feat: add ability to copy installer scripts to existing live systems

README.md

@@ -34,7 +34,6 @@ This is my personal nix config.
     - `default.nix` Collects all apps and generates a definition for a specified system
     - `draw-graph.nix` (**WIP:** infrastructure graph renderer)
     - `format-secrets.nix` Runs the code formatter on the secret .nix files
-    - `generate-initrd-keys.nix` Generates initrd hostkeys for each host if they don't exist yet (for setup)
     - `generate-wireguard-keys.nix` Generates wireguard keys for each server-and-peer pair
     - `show-wireguard-qr.nix` Generates a QR code for external wireguard participants
   - `checks.nix` pre-commit-hooks for this repository
@@ -62,14 +61,24 @@ This is my personal nix config.
 - create hosts/<name>
 - fill net.nix
 - fill fs.nix (you need to know the device by-id paths in advance for formatting to work!)
-- generate-initrd-keys
+- generate an initrd hostkey if necessary `ssh-keygen -t ed25519 -N "" -f /tmp/key; rage ...`
-- generate-wireguard-keys
+- run generate-wireguard-keys
 
 #### Initial deploy
 
+A. Fresh pre-made installer ISO
+
 - Create a iso disk image for the system with `nix build --print-out-paths --no-link .#installer-image-<host>`
 - dd the resulting image to a stick and boot from it on the target
 - (Optional) ssh into the target (keys are already set up)
+
+B. Reusing any nixos-live iso
+
+- Boot from live-iso and setup ssh access by writing your key to `/root/.ssh/authorized_keys`
+- Copy installer package with `nix copy --to <target> .#installer-package-<host>`
+
+Afterwards:
+
 - Run `install-system` and reboot
 - Retrieve the new host identity by using `ssh-keyscan <host/ip> | grep -o 'ed25519.*' > host/<host>/secrets/host.pub`
 - (If the host has microvms, also retrieve their identities!)

hosts/sentinel/fs.nix

@@ -14,7 +14,8 @@
           type = "table";
           format = "gpt";
           partitions = [
-            (partEfi "efi" "0%" "512MiB")
+            (partGrub "grub" "0%" "1MiB")
+            (partEfi "bios" "1MiB" "512MiB")
             (partLuksZfs "rpool" "512MiB" "100%")
           ];
         };

nix/generate-installer.nix

@@ -4,27 +4,40 @@
   ...
 }: nodeName: nodeAttrs: let
   inherit (self.hosts.${nodeName}) system;
+
+  pkgs = self.pkgs.${system};
+
+  disko-script = pkgs.writeShellScriptBin "disko-script" "${nodeAttrs.config.system.build.diskoScript}";
+  disko-mount = pkgs.writeShellScriptBin "disko-mount" "${nodeAttrs.config.system.build.mountScript}";
+  disko-format = pkgs.writeShellScriptBin "disko-format" "${nodeAttrs.config.system.build.formatScript}";
+
+  install-system = pkgs.writeShellScriptBin "install-system" ''
+    set -euo pipefail
+
+    echo "Formatting disks..."
+    ${disko-script}/bin/disko-script
+
+    echo "Installing system..."
+    nixos-install --no-root-password --system ${nodeAttrs.config.system.build.toplevel}
+
+    echo "Done!"
+  '';
+
+  installer-package = pkgs.symlinkJoin {
+    name = "installer-package-${nodeName}";
+    paths = with pkgs; [
+      disko-script
+      disko-mount
+      disko-format
+      install-system
+    ];
+  };
+
   configuration = {
     pkgs,
     lib,
     ...
-  }: let
+  }: {
-    disko = pkgs.writeShellScriptBin "disko" "${nodeAttrs.config.system.build.disko}";
-    disko-mount = pkgs.writeShellScriptBin "disko-mount" "${nodeAttrs.config.system.build.mountScript}";
-    disko-format = pkgs.writeShellScriptBin "disko-format" "${nodeAttrs.config.system.build.formatScript}";
-
-    install-system = pkgs.writeShellScriptBin "install-system" ''
-      set -euo pipefail
-
-      echo "Formatting disks..."
-      ${disko}/bin/disko
-
-      echo "Installing system..."
-      nixos-install --no-root-password --system ${nodeAttrs.config.system.build.toplevel}
-
-      echo "Done!"
-    '';
-  in {
     isoImage.isoName = lib.mkForce "nixos-image-${nodeName}.iso";
     system.stateVersion = self.stateVersion;
     nix.extraOptions = ''
@@ -41,6 +54,8 @@
     environment = {
       variables.EDITOR = "nvim";
       systemPackages = with pkgs; [
+        installer-package
+
         neovim
         git
         tmux
@@ -49,26 +64,27 @@
         fzf
         wget
         curl
-
-        disko
-        disko-mount
-        disko-format
-        install-system
       ];
     };
   };
 in {
-  packages.${system}."installer-image-${nodeName}" = nixos-generators.nixosGenerate {
+  packages.${system} = {
-    pkgs = self.pkgs.${system};
+    # Everything required for the installer as a single package,
-    modules = [
+    # so it can be used from an existing live system by copying the derivation.
-      configuration
+    # TODO can we use a unified installer iso? does that work regarding size of this package?
-      ../hosts/common/core/ssh.nix
+    "installer-package-${nodeName}" = installer-package;
-    ];
+    "installer-image-${nodeName}" = nixos-generators.nixosGenerate {
-    format =
+      inherit pkgs;
-      {
+      modules = [
-        x86_64-linux = "install-iso";
+        configuration
-        aarch64-linux = "sd-aarch64-installer";
+        ../hosts/common/core/ssh.nix
-      }
+      ];
-      .${system};
+      format =
+        {
+          x86_64-linux = "install-iso";
+          aarch64-linux = "sd-aarch64-installer";
+        }
+        .${system};
+    };
   };
 }

nix/lib.nix

@@ -131,6 +131,11 @@ in rec {
 
   disko = {
     gpt = {
+      partGrub = name: start: end: {
+        inherit name start end;
+        part-type = "primary";
+        flags = ["bios_grub"];
+      };
       partEfi = name: start: end: {
         inherit name start end;
         fs-type = "fat32";