diff options
Diffstat (limited to 'lass')
-rw-r--r-- | lass/2configs/websites/lassulus.nix | 9 | ||||
-rw-r--r-- | lass/4lib/default.nix | 130 | ||||
-rw-r--r-- | lass/5pkgs/default.nix | 3 | ||||
-rw-r--r-- | lass/5pkgs/init/default.nix | 134 |
4 files changed, 142 insertions, 134 deletions
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index ea384195b..024d2eeb2 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -5,7 +5,6 @@ let inherit (import <stockholm/lib>) genid ; - inherit (import ../../4lib { inherit lib; }) initscript; in { imports = [ @@ -102,8 +101,12 @@ in { fastcgi_param SCRIPT_NAME ${script}; ''; - locations."/init".extraConfig = '' - alias ${pkgs.writeText "init" (initscript { pubkey = config.krebs.users.lass.pubkey; })}; + locations."/init".extraConfig = let + initscript = pkgs.init.override { + pubkey = config.krebs.users.lass.pubkey; + }; + in '' + alias ${initscript}; ''; enableSSL = true; diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix index 0dc7fa8d7..56943b7ac 100644 --- a/lass/4lib/default.nix +++ b/lass/4lib/default.nix @@ -7,134 +7,4 @@ rec { getDefaultGateway = ip: concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); - initscript = { pubkey ? config.krebs.users.lass.pubkey, disk ? "/dev/sda", vgname ? "vga", luksmap ? "ca" }: '' - #! /bin/sh - # usage: curl xu/~tv/init | sh - set -efu - # TODO nix-env -f '<nixpkgs>' -iA jq # if not exists (also version) - # install at tmp location - - - case $(cat /proc/cmdline) in - *' root=LABEL=NIXOS_ISO '*) :;; - *) echo Error: unknown operating system >&2; exit 1;; - esac - - disk=${disk} - - bootdev=${disk}1 - - luksdev=${disk}2 - luksmap=/dev/mapper/${luksmap} - - vgname=${vgname} - - rootdev=/dev/mapper/${vgname}-root - homedev=/dev/mapper/${vgname}-home - bkudev=/dev/mapper/${vgname}-bku - - # - # partitioning - # - - # http://en.wikipedia.org/wiki/GUID_Partition_Table - # undo: - # dd if=/dev/zero bs=512 count=34 of=/dev/sda - # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda) - if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then - parted "$disk" \ - mklabel gpt \ - mkpart ESP fat32 1MiB 1024MiB set 1 boot on \ - mkpart primary 1024MiB 100% - fi - - if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ESP; then - echo zonk - exit 23 - fi - - if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then - echo zonk2 - exit 23 - fi - - if ! cryptsetup isLuks "$luksdev"; then - # aes xts-plain64 - cryptsetup luksFormat "$luksdev" \ - -h sha512 \ - --iter-time 5000 - fi - - if ! test -e "$luksmap"; then - cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" - fi - # cryptsetup close - - if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then - pvcreate "$luksmap" - fi - - if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi - - lvchange -a y /dev/mapper/"$vgname" - - if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi - if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi - if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi - - # lvchange -a n "$vgname" - - - # - # formatting - # - - if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then - mkfs.vfat "$bootdev" - fi - - if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then - mkfs.btrfs "$rootdev" - fi - - if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then - mkfs.btrfs "$homedev" - fi - - if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then - mkfs.btrfs "$bkudev" - fi - - - if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then - mount "$rootdev" /mnt - fi - if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then - mkdir -m 0000 -p /mnt/boot - mount "$bootdev" /mnt/boot - fi - if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then - mkdir -m 0000 -p /mnt/home - mount "$homedev" /mnt/home - fi - if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then - mkdir -m 0000 -p /mnt/bku - mount "$bkudev" /mnt/bku - fi - - # umount -R /mnt - - - parted "$disk" print - lsblk "$disk" - - key='${pubkey}' - if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then - mkdir -p /root/.ssh - echo "$key" > /root/.ssh/authorized_keys - fi - systemctl start sshd - ip route - echo READY. - ''; } diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 0beda7481..e47e3126a 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, ... }@args: { nixpkgs.config.packageOverrides = rec { @@ -11,6 +11,7 @@ ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {}; vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {}; }; + init = pkgs.callPackage ./init/default.nix args; mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {}; mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {}; pop = pkgs.callPackage ./pop/default.nix {}; diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix new file mode 100644 index 000000000..abf2528d7 --- /dev/null +++ b/lass/5pkgs/init/default.nix @@ -0,0 +1,134 @@ +{ pkgs, lib, pubkey ? "", disk ? "/dev/sda", vgname ? "vga", luksmap ? "ca", ... }: + +with lib; + +pkgs.writeText "init" '' + #! /bin/sh + # usage: curl xu/~tv/init | sh + set -efu + # TODO nix-env -f '<nixpkgs>' -iA jq # if not exists (also version) + # install at tmp location + + + case $(cat /proc/cmdline) in + *' root=LABEL=NIXOS_ISO '*) :;; + *) echo Error: unknown operating system >&2; exit 1;; + esac + + disk=${disk} + + bootdev=${disk}1 + + luksdev=${disk}2 + luksmap=/dev/mapper/${luksmap} + + vgname=${vgname} + + rootdev=/dev/mapper/${vgname}-root + homedev=/dev/mapper/${vgname}-home + bkudev=/dev/mapper/${vgname}-bku + + # + # partitioning + # + + # http://en.wikipedia.org/wiki/GUID_Partition_Table + # undo: + # dd if=/dev/zero bs=512 count=34 of=/dev/sda + # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda) + if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then + parted "$disk" \ + mklabel gpt \ + mkpart ESP fat32 1MiB 1024MiB set 1 boot on \ + mkpart primary 1024MiB 100% + fi + + if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ESP; then + echo zonk + exit 23 + fi + + if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then + echo zonk2 + exit 23 + fi + + if ! cryptsetup isLuks "$luksdev"; then + # aes xts-plain64 + cryptsetup luksFormat "$luksdev" \ + -h sha512 \ + --iter-time 5000 + fi + + if ! test -e "$luksmap"; then + cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" + fi + # cryptsetup close + + if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then + pvcreate "$luksmap" + fi + + if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi + + lvchange -a y /dev/mapper/"$vgname" + + if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi + if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi + if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi + + # lvchange -a n "$vgname" + + + # + # formatting + # + + if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then + mkfs.vfat "$bootdev" + fi + + if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then + mkfs.btrfs "$rootdev" + fi + + if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then + mkfs.btrfs "$homedev" + fi + + if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then + mkfs.btrfs "$bkudev" + fi + + + if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then + mount "$rootdev" /mnt + fi + if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then + mkdir -m 0000 -p /mnt/boot + mount "$bootdev" /mnt/boot + fi + if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then + mkdir -m 0000 -p /mnt/home + mount "$homedev" /mnt/home + fi + if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then + mkdir -m 0000 -p /mnt/bku + mount "$bkudev" /mnt/bku + fi + + # umount -R /mnt + + + parted "$disk" print + lsblk "$disk" + + key='${pubkey}' + if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then + mkdir -p /root/.ssh + echo "$key" > /root/.ssh/authorized_keys + fi + systemctl start sshd + ip route + echo READY. +'' |