summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/2configs/websites/lassulus.nix9
-rw-r--r--lass/4lib/default.nix130
-rw-r--r--lass/5pkgs/default.nix3
-rw-r--r--lass/5pkgs/init/default.nix134
4 files changed, 142 insertions, 134 deletions
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index ea384195b..024d2eeb2 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -5,7 +5,6 @@ let
inherit (import <stockholm/lib>)
genid
;
- inherit (import ../../4lib { inherit lib; }) initscript;
in {
imports = [
@@ -102,8 +101,12 @@ in {
fastcgi_param SCRIPT_NAME ${script};
'';
- locations."/init".extraConfig = ''
- alias ${pkgs.writeText "init" (initscript { pubkey = config.krebs.users.lass.pubkey; })};
+ locations."/init".extraConfig = let
+ initscript = pkgs.init.override {
+ pubkey = config.krebs.users.lass.pubkey;
+ };
+ in ''
+ alias ${initscript};
'';
enableSSL = true;
diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix
index 0dc7fa8d7..56943b7ac 100644
--- a/lass/4lib/default.nix
+++ b/lass/4lib/default.nix
@@ -7,134 +7,4 @@ rec {
getDefaultGateway = ip:
concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
- initscript = { pubkey ? config.krebs.users.lass.pubkey, disk ? "/dev/sda", vgname ? "vga", luksmap ? "ca" }: ''
- #! /bin/sh
- # usage: curl xu/~tv/init | sh
- set -efu
- # TODO nix-env -f '<nixpkgs>' -iA jq # if not exists (also version)
- # install at tmp location
-
-
- case $(cat /proc/cmdline) in
- *' root=LABEL=NIXOS_ISO '*) :;;
- *) echo Error: unknown operating system >&2; exit 1;;
- esac
-
- disk=${disk}
-
- bootdev=${disk}1
-
- luksdev=${disk}2
- luksmap=/dev/mapper/${luksmap}
-
- vgname=${vgname}
-
- rootdev=/dev/mapper/${vgname}-root
- homedev=/dev/mapper/${vgname}-home
- bkudev=/dev/mapper/${vgname}-bku
-
- #
- # partitioning
- #
-
- # http://en.wikipedia.org/wiki/GUID_Partition_Table
- # undo:
- # dd if=/dev/zero bs=512 count=34 of=/dev/sda
- # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda)
- if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then
- parted "$disk" \
- mklabel gpt \
- mkpart ESP fat32 1MiB 1024MiB set 1 boot on \
- mkpart primary 1024MiB 100%
- fi
-
- if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ESP; then
- echo zonk
- exit 23
- fi
-
- if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then
- echo zonk2
- exit 23
- fi
-
- if ! cryptsetup isLuks "$luksdev"; then
- # aes xts-plain64
- cryptsetup luksFormat "$luksdev" \
- -h sha512 \
- --iter-time 5000
- fi
-
- if ! test -e "$luksmap"; then
- cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")"
- fi
- # cryptsetup close
-
- if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then
- pvcreate "$luksmap"
- fi
-
- if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi
-
- lvchange -a y /dev/mapper/"$vgname"
-
- if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi
- if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi
- if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi
-
- # lvchange -a n "$vgname"
-
-
- #
- # formatting
- #
-
- if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then
- mkfs.vfat "$bootdev"
- fi
-
- if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then
- mkfs.btrfs "$rootdev"
- fi
-
- if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then
- mkfs.btrfs "$homedev"
- fi
-
- if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then
- mkfs.btrfs "$bkudev"
- fi
-
-
- if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then
- mount "$rootdev" /mnt
- fi
- if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then
- mkdir -m 0000 -p /mnt/boot
- mount "$bootdev" /mnt/boot
- fi
- if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then
- mkdir -m 0000 -p /mnt/home
- mount "$homedev" /mnt/home
- fi
- if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then
- mkdir -m 0000 -p /mnt/bku
- mount "$bkudev" /mnt/bku
- fi
-
- # umount -R /mnt
-
-
- parted "$disk" print
- lsblk "$disk"
-
- key='${pubkey}'
- if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then
- mkdir -p /root/.ssh
- echo "$key" > /root/.ssh/authorized_keys
- fi
- systemctl start sshd
- ip route
- echo READY.
