Compare commits
No commits in common. "31b1622eb1f8ae2b3624934e8f1964fff0ad0e57" and "65999c4dfd47ad995b2aa1e19b984dc0b585ec01" have entirely different histories.
31b1622eb1
...
65999c4dfd
18
flake.lock
18
flake.lock
@ -215,11 +215,11 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs-krypton": {
|
"nixpkgs-krypton": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1697723726,
|
"lastModified": 1697456312,
|
||||||
"narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=",
|
"narHash": "sha256-roiSnrqb5r+ehnKCauPLugoU8S36KgmWraHgRqVYndo=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "7c9cc5a6e5d38010801741ac830a3f8fd667a7a0",
|
"rev": "ca012a02bf8327be9e488546faecae5e05d7d749",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -231,11 +231,11 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs-schule": {
|
"nixpkgs-schule": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1697723726,
|
"lastModified": 1697456312,
|
||||||
"narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=",
|
"narHash": "sha256-roiSnrqb5r+ehnKCauPLugoU8S36KgmWraHgRqVYndo=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "7c9cc5a6e5d38010801741ac830a3f8fd667a7a0",
|
"rev": "ca012a02bf8327be9e488546faecae5e05d7d749",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -247,11 +247,11 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1697723726,
|
"lastModified": 1697456312,
|
||||||
"narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=",
|
"narHash": "sha256-roiSnrqb5r+ehnKCauPLugoU8S36KgmWraHgRqVYndo=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "7c9cc5a6e5d38010801741ac830a3f8fd667a7a0",
|
"rev": "ca012a02bf8327be9e488546faecae5e05d7d749",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -102,9 +102,7 @@
|
|||||||
flask-excel
|
flask-excel
|
||||||
iot-data
|
iot-data
|
||||||
nixfiles-add-secret
|
nixfiles-add-secret
|
||||||
nixfiles-auto-install
|
|
||||||
nixfiles-generate-backup-secrets
|
nixfiles-generate-backup-secrets
|
||||||
nixfiles-generate-config
|
|
||||||
nixfiles-updated-inputs
|
nixfiles-updated-inputs
|
||||||
nixfiles-update-ssh-host-keys
|
nixfiles-update-ssh-host-keys
|
||||||
pyexcel-xlsx
|
pyexcel-xlsx
|
||||||
|
@ -1,6 +1,72 @@
|
|||||||
{ pkgs, lib, modulesPath, ... }:
|
{ pkgs, lib, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
let
|
||||||
|
nixfiles-auto-install = pkgs.writeScriptBin "nixfiles-auto-install" ''
|
||||||
|
#!${pkgs.bash}/bin/bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
hostname=host''${RANDOM}
|
||||||
|
|
||||||
|
echo "[I] Deploying with hostname ''${hostname}"
|
||||||
|
|
||||||
|
device=""
|
||||||
|
for dev in "/dev/vda" "/dev/sda"; do
|
||||||
|
if [[ -b $dev ]]; then
|
||||||
|
device=$dev
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
while [[ $# -gt 0 ]]; do
|
||||||
|
case $1 in
|
||||||
|
--hostname)
|
||||||
|
hostname=$2
|
||||||
|
shift
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "unknown option: $1"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "[I] Formatting disk"
|
||||||
|
|
||||||
|
if [[ -z $device ]]; then
|
||||||
|
echo "[E] No device to install to"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "[I] Using ''${device}"
|
||||||
|
|
||||||
|
parted --script $device mklabel gpt
|
||||||
|
parted --script $device disk_set pmbr_boot on
|
||||||
|
|
||||||
|
parted --script $device mkpart boot 0% 512M
|
||||||
|
parted --script $device set 1 bios_grub on
|
||||||
|
|
||||||
|
parted --script $device mkpart root 512M 100%
|
||||||
|
|
||||||
|
echo "[I] Creating file system"
|
||||||
|
|
||||||
|
mkfs.ext4 -F ''${device}2
|
||||||
|
|
||||||
|
echo "[I] Mount file system"
|
||||||
|
|
||||||
|
mount ''${device}2 /mnt
|
||||||
|
|
||||||
|
echo "[I] Generate NixOS configuration"
|
||||||
|
|
||||||
|
nixfiles-generate-config --root /mnt --hostname ''${hostname}
|
||||||
|
|
||||||
|
sed -i "s~# boot\.loader\.grub\.device = \"/dev/sda\";~boot\.loader\.grub\.device = \"''${device}\";~g" /mnt/etc/nixos/hosts/''${hostname}/configuration.nix
|
||||||
|
|
||||||
|
echo "[I] Install NixOS"
|
||||||
|
|
||||||
|
