From 4f467299d1e91e4d329cf5819b2ee20e8a93a06c Mon Sep 17 00:00:00 2001 From: clerie Date: Fri, 20 Oct 2023 21:21:04 +0200 Subject: [PATCH 1/7] flake.lock: update nixpkgs --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index a3ab83c..e942b57 100644 --- a/flake.lock +++ b/flake.lock @@ -225,11 +225,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1693985761, - "narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=", + "lastModified": 1697456312, + "narHash": "sha256-roiSnrqb5r+ehnKCauPLugoU8S36KgmWraHgRqVYndo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0bffda19b8af722f8069d09d8b6a24594c80b352", + "rev": "ca012a02bf8327be9e488546faecae5e05d7d749", "type": "github" }, "original": { From 30cc2e4f158889cd9f1deaacccb9ebd516677edf Mon Sep 17 00:00:00 2001 From: clerie Date: Fri, 20 Oct 2023 22:14:00 +0200 Subject: [PATCH 2/7] pkgs/nixfiles: update ssh host keys only if they are not empty --- pkgs/nixfiles/nixfiles-update-ssh-host-keys.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pkgs/nixfiles/nixfiles-update-ssh-host-keys.sh b/pkgs/nixfiles/nixfiles-update-ssh-host-keys.sh index e1298f4..ef27713 100755 --- a/pkgs/nixfiles/nixfiles-update-ssh-host-keys.sh +++ b/pkgs/nixfiles/nixfiles-update-ssh-host-keys.sh @@ -4,5 +4,9 @@ cd "$(git rev-parse --show-toplevel)" for host in $(nix eval --apply 'attrs: builtins.concatStringsSep "\n" (builtins.filter (name: (builtins.substring 0 1 name) != "_") (builtins.attrNames attrs))' --raw .#clerie.hosts); do echo "$host" - ssh-keyscan -t ed25519 "${host}.net.clerie.de" 2>/dev/null | sed -E 's/(\S+) (.+)/\2/g' > "hosts/${host}/ssh.pub" + ssh_key=$(ssh-keyscan -t ed25519 "${host}.net.clerie.de" 2>/dev/null | sed -E 's/(\S+) (.+)/\2/g' || true) + if [[ -n "$ssh_key" ]]; then + echo "$ssh_key" + echo "$ssh_key" > "hosts/${host}/ssh.pub" + fi done From b9af028fa72d8683f6f39b59372baf48ac54851b Mon Sep 17 00:00:00 2001 From: clerie Date: Fri, 20 Oct 2023 22:57:33 +0200 Subject: [PATCH 3/7] pkgs/nixfiles: expose nixfiles-generate-config as pkg --- flake.nix | 1 + modules/nixfiles/default.nix | 13 ++----------- pkgs/nixfiles/nixfiles-generate-config.nix | 10 ++++++++++ .../nixfiles/nixfiles-generate-config.sh | 0 pkgs/overlay.nix | 1 + 5 files changed, 14 insertions(+), 11 deletions(-) create mode 100644 pkgs/nixfiles/nixfiles-generate-config.nix rename {modules => pkgs}/nixfiles/nixfiles-generate-config.sh (100%) mode change 100644 => 100755 diff --git a/flake.nix b/flake.nix index db98184..da93c48 100644 --- a/flake.nix +++ b/flake.nix @@ -103,6 +103,7 @@ iot-data nixfiles-add-secret nixfiles-generate-backup-secrets + nixfiles-generate-config nixfiles-updated-inputs nixfiles-update-ssh-host-keys pyexcel-xlsx diff --git a/modules/nixfiles/default.nix b/modules/nixfiles/default.nix index 07fcfc9..03e1bc5 100644 --- a/modules/nixfiles/default.nix +++ b/modules/nixfiles/default.nix @@ -2,16 +2,7 @@ with lib; -let - nixfiles-generate-config = pkgs.writeShellApplication { - name = "nixfiles-generate-config"; - text = builtins.readFile ./nixfiles-generate-config.sh; - runtimeInputs = [ - pkgs.git - ]; - checkPhase = ""; - }; -in { +{ options.clerie.nixfiles.enable = mkEnableOption "clerie nixfiles tools"; config = mkIf config.clerie.nixfiles.enable { system.nixos-generate-config.configuration = '' @@ -37,7 +28,7 @@ in { } ''; - environment.systemPackages = [ + environment.systemPackages = with pkgs; [ nixfiles-generate-config ]; }; diff --git a/pkgs/nixfiles/nixfiles-generate-config.nix b/pkgs/nixfiles/nixfiles-generate-config.nix new file mode 100644 index 0000000..4c98b3b --- /dev/null +++ b/pkgs/nixfiles/nixfiles-generate-config.