- '';
}
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index 0beda7481..e47e3126a 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, ... }@args:
{
nixpkgs.config.packageOverrides = rec {
@@ -11,6 +11,7 @@
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};
};
+ init = pkgs.callPackage ./init/default.nix args;
mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
pop = pkgs.callPackage ./pop/default.nix {};
diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix
new file mode 100644
index 000000000..abf2528d7
--- /dev/null
+++ b/lass/5pkgs/init/default.nix
@@ -0,0 +1,134 @@
+{ pkgs, lib, pubkey ? "", disk ? "/dev/sda", vgname ? "vga", luksmap ? "ca", ... }:
+
+with lib;
+
+pkgs.writeText "init" ''
+ #! /bin/sh
+ # usage: curl xu/~tv/init | sh
+ set -efu
+ # TODO nix-env -f '<nixpkgs>' -iA jq # if not exists (also version)
+ # install at tmp location
+
+
+ case $(cat /proc/cmdline) in
+ *' root=LABEL=NIXOS_ISO '*) :;;
+ *) echo Error: unknown operating system >&2; exit 1;;
+ esac
+
+ disk=${disk}
+
+ bootdev=${disk}1
+
+ luksdev=${disk}2
+ luksmap=/dev/mapper/${luksmap}
+
+ vgname=${vgname}
+
+ rootdev=/dev/mapper/${vgname}-root
+ homedev=/dev/mapper/${vgname}-home
+ bkudev=/dev/mapper/${vgname}-bku
+
+ #
+ # partitioning
+ #
+
+ # http://en.wikipedia.org/wiki/GUID_Partition_Table
+ # undo:
+ # dd if=/dev/zero bs=512 count=34 of=/dev/sda
+ # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda)
+ if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then
+ parted "$disk" \
+ mklabel gpt \
+ mkpart ESP fat32 1MiB 1024MiB set 1 boot on \
+ mkpart primary 1024MiB 100%
+ fi
+
+ if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ESP; then
+ echo zonk
+ exit 23
+ fi
+
+ if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then
+ echo zonk2
+ exit 23
+ fi
+
+ if ! cryptsetup isLuks "$luksdev"; then
+ # aes xts-plain64
+ cryptsetup luksFormat "$luksdev" \
+ -h sha512 \
+ --iter-time 5000
+ fi
+
+ if ! test -e "$luksmap"; then
+ cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")"
+ fi
+ # cryptsetup close
+
+ if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then
+ pvcreate "$luksmap"
+ fi
+
+ if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi
+
+ lvchange -a y /dev/mapper/"$vgname"
+
+ if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi
+ if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi
+ if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi
+
+ # lvchange -a n "$vgname"
+
+
+ #
+ # formatting
+ #
+
+ if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then
+ mkfs.vfat "$bootdev"
+ fi
+
+ if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then
+ mkfs.btrfs "$rootdev"
+ fi
+
+ if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then
+ mkfs.btrfs "$homedev"
+ fi
+
+ if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then
+ mkfs.btrfs "$bkudev"
+ fi
+
+
+ if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then
+ mount "$rootdev" /mnt
+ fi
+ if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then
+ mkdir -m 0000 -p /mnt/boot
+ mount "$bootdev" /mnt/boot
+ fi
+ if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then
+ mkdir -m 0000 -p /mnt/home
+ mount "$homedev" /mnt/home
+ fi
+ if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then
+ mkdir -m 0000 -p /mnt/bku
+ mount "$bkudev" /mnt/bku
+ fi
+
+ # umount -R /mnt
+
+
+ parted "$disk" print
+ lsblk "$disk"
+
+ key='${pubkey}'
+ if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then
+ mkdir -p /root/.ssh
+ echo "$key" > /root/.ssh/authorized_keys
+ fi
+ systemctl start sshd
+ ip route
+ echo READY.
+''