nixos-install --flake /mnt/etc/nixos#''${hostname} --root /mnt --no-root-password
|
||||||
|
'';
|
||||||
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
(modulesPath + "/installer/cd-dvd/installation-cd-base.nix")
|
(modulesPath + "/installer/cd-dvd/installation-cd-base.nix")
|
||||||
];
|
];
|
||||||
@ -8,7 +74,7 @@
|
|||||||
networking.hostName = "isowo";
|
networking.hostName = "isowo";
|
||||||
isoImage.isoBaseName = "nixos-isowo";
|
isoImage.isoBaseName = "nixos-isowo";
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = [
|
||||||
nixfiles-auto-install
|
nixfiles-auto-install
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
@ -2,7 +2,16 @@
|
|||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
{
|
let
|
||||||
|
nixfiles-generate-config = pkgs.writeShellApplication {
|
||||||
|
name = "nixfiles-generate-config";
|
||||||
|
text = builtins.readFile ./nixfiles-generate-config.sh;
|
||||||
|
runtimeInputs = [
|
||||||
|
pkgs.git
|
||||||
|
];
|
||||||
|
checkPhase = "";
|
||||||
|
};
|
||||||
|
in {
|
||||||
options.clerie.nixfiles.enable = mkEnableOption "clerie nixfiles tools";
|
options.clerie.nixfiles.enable = mkEnableOption "clerie nixfiles tools";
|
||||||
config = mkIf config.clerie.nixfiles.enable {
|
config = mkIf config.clerie.nixfiles.enable {
|
||||||
system.nixos-generate-config.configuration = ''
|
system.nixos-generate-config.configuration = ''
|
||||||
@ -28,7 +37,7 @@ with lib;
|
|||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = [
|
||||||
nixfiles-generate-config
|
nixfiles-generate-config
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
0
pkgs/nixfiles/nixfiles-generate-config.sh → modules/nixfiles/nixfiles-generate-config.sh
Executable file → Normal file
0
pkgs/nixfiles/nixfiles-generate-config.sh → modules/nixfiles/nixfiles-generate-config.sh
Executable file → Normal file
@ -1,11 +0,0 @@
|
|||||||
{ pkgs, ... }:
|
|
||||||
|
|
||||||
pkgs.writeShellApplication {
|
|
||||||
name = "nixfiles-auto-install";
|
|
||||||
text = builtins.readFile ./nixfiles-auto-install.sh;
|
|
||||||
runtimeInputs = with pkgs; [
|
|
||||||
git
|
|
||||||
nixfiles-generate-config
|
|
||||||
nixos-install-tools
|
|
||||||
];
|
|
||||||
}
|
|
@ -1,113 +0,0 @@
|
|||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
hostname=""
|
|
||||||
device=""
|
|
||||||
no_confirm=""
|
|
||||||
|
|
||||||
while [[ $# -gt 0 ]]; do
|
|
||||||
case $1 in
|
|
||||||
--hostname)
|
|
||||||
hostname=$2
|
|
||||||
shift
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
--device)
|
|
||||||
device=$2
|
|
||||||
shift
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
--no-confirm)
|
|
||||||
no_confirm=1
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "unknown option: $1"
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
echo ""
|
|
||||||
echo " This is clerie's nixfiles auto install for new hosts"
|
|
||||||
echo " It will do dangerous things like format your disk"
|
|
||||||
echo " So be careful when using it"
|
|
||||||
echo ""
|
|
||||||
|
|
||||||
if [[ -z $no_confirm ]]; then
|
|
||||||
read -e -r -p "Continue?" confirm
|
|
||||||
echo "$confirm" > /dev/null
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ -z $hostname ]]; then
|
|
||||||
fallback_hostname="host${RANDOM}"
|
|
||||||
read -e -r -p "Hostname [$fallback_hostname]: " hostname
|
|
||||||
if [[ -z $hostname ]]; then
|
|
||||||
hostname=$fallback_hostname
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "[I] Deploying with hostname ${hostname}"
|
|
||||||
|
|
||||||
if [[ -z $device ]]; then
|
|
||||||
device="/dev/sda"
|
|
||||||
while true; do
|
|
||||||
read -e -r -p "Disk [$device]: " dev
|
|
||||||
if [[ -z $dev ]]; then
|
|
||||||
dev=$device
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ -b $dev ]]; then
|
|
||||||
device=$dev
|
|
||||||
break
|
|
||||||
else
|
|
||||||
echo "[E] Disk $dev does not exist"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "[I] Deploying on disk ${device}"
|
|
||||||
|
|
||||||
if [[ -z $no_confirm ]]; then
|
|
||||||
read -e -r -p "Deploy host?" deploy
|
|
||||||
echo "$deploy" > /dev/null