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: + +pkgs.writeShellApplication { + name = "nixfiles-generate-config"; + text = builtins.readFile ./nixfiles-generate-config.sh; + runtimeInputs = with pkgs; [ + git + ]; + checkPhase = ""; +} diff --git a/modules/nixfiles/nixfiles-generate-config.sh b/pkgs/nixfiles/nixfiles-generate-config.sh old mode 100644 new mode 100755 similarity index 100% rename from modules/nixfiles/nixfiles-generate-config.sh rename to pkgs/nixfiles/nixfiles-generate-config.sh diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix index af97541..c3327ae 100644 --- a/pkgs/overlay.nix +++ b/pkgs/overlay.nix @@ -4,6 +4,7 @@ self: super: { iot-data = self.python3.pkgs.callPackage ./iot-data {}; nixfiles-add-secret = self.callPackage ./nixfiles/nixfiles-add-secret.nix {}; nixfiles-generate-backup-secrets = self.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {}; + nixfiles-generate-config = self.callPackage ./nixfiles/nixfiles-generate-config.nix {}; nixfiles-updated-inputs = self.callPackage ./nixfiles/nixfiles-updated-inputs.nix {}; nixfiles-update-ssh-host-keys = self.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {}; pyexcel-xlsx = self.python3.pkgs.callPackage ./pyexcel-xlsx {}; From 24b8e750b5aa3b049a9b570fc60a3cef5acf3418 Mon Sep 17 00:00:00 2001 From: clerie Date: Fri, 20 Oct 2023 23:45:43 +0200 Subject: [PATCH 4/7] pkgs/nixfiles: move nixfiles-auto-install to pkg --- flake.nix | 1 + hosts/_iso/configuration.nix | 70 +------------------------ pkgs/nixfiles/nixfiles-auto-install.nix | 9 ++++ pkgs/nixfiles/nixfiles-auto-install.sh | 65 +++++++++++++++++++++++ pkgs/overlay.nix | 1 + 5 files changed, 78 insertions(+), 68 deletions(-) create mode 100644 pkgs/nixfiles/nixfiles-auto-install.nix create mode 100644 pkgs/nixfiles/nixfiles-auto-install.sh diff --git a/flake.nix b/flake.nix index da93c48..91817dc 100644 --- a/flake.nix +++ b/flake.nix @@ -102,6 +102,7 @@ flask-excel iot-data nixfiles-add-secret + nixfiles-auto-install nixfiles-generate-backup-secrets nixfiles-generate-config nixfiles-updated-inputs diff --git a/hosts/_iso/configuration.nix b/hosts/_iso/configuration.nix index 97cab1e..88ccf9c 100644 --- a/hosts/_iso/configuration.nix +++ b/hosts/_iso/configuration.nix @@ -1,72 +1,6 @@ { pkgs, lib, modulesPath, ... }: -let - nixfiles-auto-install = pkgs.writeScriptBin "nixfiles-auto-install" '' - #!${pkgs.bash}/bin/bash - set -euo pipefail - - hostname=host''${RANDOM} - - echo "[I] Deploying with hostname ''${hostname}" - - device="" - for dev in "/dev/vda" "/dev/sda"; do - if [[ -b $dev ]]; then - device=$dev - break - fi - done - - while [[ $# -gt 0 ]]; do - case $1 in - --hostname) - hostname=$2 - shift - shift - ;; - *) - echo "unknown option: $1" - exit 1 - ;; - esac - done - - echo "[I] Formatting disk" - - if [[ -z $device ]]; then - echo "[E] No device to install to" - exit 1 - fi - - echo "[I] Using ''${device}" - - parted --script $device mklabel gpt - parted --script $device disk_set pmbr_boot on - - parted --script $device mkpart boot 0% 512M - parted --script $device set 1 bios_grub on - - parted --script $device mkpart root 512M 100% - - echo "[I] Creating file system" - - mkfs.ext4 -F ''${device}2 - - echo "[I] Mount file system" - - mount ''${device}2 /mnt - - echo "[I] Generate NixOS configuration" - - nixfiles-generate-config --root /mnt --hostname ''${hostname} - - sed -i "s~# boot\.loader\.grub\.device = \"/dev/sda\";~boot\.loader\.grub\.device = \"''${device}\";~g" /mnt/etc/nixos/hosts/''${hostname}/configuration.nix - - echo "[I] Install NixOS" - - nixos-install --flake /mnt/etc/nixos#''${hostname} --root /mnt --no-root-password - ''; -in { +{ imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-base.nix") ]; @@ -74,7 +8,7 @@ in { networking.hostName = "isowo"; isoImage.isoBaseName = "nixos-isowo"; - environment.systemPackages = [ + environment.systemPackages = with pkgs; [ nixfiles-auto-install ]; } diff --git a/pkgs/nixfiles/nixfiles-auto-install.nix b/pkgs/nixfiles/nixfiles-auto-install.nix new file mode 100644 index 0000000..0758aee --- /dev/null +++ b/pkgs/nixfiles/nixfiles-auto-install.