summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
authorlassulus <git@lassul.us>2023-01-26 16:14:47 +0100
committerlassulus <git@lassul.us>2023-01-26 16:14:47 +0100
commit2b01c332826d2d59b7fdbf4a7924e827338920f9 (patch)
tree53ff83a08dabd050887a0e14f93d9c7ef4a02bbc /lass
parent18efc15b2a2694dac07f89d33bb1243492358a88 (diff)
l hilum.r: create with disko, add script
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/hilum/disk.nix53
-rw-r--r--lass/1systems/hilum/flash-stick.sh27
-rw-r--r--lass/1systems/hilum/physical.nix29
3 files changed, 95 insertions, 14 deletions
diff --git a/lass/1systems/hilum/disk.nix b/lass/1systems/hilum/disk.nix
new file mode 100644
index 000000000..4a7253bab
--- /dev/null
+++ b/lass/1systems/hilum/disk.nix
@@ -0,0 +1,53 @@
+{ lib, disk, ... }:
+{
+ disk = {
+ main = {
+ type = "disk";
+ device = disk;
+ content = {
+ type = "table";
+ format = "gpt";
+ partitions = [
+ {
+ name = "boot";
+ type = "partition";
+ start = "0";
+ end = "1M";
+ part-type = "primary";
+ flags = ["bios_grub"];
+ }
+ {
+ type = "partition";
+ name = "ESP";
+ start = "1MiB";
+ end = "50%";
+ fs-type = "fat32";
+ bootable = true;
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ };
+ }
+ {
+ name = "root";
+ type = "partition";
+ start = "50%";
+ end = "100%";
+ content = {
+ type = "luks";
+ name = "hilum_luks";
+ # keyFile = "/tmp/secret.key";
+ content = {
+ type = "filesystem";
+ format = "xfs";
+ mountpoint = "/";
+ };
+ };
+ }
+ ];
+ };
+ };
+ };
+}
+
diff --git a/lass/1systems/hilum/flash-stick.sh b/lass/1systems/hilum/flash-stick.sh
new file mode 100644
index 000000000..7b787f92a
--- /dev/null
+++ b/lass/1systems/hilum/flash-stick.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+set -efux
+
+disk=$1
+
+export NIXPKGS_ALLOW_UNFREE=1
+stockholm_root=$(git rev-parse --show-toplevel)
+ssh root@localhost -t -- $(nix-build \
+ --no-out-link \
+ -I nixpkgs=/var/src/nixpkgs \
+ -I stockholm="$stockholm_root" \
+ -I secrets="$stockholm_root"/lass/2configs/tests/dummy-secrets \
+ -E "with import <nixpkgs> {}; (pkgs.nixos [ { mainDisk = \"$disk\"; disko.rootMountPoint = \"/mnt/hilum\"; } ./physical.nix ]).mountScript"
+)
+$(nix-build \
+ --no-out-link \
+ -I nixpkgs=/var/src/nixpkgs \
+ "$stockholm_root"/lass/krops.nix -A populate \
+ --argstr name hilum \
+ --argstr target "root@localhost/mnt/hilum/var/src" \
+ --arg force true
+)
+ssh root@localhost << SSH
+nixos-install --no-root-password --root /mnt/hilum -I /var/src
+nixos-enter --root /mnt/hilum -- nixos-rebuild -I /var/src switch --install-bootloader
+umount -Rv /mnt/hilum
+SSH
diff --git a/lass/1systems/hilum/physical.nix b/lass/1systems/hilum/physical.nix
index f8bab57d6..e6860a496 100644
--- a/lass/1systems/hilum/physical.nix
+++ b/lass/1systems/hilum/physical.nix
@@ -1,11 +1,24 @@
-{ lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:
{
imports = [
./config.nix
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ {
+ # nice hack to carry around state passed impurely at the beginning
+ options.mainDisk = lib.mkOption {
+ type = lib.types.str;
+ default = builtins.readFile "/etc/hilum-disk";
+ };
+ config.environment.etc.hilum-disk.text = config.mainDisk;
+ }
];
+ disko.devices = import ./disk.nix {
+ inherit lib;
+ disk = config.mainDisk;
+ };
+
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
@@ -13,21 +26,9 @@
boot.loader.grub.enable = true;
boot.loader.grub.efiSupport = true;
- boot.loader.grub.device = "/dev/disk/by-id/usb-General_USB_Flash_Disk_0374116060006128-0:0";
+ boot.loader.grub.device = config.mainDisk;
boot.loader.grub.efiInstallAsRemovable = true;
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/6db29cdd-ff64-496d-b541-5f1616665dc2";
- fsType = "ext4";
- };
-
- boot.initrd.luks.devices."usb_nix".device = "/dev/disk/by-uuid/3c8ab3af-57fb-4564-9e27-b2766404f5d4";
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/2B9E-5131";
- fsType = "vfat";
- };
-
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 4;