/ni-install.iso"
+ '')
+ ];
+
+ fileSystems = {
+ "/" = {
+ device = "${config.ni-disk}-part1";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ };
+
+ networking.hostName = "ni";
+
+ services.timesyncd.enable = true;
+
+ services.openssh = {
+ enable = true;
+ hostKeys = lib.singleton ({
+ type = "ed25519";
+ path = "${config.ni-key-path}/ssh.id_ed25519";
+ });
+ };
+
+ tv.iptables.enable = true;
+ tv.iptables.accept-echo-request = "internet";
+ tv.iptables.input-internet-accept-tcp = [ "ssh" ];
+}
diff --git a/install.nix b/install.nix
new file mode 100644
index 0000000..3217cb5
--- /dev/null
+++ b/install.nix
@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ <nixpkgs/nixos/modules/installer/cd-dvd/iso-image.nix>
+ <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
+ <stockholm/krebs/5pkgs>
+ ./base.nix
+ ];
+
+ environment.systemPackages = [
+ (pkgs.writeDashBin "ni-format" ''
+ set -efux
+ ${pkgs.parted}/bin/parted ${config.ni-disk} mktable msdos
+ ${pkgs.parted}/bin/parted ${config.ni-disk} mkpart primary 1MiB 100%
+ ${pkgs.parted}/bin/parted ${config.ni-disk} print
+ ${pkgs.btrfs-progs}/bin/mkfs.btrfs ${config.ni-disk}-part1
+ '')
+
+ (pkgs.writeDashBin "ni-mount" ''
+ set -efux
+ if ! ${pkgs.utillinux}/bin/mountpoint /mnt; then
+ ${pkgs.coreutils}/bin/install -m 0000 -d /mnt
+ ${pkgs.utillinux}/bin/mount ${config.ni-disk}-part1 /mnt
+ fi
+ if ! ${pkgs.utillinux}/bin/mountpoint ${config.ni-path}; then
+ ${pkgs.coreutils}/bin/install -m 0700 -d /mnt${config.ni-path}
+ ${pkgs.coreutils}/bin/install -m 0000 -d ${config.ni-path}
+ ${pkgs.utillinux}/bin/mount --bind /mnt${config.ni-path} ${config.ni-path}
+ ${pkgs.coreutils}/bin/touch /mnt/${config.ni-path}/.populate
+ fi
+ '')
+
+ # TODO ni-upload-iso
+ ];
+
+ isoImage.isoName = "ni-install.iso";
+ isoImage.volumeID = "NI_INSTALL_ISO";
+ networking.hostName = "ni-install";
+}
diff --git a/local-upload-iso b/local-upload-iso
new file mode 100755
index 0000000..26c2358
--- /dev/null
+++ b/local-upload-iso
@@ -0,0 +1,17 @@
+#! /bin/sh
+# XXX DRY, see default.nix's ni-upload-iso
+
+keys=$PWD/keys
+nixos_config=$PWD
+nixpkgs=/var/src/nixpkgs
+
+set -efux
+isoImage=$(nix-build \
+ -A config.system.build.isoImage \
+ -I nixos-config="$nixos_config/install.nix" \
+ --no-out-link \
+ "$nixpkgs"/nixos); \
+ftpHost=$(jq -r .ftp.host "$keys/kvm-info.json"); \
+curl -n --netrc-file "$keys/upload-iso.netrc" \
+ -T $isoImage/iso/ni-install.iso \
+ "ftp://$ftpHost/cdrom/ni-install.iso"