summaryrefslogtreecommitdiffstats
path: root/lass/5pkgs/init/default.nix
blob: b386fa94b3cd61dd5b81e1776e9d8797c8de63c8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
{ pkgs, lib, pubkey ? "", disk ? "/dev/sda", vgname ? "pool", luksmap ? "luksmap", keyfile ? "/root/keyfile", ... }:

with lib;

pkgs.writeText "init" ''
  #! /bin/sh
  # usage: curl xu/~tv/init | sh
  set -efu
  # TODO nix-env -f '<nixpkgs>' -iA jq # if not exists (also version)
  #       install at tmp location


  case $(cat /proc/cmdline) in
     *' root=LABEL=NIXOS_ISO '*) :;;
     *) echo Error: unknown operating system >&2; exit 1;;
  esac

  keyfile=${keyfile}

  disk=${disk}

  luksdev=${disk}3
  luksmap=/dev/mapper/${luksmap}

  vgname=${vgname}

  bootdev=/dev/sda2

  rootdev=/dev/mapper/${vgname}-root
  homedev=/dev/mapper/${vgname}-home

  #
  #generate keyfile
  #

  if ! test -e "$keyfile"; then
    dd if=/dev/urandom bs=512 count=2048 of=$keyfile
  fi

  #
  # partitioning
  #

  # http://en.wikipedia.org/wiki/GUID_Partition_Table
  # undo:
  #   dd if=/dev/zero bs=512 count=34 of=/dev/sda
  # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda)
  if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then
    parted -s -a optimal "$disk" \
        mklabel gpt \
        mkpart no-fs 0 1024KiB \
        set 1 bios_grub on \
        mkpart ESP fat32 1025KiB 1024MiB  set 2 boot on \
        mkpart primary 1025MiB 100%
  fi

  if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then
    echo zonk2
    exit 23
  fi

  if ! cryptsetup isLuks "$luksdev"; then
    # aes xts-plain64
    cryptsetup luksFormat "$luksdev" "$keyfile" \
        -h sha512 \
        --iter-time 5000
  fi

  if ! test -e "$luksmap"; then
    cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" \
        --key-file "$keyfile"
  fi
  # cryptsetup close

  if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then
    pvcreate "$luksmap"
  fi

  if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi

  lvchange -a y /dev/mapper/"$vgname"

  if ! test -e "$rootdev"; then lvcreate -L 7G -n root "$vgname"; fi
  if ! test -e "$homedev"; then lvcreate -L 100M -n home "$vgname"; fi

  # lvchange -a n "$vgname"


  #
  # formatting
  #

  if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then
    mkfs.vfat "$bootdev"
  fi

  if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then
    mkfs.btrfs "$rootdev"
  fi

  if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then
    mkfs.btrfs "$homedev"
  fi


  if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then
    mount "$rootdev" /mnt
  fi
  if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then
    mkdir -m 0000 -p /mnt/boot
    mount "$bootdev" /mnt/boot
  fi
  if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then
    mkdir -m 0000 -p /mnt/home
    mount "$homedev" /mnt/home
  fi

  # umount -R /mnt

  #
  # dependencies for stockholm
  #

  nix-env -iA nixos.git

  # TODO: get sentinal file from target_path
  mkdir -p /mnt/var/src
  touch /mnt/var/src/.populate

  #
  # print all the infos
  #

  parted "$disk" print
  lsblk "$disk"

  key='${pubkey}'
  if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then
    mkdir -p /root/.ssh
    echo "$key" > /root/.ssh/authorized_keys
  fi
  systemctl start sshd
  ip route
  echo READY.
''