diff options
author | tv <tv@krebsco.de> | 2023-08-01 12:14:30 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2023-08-01 12:14:30 +0200 |
commit | 7be9bfdc55d672de39dce98dae9c6d112404dfc6 (patch) | |
tree | e89a93ad96e6f35490ffbf6b6a337ca4dcc9a170 /makefu/1systems/iso | |
parent | 5d1b0675cf179f863a5b34b67661a953197b6057 (diff) | |
parent | 6e63efa3645353bc0549f5f152ef811fff5d644c (diff) |
Merge remote-tracking branch 'orange/master'
Diffstat (limited to 'makefu/1systems/iso')
-rw-r--r-- | makefu/1systems/iso/config.nix | 72 | ||||
-rw-r--r-- | makefu/1systems/iso/justdoit.nix | 120 | ||||
-rw-r--r-- | makefu/1systems/iso/source.nix | 3 | ||||
-rw-r--r-- | makefu/1systems/iso/target-config.nix | 46 |
4 files changed, 0 insertions, 241 deletions
diff --git a/makefu/1systems/iso/config.nix b/makefu/1systems/iso/config.nix deleted file mode 100644 index 207121236..000000000 --- a/makefu/1systems/iso/config.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ config, pkgs, lib, ... }: - -with import <stockholm/lib>; -{ - imports = [ - #<stockholm/makefu> - <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix> - <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix> - # <stockholm/makefu/2configs/tools/core.nix> - ./justdoit.nix - { - environment.systemPackages = [ (pkgs.writeScriptBin "network-setup" '' - #!/bin/sh - ip addr add 178.254.30.202/255.255.252.0 dev ens3 - ip route add default via 178.254.28.1 - echo nameserver 1.1.1.1 > /etc/resolv.conf - '')]; - kexec.justdoit = { - bootSize = 512; - rootDevice = "/dev/vda"; - bootType = "vfat"; - luksEncrypt = false; - uefi = false; - }; - } - ]; - # boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now - # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso/config.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos - #krebs.build.host = { cores = 0; }; - isoImage.isoBaseName = lib.mkForce "stockholm"; - #krebs.hidden-ssh.enable = true; - # environment.systemPackages = with pkgs; [ - # aria2 - # ddrescue - # ]; - environment.extraInit = '' - EDITOR=vim - ''; - # iso-specific - services.openssh = { - enable = true; - hostKeys = [ - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - # enable ssh in the iso boot process - systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; - # hack `tee` behavior - nixpkgs.config.packageOverrides = super: { - irc-announce = super.callPackage <stockholm/krebs/5pkgs/simple/irc-announce> { - pkgs = pkgs // { - coreutils = pkgs.symlinkJoin { - name = "coreutils-hack"; - paths = [ - pkgs.coreutils - (pkgs.writeDashBin "tee" '' - if test "$1" = /dev/stderr; then - while read -r line; do - echo "$line" - echo "$line" >&2 - done - else - ${super.coreutils}/bin/tee "$@" - fi - '') - ]; - }; - }; - }; - }; -} diff --git a/makefu/1systems/iso/justdoit.nix b/makefu/1systems/iso/justdoit.nix deleted file mode 100644 index 0ce90494b..000000000 --- a/makefu/1systems/iso/justdoit.nix +++ /dev/null @@ -1,120 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - cfg = config.kexec.justdoit; - x = if cfg.nvme then "p" else ""; -in { - options = { - kexec.justdoit = { - rootDevice = mkOption { - type = types.str; - default = "/dev/sda"; - description = "the root block device that justdoit will nuke from orbit and force nixos onto"; - }; - bootSize = mkOption { - type = types.int; - default = 256; - description = "size of /boot in mb"; - }; - bootType = mkOption { - type = types.enum [ "ext4" "vfat" "zfs" ]; - default = "ext4"; - }; - swapSize = mkOption { - type = types.int; - default = 1024; - description = "size of swap in mb"; - }; - poolName = mkOption { - type = types.str; - default = "tank"; - description = "zfs pool name"; - }; - luksEncrypt = mkOption { - type = types.bool; - default = false; - description = "encrypt all of zfs and swap"; - }; - uefi = mkOption { - type = types.bool; - default = false; - description = "create a uefi install"; - }; - nvme = mkOption { - type = types.bool; - default = false; - description = "rootDevice is nvme"; - }; - }; - }; - config = let - mkBootTable = { - ext4 = "mkfs.ext4 $NIXOS_BOOT -L NIXOS_BOOT"; - vfat = "mkfs.vfat $NIXOS_BOOT -n NIXOS_BOOT"; - zfs = ""; - }; - in lib.mkIf true { - system.build.justdoit = pkgs.writeScriptBin "justdoit" '' - #!