From da7133a088b74fd21dde255c24edac7facc58209 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 15 Jun 2023 15:02:48 +0200
Subject: initial commit

---
 README     | 34 +++++++++++++++++++++++++++++++++
 config.nix | 48 ++++++++++++++++++++++++++++++++++++++++++++++
 kexec.nix  | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 146 insertions(+)
 create mode 100644 README
 create mode 100644 config.nix
 create mode 100644 kexec.nix

diff --git a/README b/README
new file mode 100644
index 0000000..a1e59dd
--- /dev/null
+++ b/README
@@ -0,0 +1,34 @@
+# Install NixOS on OCI VM.Standard.E2.1.Micro
+
+target=INSERT_YOUR_PUBLIC_IP_HERE
+
+kexec_tarball=$(nix-build --no-out-link '<nixpkgs/nixos>' -A config.system.build.kexec_tarball -I nixos-config=./kexec.nix)
+scp $kexec_tarball/tarball/nixos-system-x86_64-linux.tar.xz ubuntu@$target:/tmp/
+
+ssh ubuntu@$target
+cd / && sudo tar xf /tmp/nixos-system-x86_64-linux.tar.xz && sudo /kexec_nixos
+
+sed -i "/^$target /d" ~/.ssh/known_hosts
+ssh root@$target
+
+printf '%s\n' label:gpt ,512M,U ,4G,S ,,L | sfdisk /dev/sda
+mkfs.fat -F 32 -n boot /dev/sda1
+mkswap -L swap /dev/sda2
+mkfs.ext4 -L root /dev/sda3
+
+mkdir -m 0000 -p /mnt && mount /dev/disk/by-label/root /mnt
+mkdir -m 0000 -p /mnt/boot && mount /dev/disk/by-label/boot /mnt/boot
+swapon /dev/disk/by-label/swap
+
+mount -o remount,size=800M /nix/.rw-store/
+
+nix-channel --add https://nixos.org/channels/nixos-23.05 nixpkgs
+nix-channel --update
+
+scp config.nix root@$target:/mnt/etc/nixos/configuration.nix
+
+nixos-install --no-root-passwd
+shutdown -r now
+
+sed -i "/^$target /d" ~/.ssh/known_hosts
+ssh root@$target
diff --git a/config.nix b/config.nix
new file mode 100644
index 0000000..5e57f59
--- /dev/null
+++ b/config.nix
@@ -0,0 +1,48 @@
+{ modulesPath, ... }: {
+	imports = [
+		(modulesPath + "/profiles/qemu-guest.nix")
+	];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = throw "insert yout hostname here";
+
+  boot.kernelParams = [
+    "console=ttyS0"
+    "console=tty1"
+    "nvme.shutdown_timeout=10"
+    "libiscsi.debug_libiscsi_eh=1"
+    "net.ifnames=0"
+  ];
+
+  boot.initrd.kernelModules = [
+    "nvme"
+  ];
+  boot.kernelModules = [
+    "kvm-amd"
+  ];
+  
+  networking.useDHCP = false;
+  networking.interfaces.eth0.useDHCP = true;
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/root";
+    fsType = "ext4";
+  };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "vfat";
+  };
+  swapDevices = [{
+    device = "/dev/disk/by-label/swap";
+  }];
+
+  services.openssh.enable = true;
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    (throw "insert your ssh key here")
+  ];
+
+  system.stateVersion = "23.05";
+}
diff --git a/kexec.nix b/kexec.nix
new file mode 100644
index 0000000..0487197
--- /dev/null
+++ b/kexec.nix
@@ -0,0 +1,64 @@
+# Based on https://gist.github.com/misuzu/89fb064a2cc09c6a75dc9833bb3995bf
+{ config, lib, pkgs, ... }@attrs: {
+  imports = [
+    # this will work only under qemu, uncomment next line for full image
+    # <nixpkgs/nixos/modules/installer/netboot/netboot-minimal.nix>
+    <nixpkgs/nixos/modules/installer/netboot/netboot.nix>
+    <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+  ];
+
+  # stripped down version of https://github.com/cleverca22/nix-tests/tree/master/kexec
+  system.build = {
+    image = pkgs.runCommand "image" { buildInputs = [ pkgs.nukeReferences ]; } ''
+      mkdir $out
+      cp ${config.system.build.kernel}/bzImage $out/kernel
+      cp ${config.system.build.netbootRamdisk}/initrd $out/initrd
+      nuke-refs $out/kernel
+    '';
+    kexec_script = pkgs.writeTextFile {
+      executable = true;
+      name = "kexec-nixos";
+      text = ''
+        #!${pkgs.stdenv.shell}
+        set -efu
+        ${pkgs.kexectools}/bin/kexec -l ${config.system.build.image}/kernel --initrd=${config.system.build.image}/initrd --append="init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}"
+        sync
+        echo "executing kernel, filesystems will be improperly umounted" >&2
+        ${pkgs.kexectools}/bin/kexec -e
+      '';
+    };
+    kexec_tarball = pkgs.callPackage <nixpkgs/nixos/lib/make-system-tarball.nix> {
+      storeContents = [
+        {
+          object = config.system.build.kexec_script;
+          symlink = "/kexec_nixos";
+        }
+      ];
+      contents = [ ];
+    };
+  };
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" ];
+  boot.kernelParams = [
+    "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
+    "console=ttyS0" # enable serial console
+    "console=tty1"
+  ];
+  boot.kernel.sysctl."vm.overcommit_memory" = "1";
+
+  environment.systemPackages = [ pkgs.cryptsetup ];
+  environment.variables.GC_INITIAL_HEAP_SIZE = "1M";
+
+  networking.hostName = "kexec";
+
+  services.getty.autologinUser = "root";
+
+  services.openssh.enable = true;
+  services.openssh.settings.KbdInteractiveAuthentication = false;
+  services.openssh.settings.PasswordAuthentication = false;
+
+  users.users.root.openssh.authorizedKeys.keys =
+    (import ./config.nix attrs).users.users.root.openssh.authorizedKeys.keys;
+
+  system.stateVersion = "23.05";
+}
-- 
cgit v1.2.3