mirror of
https://github.com/oddlama/nix-config.git
synced 2025-10-11 07:10:39 +02:00
feat: add ability to copy installer scripts to existing live systems
This commit is contained in:
oddlama
parent
ece9554e76
commit
61d582f033
6 changed files with 69 additions and 38 deletions
15
README.md
15
README.md
|
|
@ -34,7 +34,6 @@ This is my personal nix config.
|
||||||
- `default.nix` Collects all apps and generates a definition for a specified system
|
- `default.nix` Collects all apps and generates a definition for a specified system
|
||||||
- `draw-graph.nix` (**WIP:** infrastructure graph renderer)
|
- `draw-graph.nix` (**WIP:** infrastructure graph renderer)
|
||||||
- `format-secrets.nix` Runs the code formatter on the secret .nix files
|
- `format-secrets.nix` Runs the code formatter on the secret .nix files
|
||||||
- `generate-initrd-keys.nix` Generates initrd hostkeys for each host if they don't exist yet (for setup)
|
|
||||||
- `generate-wireguard-keys.nix` Generates wireguard keys for each server-and-peer pair
|
- `generate-wireguard-keys.nix` Generates wireguard keys for each server-and-peer pair
|
||||||
- `show-wireguard-qr.nix` Generates a QR code for external wireguard participants
|
- `show-wireguard-qr.nix` Generates a QR code for external wireguard participants
|
||||||
- `checks.nix` pre-commit-hooks for this repository
|
- `checks.nix` pre-commit-hooks for this repository
|
||||||
|
|
@ -62,14 +61,24 @@ This is my personal nix config.
|
||||||
- create hosts/<name>
|
- create hosts/<name>
|
||||||
- fill net.nix
|
- fill net.nix
|
||||||
- fill fs.nix (you need to know the device by-id paths in advance for formatting to work!)
|
- fill fs.nix (you need to know the device by-id paths in advance for formatting to work!)
|
||||||
- generate-initrd-keys
|
- generate an initrd hostkey if necessary `ssh-keygen -t ed25519 -N "" -f /tmp/key; rage ...`
|
||||||
- generate-wireguard-keys
|
- run generate-wireguard-keys
|
||||||
|
|
||||||
#### Initial deploy
|
#### Initial deploy
|
||||||
|
|
||||||
|
A. Fresh pre-made installer ISO
|
||||||
|
|
||||||
- Create a iso disk image for the system with `nix build --print-out-paths --no-link .#installer-image-<host>`
|
- Create a iso disk image for the system with `nix build --print-out-paths --no-link .#installer-image-<host>`
|
||||||
- dd the resulting image to a stick and boot from it on the target
|
- dd the resulting image to a stick and boot from it on the target
|
||||||
- (Optional) ssh into the target (keys are already set up)
|
- (Optional) ssh into the target (keys are already set up)
|
||||||
|
|
||||||
|
B. Reusing any nixos-live iso
|
||||||
|
|
||||||
|
- Boot from live-iso and setup ssh access by writing your key to `/root/.ssh/authorized_keys`
|
||||||
|
- Copy installer package with `nix copy --to <target> .#installer-package-<host>`
|
||||||
|
|
||||||
|
Afterwards:
|
||||||
|
|
||||||
- Run `install-system` and reboot
|
- Run `install-system` and reboot
|
||||||
- Retrieve the new host identity by using `ssh-keyscan <host/ip> | grep -o 'ed25519.*' > host/<host>/secrets/host.pub`
|
- Retrieve the new host identity by using `ssh-keyscan <host/ip> | grep -o 'ed25519.*' > host/<host>/secrets/host.pub`
|
||||||
- (If the host has microvms, also retrieve their identities!)
|
- (If the host has microvms, also retrieve their identities!)
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,8 @@
|
||||||
type = "table";
|
type = "table";
|
||||||
format = "gpt";
|
format = "gpt";
|
||||||
partitions = [
|
partitions = [
|
||||||
(partEfi "efi" "0%" "512MiB")
|
(partGrub "grub" "0%" "1MiB")
|
||||||
|
(partEfi "bios" "1MiB" "512MiB")
|
||||||
(partLuksZfs "rpool" "512MiB" "100%")
|
(partLuksZfs "rpool" "512MiB" "100%")
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Binary file not shown.
|
|
@ -4,12 +4,10 @@
|
||||||
...
|
...
|
||||||
}: nodeName: nodeAttrs: let
|
}: nodeName: nodeAttrs: let
|
||||||
inherit (self.hosts.${nodeName}) system;
|
inherit (self.hosts.${nodeName}) system;
|
||||||
configuration = {
|
|
||||||
pkgs,
|
pkgs = self.pkgs.${system};
|
||||||
lib,
|
|
||||||
...
