1
0

Compare commits

...

9 Commits

10 changed files with 156 additions and 89 deletions

View File

@ -215,11 +215,11 @@
}, },
"nixpkgs-krypton": { "nixpkgs-krypton": {
"locked": { "locked": {
"lastModified": 1697456312, "lastModified": 1697723726,
"narHash": "sha256-roiSnrqb5r+ehnKCauPLugoU8S36KgmWraHgRqVYndo=", "narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ca012a02bf8327be9e488546faecae5e05d7d749", "rev": "7c9cc5a6e5d38010801741ac830a3f8fd667a7a0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -231,11 +231,11 @@
}, },
"nixpkgs-schule": { "nixpkgs-schule": {
"locked": { "locked": {
"lastModified": 1697456312, "lastModified": 1697723726,
"narHash": "sha256-roiSnrqb5r+ehnKCauPLugoU8S36KgmWraHgRqVYndo=", "narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ca012a02bf8327be9e488546faecae5e05d7d749", "rev": "7c9cc5a6e5d38010801741ac830a3f8fd667a7a0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -247,11 +247,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1697456312, "lastModified": 1697723726,
"narHash": "sha256-roiSnrqb5r+ehnKCauPLugoU8S36KgmWraHgRqVYndo=", "narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ca012a02bf8327be9e488546faecae5e05d7d749", "rev": "7c9cc5a6e5d38010801741ac830a3f8fd667a7a0",
"type": "github" "type": "github"
}, },
"original": { "original": {

View File

@ -102,7 +102,9 @@
flask-excel flask-excel
iot-data iot-data
nixfiles-add-secret nixfiles-add-secret
nixfiles-auto-install
nixfiles-generate-backup-secrets nixfiles-generate-backup-secrets
nixfiles-generate-config
nixfiles-updated-inputs nixfiles-updated-inputs
nixfiles-update-ssh-host-keys nixfiles-update-ssh-host-keys
pyexcel-xlsx pyexcel-xlsx

View File

@ -1,72 +1,6 @@
{ pkgs, lib, modulesPath, ... }: { pkgs, lib, modulesPath, ... }:
let {
nixfiles-auto-install = pkgs.writeScriptBin "nixfiles-auto-install" ''
#!${pkgs.bash}/bin/bash
set -euo pipefail
hostname=host''${RANDOM}
echo "[I] Deploying with hostname ''${hostname}"
device=""
for dev in "/dev/vda" "/dev/sda"; do
if [[ -b $dev ]]; then
device=$dev
break
fi
done
while [[ $# -gt 0 ]]; do
case $1 in
--hostname)
hostname=$2
shift
shift
;;
*)
echo "unknown option: $1"
exit 1
;;
esac
done
echo "[I] Formatting disk"
if [[ -z $device ]]; then
echo "[E] No device to install to"
exit 1
fi
echo "[I] Using ''${device}"
parted --script $device mklabel gpt
parted --script $device disk_set pmbr_boot on
parted --script $device mkpart boot 0% 512M
parted --script $device set 1 bios_grub on
parted --script $device mkpart root 512M 100%
echo "[I] Creating file system"
mkfs.ext4 -F ''${device}2
echo "[I] Mount file system"
mount ''${device}2 /mnt
echo "[I] Generate NixOS configuration"
nixfiles-generate-config --root /mnt --hostname ''${hostname}
sed -i "s~# boot\.loader\.grub\.device = \"/dev/sda\";~boot\.loader\.grub\.device = \"''${device}\";~g" /mnt/etc/nixos/hosts/''${hostname}/configuration.nix
echo "[I] Install NixOS"
nixos-install --flake /mnt/etc/nixos#''${hostname} --root /mnt --no-root-password
'';
in {
imports = [ imports = [
(modulesPath + "/installer/cd-dvd/installation-cd-base.nix") (modulesPath + "/installer/cd-dvd/installation-cd-base.nix")
]; ];
@ -74,7 +8,7 @@ in {
networking.hostName = "isowo"; networking.hostName = "isowo";
isoImage.isoBaseName = "nixos-isowo"; isoImage.isoBaseName = "nixos-isowo";
environment.systemPackages = [ environment.systemPackages = with pkgs; [
nixfiles-auto-install nixfiles-auto-install
]; ];
} }

View File

@ -2,16 +2,7 @@
with lib; with lib;
let {
nixfiles-generate-config = pkgs.writeShellApplication {
name = "nixfiles-generate-config";
text = builtins.readFile ./nixfiles-generate-config.sh;
runtimeInputs = [
pkgs.git
];
checkPhase = "";
};
in {
options.clerie.nixfiles.enable = mkEnableOption "clerie nixfiles tools"; options.clerie.nixfiles.enable = mkEnableOption "clerie nixfiles tools";
config = mkIf config.clerie.nixfiles.enable { config = mkIf config.clerie.nixfiles.enable {
system.nixos-generate-config.configuration = '' system.nixos-generate-config.configuration = ''
@ -37,7 +28,7 @@ in {
} }
''; '';
environment.systemPackages = [ environment.systemPackages = with pkgs; [
nixfiles-generate-config nixfiles-generate-config
]; ];
}; };