${pkgs.stdenv.shell} - set -e - vgchange -a n - wipefs -a ${cfg.rootDevice} - dd if=/dev/zero of=${cfg.rootDevice} bs=512 count=10000 - sfdisk ${cfg.rootDevice} <<EOF - label: gpt - device: ${cfg.rootDevice} - unit: sectors - ${lib.optionalString (cfg.bootType != "zfs") "1 : size=${toString (2048 * cfg.bootSize)}, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4"} - ${lib.optionalString (! cfg.uefi) "4 : size=4096, type=21686148-6449-6E6F-744E-656564454649"} - 2 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4 - EOF - ${if cfg.luksEncrypt then '' - cryptsetup luksFormat ${cfg.rootDevice}${x}2 - cryptsetup open --type luks ${cfg.rootDevice}${x}2 root - export ROOT_DEVICE=/dev/mapper/root - '' else '' - export ROOT_DEVICE=${cfg.rootDevice}${x}2 - ''} - ${lib.optionalString (cfg.bootType != "zfs") "export NIXOS_BOOT=${cfg.rootDevice}${x}1"} - mkdir -p /mnt - ${mkBootTable.${cfg.bootType}} - zpool create -o ashift=12 -o altroot=/mnt ${cfg.poolName} $ROOT_DEVICE - zfs create -o mountpoint=legacy ${cfg.poolName}/root - zfs create -o mountpoint=legacy ${cfg.poolName}/home - zfs create -o mountpoint=legacy ${cfg.poolName}/nix - mount -t zfs ${cfg.poolName}/root /mnt/ - mkdir /mnt/{home,nix,boot} - mount -t zfs ${cfg.poolName}/home /mnt/home/ - mount -t zfs ${cfg.poolName}/nix /mnt/nix/ - ${lib.optionalString (cfg.bootType != "zfs") "mount $NIXOS_BOOT /mnt/boot/"} - nixos-generate-config --root /mnt/ - hostId=$(echo $(head -c4 /dev/urandom | od -A none -t x4)) - cp ${./target-config.nix} /mnt/etc/nixos/configuration.nix - cat > /mnt/etc/nixos/generated.nix <<EOF - { ... }: - { - ${if cfg.uefi then '' - boot.loader.grub.efiInstallAsRemovable = true; - boot.loader.grub.efiSupport = true; - boot.loader.grub.device = "nodev"; - '' else '' - boot.loader.grub.device = "${cfg.rootDevice}"; - ''} - networking.hostId = "$hostId"; # required for zfs use - ${lib.optionalString cfg.luksEncrypt '' - boot.initrd.luks.devices = [ - { name = "root"; device = "${cfg.rootDevice}${x}2"; preLVM = true; } - ]; - ''} - } - EOF - nixos-install - umount /mnt/home /mnt/nix ${lib.optionalString (cfg.bootType != "zfs") "/mnt/boot"} /mnt - zpool export ${cfg.poolName} - ''; - environment.systemPackages = [ config.system.build.justdoit ]; - boot.supportedFilesystems = [ "zfs" ]; - users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb" ]; - }; -} diff --git a/makefu/1systems/iso/source.nix b/makefu/1systems/iso/source.nix deleted file mode 100644 index 6bef8ada9..000000000 --- a/makefu/1systems/iso/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - name="iso"; -} diff --git a/makefu/1systems/iso/target-config.nix b/makefu/1systems/iso/target-config.nix deleted file mode 100644 index 59d2960bc..000000000 --- a/makefu/1systems/iso/target-config.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ pkgs, lib, ... }: - -{ - imports = [ ./hardware-configuration.nix ./generated.nix ]; - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues - #boot.zfs.forceImportRoot = false; - #boot.zfs.forceImportAll = false; - boot.kernelParams = [ - "boot.shell_on_fail" - "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues - ]; - users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb" ]; - boot.tmpOnTmpfs = true; - programs.bash.enableCompletion = true; - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - environment.systemPackages = [ (pkgs.writeScriptBin "network-setup" '' - #!/bin/sh - ip addr add 178.254.30.202/255.255.252.0 dev ens3 - ip route add default via 178.254.28.1 - echo nameserver 1.1.1.1 > /etc/resolv.conf - '')]; - - # minimal - boot.supportedFilesystems = [ "zfs" ]; - programs.command-not-found.enable = false; - time.timeZone = "Europe/Berlin"; - programs.ssh.startAgent = false; - nix.useSandbox = true; - users.mutableUsers = false; - networking.firewall.rejectPackets = true; - networking.firewall.allowPing = true; - services.openssh.enable = true; - i18n = { - consoleKeyMap = "us"; - defaultLocale = "en_US.UTF-8"; - }; - boot.kernel.sysctl = { - "net.ipv6.conf.all.use_tempaddr" = lib.mkDefault "2"; - "net.ipv6.conf.default.use_tempaddr" = lib.mkDefault "2"; - }; -} |