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: + +pkgs.writeShellApplication { + name = "nixfiles-auto-install"; + text = builtins.readFile ./nixfiles-auto-install.sh; + runtimeInputs = with pkgs; [ + nixfiles-generate-config + ]; +} diff --git a/pkgs/nixfiles/nixfiles-auto-install.sh b/pkgs/nixfiles/nixfiles-auto-install.sh new file mode 100644 index 0000000..040201d --- /dev/null +++ b/pkgs/nixfiles/nixfiles-auto-install.sh @@ -0,0 +1,65 @@ +#!/usr/bin/env bash + +set -euo pipefail + +hostname=host${RANDOM} + +echo "[I] Deploying with hostname ${hostname}" + +device="" +for dev in "/dev/vda" "/dev/sda"; do + if [[ -b $dev ]]; then + device=$dev + break + fi +done + +while [[ $# -gt 0 ]]; do + case $1 in + --hostname) + hostname=$2 + shift + shift + ;; + *) + echo "unknown option: $1" + exit 1 + ;; + esac +done + +echo "[I] Formatting disk" + +if [[ -z $device ]]; then + echo "[E] No device to install to" + exit 1 +fi + +echo "[I] Using ${device}" + +parted --script $device mklabel gpt +parted --script $device disk_set pmbr_boot on + +parted --script $device mkpart boot 0% 512M +parted --script $device set 1 bios_grub on + +parted --script $device mkpart root 512M 100% + +echo "[I] Creating file system" + +mkfs.ext4 -F ${device}2 + +echo "[I] Mount file system" + +mount ${device}2 /mnt + +echo "[I] Generate NixOS configuration" + +nixfiles-generate-config --root /mnt --hostname "${hostname}" + +sed -i "s~# boot\.loader\.grub\.device = \"/dev/sda\";~boot\.loader\.grub\.device = \"${device}\";~g" "/mnt/etc/nixos/hosts/${hostname}/configuration.nix" + +echo "[I] Install NixOS" + +nixos-install --flake "/mnt/etc/nixos#${hostname}" --root /mnt --no-root-password + diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix index c3327ae..44e57ef 100644 --- a/pkgs/overlay.nix +++ b/pkgs/overlay.nix @@ -3,6 +3,7 @@ self: super: { flask-excel = self.python3.pkgs.callPackage ./flask-excel {}; iot-data = self.python3.pkgs.callPackage ./iot-data {}; nixfiles-add-secret = self.callPackage ./nixfiles/nixfiles-add-secret.nix {}; + nixfiles-auto-install = self.callPackage ./nixfiles/nixfiles-auto-install.nix {}; nixfiles-generate-backup-secrets = self.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {}; nixfiles-generate-config = self.callPackage ./nixfiles/nixfiles-generate-config.nix {}; nixfiles-updated-inputs = self.callPackage ./nixfiles/nixfiles-updated-inputs.nix {}; From 71aa9f31a0217997d5cf04f38140a0226ebdd163 Mon Sep 17 00:00:00 2001 From: clerie Date: Sat, 21 Oct 2023 00:19:00 +0200 Subject: [PATCH 5/7] pkgs/nixfiles: make nixfiles-auto-install interactive --- pkgs/nixfiles/nixfiles-auto-install.sh | 84 ++++++++++++++++++++------ 1 file changed, 65 insertions(+), 19 deletions(-) diff --git a/pkgs/nixfiles/nixfiles-auto-install.sh b/pkgs/nixfiles/nixfiles-auto-install.sh index 040201d..7456b75 100644 --- a/pkgs/nixfiles/nixfiles-auto-install.sh +++ b/pkgs/nixfiles/nixfiles-auto-install.sh @@ -2,17 +2,9 @@ set -euo pipefail -hostname=host${RANDOM} - -echo "[I] Deploying with hostname ${hostname}" - +hostname="" device="" -for dev in "/dev/vda" "/dev/sda"; do - if [[ -b $dev ]]; then - device=$dev - break - fi -done +no_confirm="" while [[ $# -gt 0 ]]; do case $1 in @@ -21,6 +13,15 @@ while [[ $# -gt 0 ]]; do shift shift ;; + --device) + device=$2 + shift + shift + ;; + --no-confirm) + no_confirm=1 + shift + ;; *) echo "unknown option: $1" exit 1 @@ -28,30 +29,75 @@ while [[ $# -gt 0 ]]; do esac done -echo "[I] Formatting disk" +echo "" +echo " This is clerie's nixfiles auto install for new hosts" +echo " It will do dangerous things like format your disk" +echo " So be careful when using it" +echo "" + +if [[ -z $no_confirm ]]; then + read -e -r -p "Continue?" confirm + echo "$confirm" > /dev/null +fi + +if [[ -z $hostname ]]; then + fallback_hostname="host${RANDOM}" + read -e -r -p "Hostname [$fallback_hostname]: " hostname + if [[ -z $hostname ]]; then + hostname=$fallback_hostname + fi +fi + +echo "[I] Deploying with hostname ${hostname}" if [[ -z $device ]]; then - echo "[E] No device to install to" + device="/dev/sda" + while true; do + read -e -r -p "Disk [$device]: " dev + if [[ -z $dev ]]; then + dev=$device + fi + + if [[ -b $dev ]]; then + device=$dev + break + else + echo "[E] Disk $dev does not exist" + fi + done +fi + +echo "[I] Deploying on disk ${device}" + +if [[ -z $no_confirm ]]; then + read -e -r -p "Deploy host?" deploy + echo "$deploy" > /dev/null +fi + +echo "[I] Formatting disk" + +if [[ ! -b $device ]]; then + echo "Disk $device does not exist" exit 1 fi echo "[I] Using ${device}" -parted --script $device mklabel gpt -parted --script $device disk_set pmbr_boot on +parted --script "$device" mklabel gpt +parted --script "$device" disk_set pmbr_boot on -parted --script $device mkpart boot 0% 512M -parted --script $device set 1 bios_grub on +parted --script "$device" mkpart boot 0% 512M +parted --script "$device" set 1 bios_grub on -parted --script $device mkpart root 512M 100% +parted --script "$device" mkpart root 512M 100% echo "[I] Creating file system" -mkfs.ext4 -F ${device}2 +mkfs.ext4 -F "${device}2" echo "[I] Mount file system" -mount ${device}2 /mnt +mount "${device}2" /mnt echo "[I] Generate NixOS configuration" From c68343dea712ef43b249a3e4ca37ca90d5a3c465 Mon Sep 17 00:00:00 2001 From: clerie Date: Sat, 21 Oct 2023 00:42:05 +0200 Subject: [PATCH 6/7] pkgs/nixfiles: nixfiles-auto-install add dependencies --- pkgs/nixfiles/nixfiles-auto-install.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/nixfiles/nixfiles-auto-install.nix b/pkgs/nixfiles/nixfiles-auto-install.nix index 0758aee..70e5d90 100644 --- a/pkgs/nixfiles/nixfiles-auto-install.nix +++ b/pkgs/nixfiles/nixfiles-auto-install.nix @@ -4,6 +4,8 @@ pkgs.writeShellApplication { name = "nixfiles-auto-install"; text = builtins.readFile ./nixfiles-auto-install.sh; runtimeInputs = with pkgs; [ + git nixfiles-generate-config + nixos-install-tools ]; } From d300f2cbe8cd079104b93da67cb7d056efe0b126 Mon Sep 17 00:00:00 2001 From: clerie Date: Sat, 21 Oct 2023 01:11:44 +0200 Subject: [PATCH 7/7] pkgs/nixfiles: nixfiles-auto-install use custom nix config --- pkgs/nixfiles/nixfiles-auto-install.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/nixfiles/nixfiles-auto-install.sh b/pkgs/nixfiles/nixfiles-auto-install.sh index 7456b75..a095477 100644 --- a/pkgs/nixfiles/nixfiles-auto-install.sh +++ b/pkgs/nixfiles/nixfiles-auto-install.sh @@ -107,5 +107,7 @@ sed -i "s~# boot\.loader\.grub\.device = \"/dev/sda\";~boot\.loader\.grub\.devic echo "[I] Install NixOS" +export NIX_CONFIG=<(echo "experimental-features = flakes nix-command\nsubstituters = https://nix-cache.clerie.de\ntrusted-public-keys = nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=\n" ) + nixos-install --flake "/mnt/etc/nixos#${hostname}" --root /mnt --no-root-password