blob: b386fa94b3cd61dd5b81e1776e9d8797c8de63c8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
{ pkgs, lib, pubkey ? "", disk ? "/dev/sda", vgname ? "pool", luksmap ? "luksmap", keyfile ? "/root/keyfile", ... }:
with lib;
pkgs.writeText "init" ''
#! /bin/sh
# usage: curl xu/~tv/init | sh
set -efu
# TODO nix-env -f '<nixpkgs>' -iA jq # if not exists (also version)
# install at tmp location
case $(cat /proc/cmdline) in
*' root=LABEL=NIXOS_ISO '*) :;;
*) echo Error: unknown operating system >&2; exit 1;;
esac
keyfile=${keyfile}
disk=${disk}
luksdev=${disk}3
luksmap=/dev/mapper/${luksmap}
vgname=${vgname}
bootdev=/dev/sda2
rootdev=/dev/mapper/${vgname}-root
homedev=/dev/mapper/${vgname}-home
#
#generate keyfile
#
if ! test -e "$keyfile"; then
dd if=/dev/urandom bs=512 count=2048 of=$keyfile
fi
#
# partitioning
#
# http://en.wikipedia.org/wiki/GUID_Partition_Table
# undo:
# dd if=/dev/zero bs=512 count=34 of=/dev/sda
# TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda)
if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then
parted -s -a optimal "$disk" \
mklabel gpt \
mkpart no-fs 0 1024KiB \
set 1 bios_grub on \
mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
mkpart primary 1025MiB 100%
fi
if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then
echo zonk2
exit 23
fi
if ! cryptsetup isLuks "$luksdev"; then
# aes xts-plain64
cryptsetup luksFormat "$luksdev" "$keyfile" \
-h sha512 \
--iter-time 5000
fi
if ! test -e "$luksmap"; then
cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" \
--key-file "$keyfile"
fi
# cryptsetup close
if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then
pvcreate "$luksmap"
fi
if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi
lvchange -a y /dev/mapper/"$vgname"
if ! test -e "$rootdev"; then lvcreate -L 7G -n root "$vgname"; fi
if ! test -e "$homedev"; then lvcreate -L 100M -n home "$vgname"; fi
# lvchange -a n "$vgname"
#
# formatting
#
if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then
mkfs.vfat "$bootdev"
fi
if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then
mkfs.btrfs "$rootdev"
fi
if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then
mkfs.btrfs "$homedev"
fi
if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then
mount "$rootdev" /mnt
fi
if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then
mkdir -m 0000 -p /mnt/boot
mount "$bootdev" /mnt/boot
fi
if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then
mkdir -m 0000 -p /mnt/home
mount "$homedev" /mnt/home
fi
# umount -R /mnt
#
# dependencies for stockholm
#
nix-env -iA nixos.git
# TODO: get sentinal file from target_path
mkdir -p /mnt/var/src
touch /mnt/var/src/.populate
#
# print all the infos
#
parted "$disk" print
lsblk "$disk"
key='${pubkey}'
if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then
mkdir -p /root/.ssh
echo "$key" > /root/.ssh/authorized_keys
fi
systemctl start sshd
ip route
echo READY.
''
|