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "[I] Formatting disk"
|
|
||||||
|
|
||||||
if [[ ! -b $device ]]; then
|
|
||||||
echo "Disk $device does not exist"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "[I] Using ${device}"
|
|
||||||
|
|
||||||
parted --script "$device" mklabel gpt
|
|
||||||
parted --script "$device" disk_set pmbr_boot on
|
|
||||||
|
|
||||||
parted --script "$device" mkpart boot 0% 512M
|
|
||||||
parted --script "$device" set 1 bios_grub on
|
|
||||||
|
|
||||||
parted --script "$device" mkpart root 512M 100%
|
|
||||||
|
|
||||||
echo "[I] Creating file system"
|
|
||||||
|
|
||||||
mkfs.ext4 -F "${device}2"
|
|
||||||
|
|
||||||
echo "[I] Mount file system"
|
|
||||||
|
|
||||||
mount "${device}2" /mnt
|
|
||||||
|
|
||||||
echo "[I] Generate NixOS configuration"
|
|
||||||
|
|
||||||
nixfiles-generate-config --root /mnt --hostname "${hostname}"
|
|
||||||
|
|
||||||
sed -i "s~# boot\.loader\.grub\.device = \"/dev/sda\";~boot\.loader\.grub\.device = \"${device}\";~g" "/mnt/etc/nixos/hosts/${hostname}/configuration.nix"
|
|
||||||
|
|
||||||
echo "[I] Install NixOS"
|
|
||||||
|
|
||||||
export NIX_CONFIG=<(echo "experimental-features = flakes nix-command\nsubstituters = https://nix-cache.clerie.de\ntrusted-public-keys = nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=\n" )
|
|
||||||
|
|
||||||
nixos-install --flake "/mnt/etc/nixos#${hostname}" --root /mnt --no-root-password
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
{ pkgs, ... }:
|
|
||||||
|
|
||||||
pkgs.writeShellApplication {
|
|
||||||
name = "nixfiles-generate-config";
|
|
||||||
text = builtins.readFile ./nixfiles-generate-config.sh;
|
|
||||||
runtimeInputs = with pkgs; [
|
|
||||||
git
|
|
||||||
];
|
|
||||||
checkPhase = "";
|
|
||||||
}
|
|
@ -4,9 +4,5 @@ cd "$(git rev-parse --show-toplevel)"
|
|||||||
|
|
||||||
for host in $(nix eval --apply 'attrs: builtins.concatStringsSep "\n" (builtins.filter (name: (builtins.substring 0 1 name) != "_") (builtins.attrNames attrs))' --raw .#clerie.hosts); do
|
for host in $(nix eval --apply 'attrs: builtins.concatStringsSep "\n" (builtins.filter (name: (builtins.substring 0 1 name) != "_") (builtins.attrNames attrs))' --raw .#clerie.hosts); do
|
||||||
echo "$host"
|
echo "$host"
|
||||||
ssh_key=$(ssh-keyscan -t ed25519 "${host}.net.clerie.de" 2>/dev/null | sed -E 's/(\S+) (.+)/\2/g' || true)
|
ssh-keyscan -t ed25519 "${host}.net.clerie.de" 2>/dev/null | sed -E 's/(\S+) (.+)/\2/g' > "hosts/${host}/ssh.pub"
|
||||||
if [[ -n "$ssh_key" ]]; then
|
|
||||||
echo "$ssh_key"
|
|
||||||
echo "$ssh_key" > "hosts/${host}/ssh.pub"
|
|
||||||
fi
|
|
||||||
done
|
done
|
||||||
|
@ -3,9 +3,7 @@ self: super: {
|
|||||||
flask-excel = self.python3.pkgs.callPackage ./flask-excel {};
|
flask-excel = self.python3.pkgs.callPackage ./flask-excel {};
|
||||||
iot-data = self.python3.pkgs.callPackage ./iot-data {};
|
iot-data = self.python3.pkgs.callPackage ./iot-data {};
|
||||||
nixfiles-add-secret = self.callPackage ./nixfiles/nixfiles-add-secret.nix {};
|
nixfiles-add-secret = self.callPackage ./nixfiles/nixfiles-add-secret.nix {};
|
||||||
nixfiles-auto-install = self.callPackage ./nixfiles/nixfiles-auto-install.nix {};
|
|
||||||
nixfiles-generate-backup-secrets = self.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
|
nixfiles-generate-backup-secrets = self.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
|
||||||
nixfiles-generate-config = self.callPackage ./nixfiles/nixfiles-generate-config.nix {};
|
|
||||||
nixfiles-updated-inputs = self.callPackage ./nixfiles/nixfiles-updated-inputs.nix {};
|
nixfiles-updated-inputs = self.callPackage ./nixfiles/nixfiles-updated-inputs.nix {};
|
||||||
nixfiles-update-ssh-host-keys = self.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
|
nixfiles-update-ssh-host-keys = self.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
|
||||||
pyexcel-xlsx = self.python3.pkgs.callPackage ./pyexcel-xlsx {};
|
pyexcel-xlsx = self.python3.pkgs.callPackage ./pyexcel-xlsx {};
|
||||||
|
Loading…
Reference in New Issue
Block a user