diff --git a/flake.nix b/flake.nix index db98184..91817dc 100644 --- a/flake.nix +++ b/flake.nix @@ -102,7 +102,9 @@ flask-excel iot-data nixfiles-add-secret + nixfiles-auto-install nixfiles-generate-backup-secrets + nixfiles-generate-config nixfiles-updated-inputs nixfiles-update-ssh-host-keys pyexcel-xlsx diff --git a/hosts/_iso/configuration.nix b/hosts/_iso/configuration.nix index 97cab1e..88ccf9c 100644 --- a/hosts/_iso/configuration.nix +++ b/hosts/_iso/configuration.nix @@ -1,72 +1,6 @@ { pkgs, lib, modulesPath, ... }: -let - nixfiles-auto-install = pkgs.writeScriptBin "nixfiles-auto-install" '' - #!${pkgs.bash}/bin/bash - set -euo pipefail - - hostname=host''${RANDOM} - - echo "[I] Deploying with hostname ''${hostname}" - - device="" - for dev in "/dev/vda" "/dev/sda"; do - if [[ -b $dev ]]; then - device=$dev - break - fi - done - - while [[ $# -gt 0 ]]; do - case $1 in - --hostname) - hostname=$2 - shift - shift - ;; - *) - echo "unknown option: $1" - exit 1 - ;; - esac - done - - echo "[I] Formatting disk" - - if [[ -z $device ]]; then - echo "[E] No device to install to" - exit 1 - fi - - echo "[I] Using ''${device}" - - parted --script $device mklabel gpt - parted --script $device disk_set pmbr_boot on - - parted --script $device mkpart boot 0% 512M - parted --script $device set 1 bios_grub on - - parted --script $device mkpart root 512M 100% - - echo "[I] Creating file system" - - mkfs.ext4 -F ''${device}2 - - echo "[I] Mount file system" - - mount ''${device}2 /mnt - - echo "[I] Generate NixOS configuration" - - nixfiles-generate-config --root /mnt --hostname ''${hostname} - - sed -i "s~# boot\.loader\.grub\.device = \"/dev/sda\";~boot\.loader\.grub\.device = \"''${device}\";~g" /mnt/etc/nixos/hosts/''${hostname}/configuration.nix - - echo "[I] Install NixOS" - - nixos-install --flake /mnt/etc/nixos#''${hostname} --root /mnt --no-root-password - ''; -in { +{ imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-base.nix") ]; @@ -74,7 +8,7 @@ in { networking.hostName = "isowo"; isoImage.isoBaseName = "nixos-isowo"; - environment.systemPackages = [ + environment.systemPackages = with pkgs; [ nixfiles-auto-install ]; } diff --git a/modules/nixfiles/default.nix b/modules/nixfiles/default.nix index 07fcfc9..03e1bc5 100644 --- a/modules/nixfiles/default.nix +++ b/modules/nixfiles/default.nix @@ -2,16 +2,7 @@ with lib; -let - nixfiles-generate-config = pkgs.writeShellApplication { - name = "nixfiles-generate-config"; - text = builtins.readFile ./nixfiles-generate-config.sh; - runtimeInputs = [ - pkgs.git - ]; - checkPhase = ""; - }; -in { +{ options.clerie.nixfiles.enable = mkEnableOption "clerie nixfiles tools"; config = mkIf config.clerie.nixfiles.enable { system.nixos-generate-config.configuration = '' @@ -37,7 +28,7 @@ in { } ''; - environment.systemPackages = [ + environment.systemPackages = with pkgs; [ nixfiles-generate-config ]; }; diff --git a/pkgs/nixfiles/nixfiles-auto-install.nix b/pkgs/nixfiles/nixfiles-auto-install.nix new file mode 100644 index 0000000..70e5d90 --- /dev/null +++ b/pkgs/nixfiles/nixfiles-auto-install.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: + +pkgs.writeShellApplication { + name = "nixfiles-auto-install"; + text = builtins.readFile ./nixfiles-auto-install.sh; + runtimeInputs = with pkgs; [ + git + nixfiles-generate-config + nixos-install-tools + ]; +} diff --git a/pkgs/nixfiles/nixfiles-auto-install.sh b/pkgs/nixfiles/nixfiles-auto-install.sh new file mode 100644 index 0000000..a095477 --- /dev/null +++ b/pkgs/nixfiles/nixfiles-auto-install.sh @@ -0,0 +1,113 @@ +#!