|
disko-script = pkgs.writeShellScriptBin "disko-script" "${nodeAttrs.config.system.build.diskoScript}";
|
||||||
}: let
|
|
||||||
disko = pkgs.writeShellScriptBin "disko" "${nodeAttrs.config.system.build.disko}";
|
|
||||||
disko-mount = pkgs.writeShellScriptBin "disko-mount" "${nodeAttrs.config.system.build.mountScript}";
|
disko-mount = pkgs.writeShellScriptBin "disko-mount" "${nodeAttrs.config.system.build.mountScript}";
|
||||||
disko-format = pkgs.writeShellScriptBin "disko-format" "${nodeAttrs.config.system.build.formatScript}";
|
disko-format = pkgs.writeShellScriptBin "disko-format" "${nodeAttrs.config.system.build.formatScript}";
|
||||||
|
|
||||||
|
|
@ -17,14 +15,29 @@
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
echo "Formatting disks..."
|
echo "Formatting disks..."
|
||||||
${disko}/bin/disko
|
${disko-script}/bin/disko-script
|
||||||
|
|
||||||
echo "Installing system..."
|
echo "Installing system..."
|
||||||
nixos-install --no-root-password --system ${nodeAttrs.config.system.build.toplevel}
|
nixos-install --no-root-password --system ${nodeAttrs.config.system.build.toplevel}
|
||||||
|
|
||||||
echo "Done!"
|
echo "Done!"
|
||||||
'';
|
'';
|
||||||
in {
|
|
||||||
|
installer-package = pkgs.symlinkJoin {
|
||||||
|
name = "installer-package-${nodeName}";
|
||||||
|
paths = with pkgs; [
|
||||||
|
disko-script
|
||||||
|
disko-mount
|
||||||
|
disko-format
|
||||||
|
install-system
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
configuration = {
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
isoImage.isoName = lib.mkForce "nixos-image-${nodeName}.iso";
|
isoImage.isoName = lib.mkForce "nixos-image-${nodeName}.iso";
|
||||||
system.stateVersion = self.stateVersion;
|
system.stateVersion = self.stateVersion;
|
||||||
nix.extraOptions = ''
|
nix.extraOptions = ''
|
||||||
|
|
@ -41,6 +54,8 @@
|
||||||
environment = {
|
environment = {
|
||||||
variables.EDITOR = "nvim";
|
variables.EDITOR = "nvim";
|
||||||
systemPackages = with pkgs; [
|
systemPackages = with pkgs; [
|
||||||
|
installer-package
|
||||||
|
|
||||||
neovim
|
neovim
|
||||||
git
|
git
|
||||||
tmux
|
tmux
|
||||||
|
|
@ -49,17 +64,17 @@
|
||||||
fzf
|
fzf
|
||||||
wget
|
wget
|
||||||
curl
|
curl
|
||||||
|
|
||||||
disko
|
|
||||||
disko-mount
|
|
||||||
disko-format
|
|
||||||
install-system
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
packages.${system}."installer-image-${nodeName}" = nixos-generators.nixosGenerate {
|
packages.${system} = {
|
||||||
pkgs = self.pkgs.${system};
|
# Everything required for the installer as a single package,
|
||||||
|
# so it can be used from an existing live system by copying the derivation.
|
||||||
|
# TODO can we use a unified installer iso? does that work regarding size of this package?
|
||||||
|
"installer-package-${nodeName}" = installer-package;
|
||||||
|
"installer-image-${nodeName}" = nixos-generators.nixosGenerate {
|
||||||
|
inherit pkgs;
|
||||||
modules = [
|
modules = [
|
||||||
configuration
|
configuration
|
||||||
../hosts/common/core/ssh.nix
|
../hosts/common/core/ssh.nix
|
||||||
|
|
@ -71,4 +86,5 @@ in {
|
||||||
}
|
}
|
||||||
.${system};
|
.${system};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -131,6 +131,11 @@ in rec {
|
||||||
|
|
||||||
disko = {
|
disko = {
|
||||||
gpt = {
|
gpt = {
|
||||||
|
partGrub = name: start: end: {
|
||||||
|
inherit name start end;
|
||||||
|
part-type = "primary";
|
||||||
|
flags = ["bios_grub"];
|
||||||
|
};
|
||||||
partEfi = name: start: end: {
|
partEfi = name: start: end: {
|
||||||
inherit name start end;
|
inherit name start end;
|
||||||
fs-type = "fat32";
|
fs-type = "fat32";
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue