From c69d8b169f6a4bfc35a7d6906ebc062e76197528 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 27 Oct 2016 19:32:48 +0200 Subject: init --- .gitignore | 1 + .rsync-filter | 4 ++++ Makefile | 32 ++++++++++++++++++++++++++++++ README | 17 ++++++++++++++++ base.nix | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ default.nix | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++ install.nix | 40 +++++++++++++++++++++++++++++++++++++ local-upload-iso | 17 ++++++++++++++++ 8 files changed, 226 insertions(+) create mode 100644 .gitignore create mode 100644 .rsync-filter create mode 100644 Makefile create mode 100644 README create mode 100644 base.nix create mode 100644 default.nix create mode 100644 install.nix create mode 100755 local-upload-iso diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1fe19f6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/keys diff --git a/.rsync-filter b/.rsync-filter new file mode 100644 index 0000000..0c858e9 --- /dev/null +++ b/.rsync-filter @@ -0,0 +1,4 @@ ++ /*.nix +- /* +- /.git +- /.graveyard diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..6b86d4d --- /dev/null +++ b/Makefile @@ -0,0 +1,32 @@ +default: fantasy + +serverId := 45474 + + +deploy upload-iso: target := root@ni.i +format mount install: target := root@188.68.36.196 +populate: target ?= root@ni.i + +deploy install upload-iso: populate + +deploy: + ssh "$(target)" nixos-rebuild switch -I /root/config + +install: + ssh "$(target)" env NIXOS_CONFIG=/root/config/nixos-config \ + nixos-install -I /root/config + +format mount upload-iso: populate + ssh "$(target)" ni-$@ + +populate: + rsync -Flprtvz --delete-excluded keys/ $(target):/root/keys + rsync -Flprtvz --delete-excluded ./ $(target):/root/config/nixos-config + rsync -Flprtvz --delete-excluded ~/stockholm/ $(target):/root/config/stockholm + rsync -Flprtvz --delete-excluded --exclude /.git /var/src/nixpkgs/ $(target):/root/config/nixpkgs + +kvm-info: + umask 0077; vcp kvmInformation $(serverId) > keys/kvm-info.json + jq -r '.ftp | "machine \(.host) login \(.user) password \(.pass)"' \ + < keys/kvm-info.json \ + > keys/upload-iso.netrc diff --git a/README b/README new file mode 100644 index 0000000..e3fa356 --- /dev/null +++ b/README @@ -0,0 +1,17 @@ +2016-10-24 installation + + vcp login + + make kvm-info + ./local-upload-iso + + vcp attachCdrom 45474 ni-install.iso + vcp setBootOrder 45474 cdrom,hd + vcp controlAction RESET + + make format + make mount + make install + + vcp detachCdrom 45474 + vcp controlAction RESET diff --git a/base.nix b/base.nix new file mode 100644 index 0000000..0db539a --- /dev/null +++ b/base.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: +{ + options = { + ni-disk = lib.mkOption { + default = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; + }; + ni-key-path = lib.mkOption { + # TODO type = types.absolute-path + default = "/root/keys"; + }; + ni-nix-path = lib.mkOption { + # TODO type = types.absolute-path + default = "/root/config"; + }; + }; + config = { + boot.initrd.availableKernelModules = [ + "virtio_balloon" + "virtio_blk" + "virtio_console" + "virtio_net" + "virtio_pci" + "virtio_scsi" + ]; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu" + ]; + + # + # XXX following stuff is not necessary for install + # XXX but there's stuff that will reduce it's size + # + environment.systemPackages = [ + pkgs.rsync + pkgs.rxvt_unicode.terminfo + ]; + boot.kernel.sysctl = { + "net.ipv6.conf.all.use_tempaddr" = 2; + "net.ipv6.conf.default.use_tempaddr" = 2; + }; + environment.noXlibs = true; + environment.profileRelativeEnvVars.PATH = lib.mkForce [ "/bin" ]; + i18n.defaultLocale = "en_US.UTF-8"; + i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" ]; + nix.binaryCaches = [ "https://cache.nixos.org" ]; + nix.requireSignedBinaryCaches = true; + #nix.sandboxPaths = [ "/etc/protocols" pkgs.iana_etc.outPath ]; + nix.useSandbox = true; + programs.info.enable = false; + programs.man.enable = false; + security.hideProcessInformation = true; + services.nixosManual.enable = false; + services.nscd.enable = false; + services.ntp.enable = false; + services.openssh.enable = true; + services.udisks2.enable = false; + sound.enable = false; + users.mutableUsers = false; + }; +} diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..b582d8e --- /dev/null +++ b/default.nix @@ -0,0 +1,55 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + + + + ./base.nix + ]; + + boot.loader.grub.devices = [ config.ni-disk ]; + boot.loader.grub.splashImage = null; + + environment.systemPackages = [ + pkgs.htop + pkgs.iptables + (pkgs.writeDashBin "ni-upload-iso" '' + export NIX_PATH=${config.ni-nix-path} + set -efux + ${pkgs.nix}/bin/nix-build \ + -A config.system.build.isoImage \ + -I nixos-config=${config.ni-nix-path}/nixos-config/install.nix \ + -o ${config.ni-nix-path}/isoImage \ + ${config.ni-nix-path}/nixpkgs/nixos + ftpHost=$(${pkgs.jq}/bin/jq -r .ftp.host ${config.ni-key-path}/kvm-info.json); \ + ${pkgs.curl}/bin/curl -n --netrc-file ${config.ni-key-path}/upload-iso.netrc \ + -T ${config.ni-nix-path}/isoImage/iso/ni-install.iso \ + "ftp://$ftpHost/cdrom/ni-install.iso" + '') + ]; + + fileSystems = { + "/" = { + device = "${config.ni-disk}-part1"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + }; + + networking.hostName = "ni"; + + services.timesyncd.enable = true; + + services.openssh = { + enable = true; + hostKeys = lib.singleton ({ + type = "ed25519"; + path = "${config.ni-key-path}/ssh.id_ed25519"; + }); + }; + + tv.iptables.enable = true; + tv.iptables.accept-echo-request = "internet"; + tv.iptables.input-internet-accept-tcp = [ "ssh" ]; +} diff --git a/install.nix b/install.nix new file mode 100644 index 0000000..3217cb5 --- /dev/null +++ b/install.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + + + + ./base.nix + ]; + + environment.systemPackages = [ + (pkgs.writeDashBin "ni-format" '' + set -efux + ${pkgs.parted}/bin/parted ${config.ni-disk} mktable msdos + ${pkgs.parted}/bin/parted ${config.ni-disk} mkpart primary 1MiB 100% + ${pkgs.parted}/bin/parted ${config.ni-disk} print + ${pkgs.btrfs-progs}/bin/mkfs.btrfs ${config.ni-disk}-part1 + '') + + (pkgs.writeDashBin "ni-mount" '' + set -efux + if ! ${pkgs.utillinux}/bin/mountpoint /mnt; then + ${pkgs.coreutils}/bin/install -m 0000 -d /mnt + ${pkgs.utillinux}/bin/mount ${config.ni-disk}-part1 /mnt + fi + if ! ${pkgs.utillinux}/bin/mountpoint ${config.ni-path}; then + ${pkgs.coreutils}/bin/install -m 0700 -d /mnt${config.ni-path} + ${pkgs.coreutils}/bin/install -m 0000 -d ${config.ni-path} + ${pkgs.utillinux}/bin/mount --bind /mnt${config.ni-path} ${config.ni-path} + ${pkgs.coreutils}/bin/touch /mnt/${config.ni-path}/.populate + fi + '') + + # TODO ni-upload-iso + ]; + + isoImage.isoName = "ni-install.iso"; + isoImage.volumeID = "NI_INSTALL_ISO"; + networking.hostName = "ni-install"; +} diff --git a/local-upload-iso b/local-upload-iso new file mode 100755 index 0000000..26c2358 --- /dev/null +++ b/local-upload-iso @@ -0,0 +1,17 @@ +#! /bin/sh +# XXX DRY, see default.nix's ni-upload-iso + +keys=$PWD/keys +nixos_config=$PWD +nixpkgs=/var/src/nixpkgs + +set -efux +isoImage=$(nix-build \ + -A config.system.build.isoImage \ + -I nixos-config="$nixos_config/install.nix" \ + --no-out-link \ + "$nixpkgs"/nixos); \ +ftpHost=$(jq -r .ftp.host "$keys/kvm-info.json"); \ +curl -n --netrc-file "$keys/upload-iso.netrc" \ + -T $isoImage/iso/ni-install.iso \ + "ftp://$ftpHost/cdrom/ni-install.iso" -- cgit v1.2.3