/usr/bin/env bash + +set -euo pipefail + +hostname="" +device="" +no_confirm="" + +while [[ $# -gt 0 ]]; do + case $1 in + --hostname) + hostname=$2 + shift + shift + ;; + --device) + device=$2 + shift + shift + ;; + --no-confirm) + no_confirm=1 + shift + ;; + *) + echo "unknown option: $1" + exit 1 + ;; + esac +done + +echo "" +echo " This is clerie's nixfiles auto install for new hosts" +echo " It will do dangerous things like format your disk" +echo " So be careful when using it" +echo "" + +if [[ -z $no_confirm ]]; then + read -e -r -p "Continue?" confirm + echo "$confirm" > /dev/null +fi + +if [[ -z $hostname ]]; then + fallback_hostname="host${RANDOM}" + read -e -r -p "Hostname [$fallback_hostname]: " hostname + if [[ -z $hostname ]]; then + hostname=$fallback_hostname + fi +fi + +echo "[I] Deploying with hostname ${hostname}" + +if [[ -z $device ]]; then + device="/dev/sda" + while true; do + read -e -r -p "Disk [$device]: " dev + if [[ -z $dev ]]; then + dev=$device + fi + + if [[ -b $dev ]]; then + device=$dev + break + else + echo "[E] Disk $dev does not exist" + fi + done +fi + +echo "[I] Deploying on disk ${device}" + +if [[ -z $no_confirm ]]; then + read -e -r -p "Deploy host?" deploy + echo "$deploy" > /dev/null +fi + +echo "[I] Formatting disk" + +if [[ ! -b $device ]]; then + echo "Disk $device does not exist" + exit 1 +fi + +echo "[I] Using ${device}" + +parted --script "$device" mklabel gpt +parted --script "$device" disk_set pmbr_boot on + +parted --script "$device" mkpart boot 0% 512M +parted --script "$device" set 1 bios_grub on + +parted --script "$device" mkpart root 512M 100% + +echo "[I] Creating file system" + +mkfs.ext4 -F "${device}2" + +echo "[I] Mount file system" + +mount "${device}2" /mnt + +echo "[I] Generate NixOS configuration" + +nixfiles-generate-config --root /mnt --hostname "${hostname}" + +sed -i "s~# boot\.loader\.grub\.device = \"/dev/sda\";~boot\.loader\.grub\.device = \"${device}\";~g" "/mnt/etc/nixos/hosts/${hostname}/configuration.nix" + +echo "[I] Install NixOS" + +export NIX_CONFIG=<(echo "experimental-features = flakes nix-command\nsubstituters = https://nix-cache.clerie.de\ntrusted-public-keys = nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=\n" ) + +nixos-install --flake "/mnt/etc/nixos#${hostname}" --root /mnt --no-root-password + diff --git a/pkgs/nixfiles/nixfiles-generate-config.nix b/pkgs/nixfiles/nixfiles-generate-config.nix new file mode 100644 index 0000000..4c98b3b --- /dev/null +++ b/pkgs/nixfiles/nixfiles-generate-config.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: + +pkgs.writeShellApplication { + name = "nixfiles-generate-config"; + text = builtins.readFile ./nixfiles-generate-config.sh; + runtimeInputs = with pkgs; [ + git + ]; + checkPhase = ""; +} diff --git a/modules/nixfiles/nixfiles-generate-config.sh b/pkgs/nixfiles/nixfiles-generate-config.sh old mode 100644 new mode 100755 similarity index 100% rename from modules/nixfiles/nixfiles-generate-config.sh rename to pkgs/nixfiles/nixfiles-generate-config.sh diff --git a/pkgs/nixfiles/nixfiles-update-ssh-host-keys.sh b/pkgs/nixfiles/nixfiles-update-ssh-host-keys.sh index e1298f4..ef27713 100755 --- a/pkgs/nixfiles/nixfiles-update-ssh-host-keys.sh +++ b/pkgs/nixfiles/nixfiles-update-ssh-host-keys.sh @@ -4,5 +4,9 @@ cd "$(git rev-parse --show-toplevel)" for host in $(nix eval --apply 'attrs: builtins.concatStringsSep "\n" (builtins.filter (name: (builtins.substring 0 1 name) != "_") (builtins.attrNames attrs))' --raw .#clerie.hosts); do echo "$host" - ssh-keyscan -t ed25519 "${host}.net.clerie.de" 2>/dev/null | sed -E 's/(\S+) (.+)/\2/g' > "hosts/${host}/ssh.pub" + ssh_key=$(ssh-keyscan -t ed25519 "${host}.net.clerie.de" 2>/dev/null | sed -E 's/(\S+) (.+)/\2/g' || true) + if [[ -n "$ssh_key" ]]; then + echo "$ssh_key" + echo "$ssh_key" > "hosts/${host}/ssh.pub" + fi done diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix index af97541..44e57ef 100644 --- a/pkgs/overlay.nix +++ b/pkgs/overlay.nix @@ -3,7 +3,9 @@ self: super: { flask-excel = self.python3.pkgs.callPackage ./flask-excel {}; iot-data = self.python3.pkgs.callPackage ./iot-data {}; nixfiles-add-secret = self.callPackage ./nixfiles/nixfiles-add-secret.nix {}; + nixfiles-auto-install = self.callPackage ./nixfiles/nixfiles-auto-install.nix {}; nixfiles-generate-backup-secrets = self.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {}; + nixfiles-generate-config = self.callPackage ./nixfiles/nixfiles-generate-config.nix {}; nixfiles-updated-inputs = self.callPackage ./nixfiles/nixfiles-updated-inputs.nix {}; nixfiles-update-ssh-host-keys = self.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {}; pyexcel-xlsx = self.python3.pkgs.callPackage ./pyexcel-xlsx {};