View File

@ -0,0 +1,11 @@
{ pkgs, ... }:
pkgs.writeShellApplication {
name = "nixfiles-auto-install";
text = builtins.readFile ./nixfiles-auto-install.sh;
runtimeInputs = with pkgs; [
git
nixfiles-generate-config
nixos-install-tools
];
}

View File

@ -0,0 +1,113 @@
#!/usr/bin/env bash
set -euo pipefail
hostname=""
device=""
no_confirm=""
while [[ $# -gt 0 ]]; do
case $1 in
--hostname)
hostname=$2
shift
shift
;;
--device)
device=$2
shift
shift
;;
--no-confirm)
no_confirm=1
shift
;;
*)
echo "unknown option: $1"
exit 1
;;
esac
done
echo ""
echo " This is clerie's nixfiles auto install for new hosts"
echo " It will do dangerous things like format your disk"
echo " So be careful when using it"
echo ""
if [[ -z $no_confirm ]]; then
read -e -r -p "Continue?" confirm
echo "$confirm" > /dev/null
fi
if [[ -z $hostname ]]; then
fallback_hostname="host${RANDOM}"
read -e -r -p "Hostname [$fallback_hostname]: " hostname
if [[ -z $hostname ]]; then
hostname=$fallback_hostname
fi
fi
echo "[I] Deploying with hostname ${hostname}"
if [[ -z $device ]]; then
device="/dev/sda"
while true; do
read -e -r -p "Disk [$device]: " dev
if [[ -z $dev ]]; then
dev=$device
fi
if [[ -b $dev ]]; then
device=$dev
break
else
echo "[E] Disk $dev does not exist"
fi
done
fi
echo "[I] Deploying on disk ${device}"
if [[ -z $no_confirm ]]; then
read -e -r -p "Deploy host?" deploy
echo "$deploy" > /dev/null
fi
echo "[I] Formatting disk"
if [[ ! -b $device ]]; then
echo "Disk $device does not exist"
exit 1
fi
echo "[I] Using ${device}"
parted --script "$device" mklabel gpt
parted --script "$device" disk_set pmbr_boot on
parted --script "$device" mkpart boot 0% 512M
parted --script "$device" set 1 bios_grub on
parted --script "$device" mkpart root 512M 100%
echo "[I] Creating file system"
mkfs.ext4 -F "${device}2"
echo "[I] Mount file system"
mount "${device}2" /mnt
echo "[I] Generate NixOS configuration"
nixfiles-generate-config --root /mnt --hostname "${hostname}"
sed -i "s~# boot\.loader\.grub\.device = \"/dev/sda\";~boot\.loader\.grub\.device = \"${device}\";~g" "/mnt/etc/nixos/hosts/${hostname}/configuration.nix"
echo "[I] Install NixOS"
export NIX_CONFIG=<(echo "experimental-features = flakes nix-command\nsubstituters = https://nix-cache.clerie.de\ntrusted-public-keys = nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=\n" )
nixos-install --flake "/mnt/etc/nixos#${hostname}" --root /mnt --no-root-password

View File

@ -0,0 +1,10 @@
{ pkgs, ... }:
pkgs.writeShellApplication {
name = "nixfiles-generate-config";
text = builtins.readFile ./nixfiles-generate-config.sh;
runtimeInputs = with pkgs; [
git
];
checkPhase = "";
}

View File

@ -4,5 +4,9 @@ cd "$(git rev-parse --show-toplevel)"
for host in $(nix eval --apply 'attrs: builtins.concatStringsSep "\n" (builtins.filter (name: (builtins.substring 0 1 name) != "_") (builtins.attrNames attrs))' --raw .#clerie.hosts); do for host in $(nix eval --apply 'attrs: builtins.concatStringsSep "\n" (builtins.filter (name: (builtins.substring 0 1 name) != "_") (builtins.attrNames attrs))' --raw .#clerie.hosts); do
echo "$host" echo "$host"
ssh-keyscan -t ed25519 "${host}.net.clerie.de" 2>/dev/null | sed -E 's/(\S+) (.+)/\2/g' > "hosts/${host}/ssh.pub" ssh_key=$(ssh-keyscan -t ed25519 "${host}.net.clerie.de" 2>/dev/null | sed -E 's/(\S+) (.+)/\2/g' || true)
if [[ -n "$ssh_key" ]]; then
echo "$ssh_key"
echo "$ssh_key" > "hosts/${host}/ssh.pub"
fi
done done

View File

@ -3,7 +3,9 @@ self: super: {
flask-excel = self.python3.pkgs.callPackage ./flask-excel {}; flask-excel = self.python3.pkgs.callPackage ./flask-excel {};
iot-data = self.python3.pkgs.callPackage ./iot-data {}; iot-data = self.python3.pkgs.callPackage ./iot-data {};
nixfiles-add-secret = self.callPackage ./nixfiles/nixfiles-add-secret.nix {}; nixfiles-add-secret = self.callPackage ./nixfiles/nixfiles-add-secret.nix {};
nixfiles-auto-install = self.callPackage ./nixfiles/nixfiles-auto-install.nix {};
nixfiles-generate-backup-secrets = self.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {}; nixfiles-generate-backup-secrets = self.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
nixfiles-generate-config = self.callPackage ./nixfiles/nixfiles-generate-config.nix {};
nixfiles-updated-inputs = self.callPackage ./nixfiles/nixfiles-updated-inputs.nix {}; nixfiles-updated-inputs = self.callPackage ./nixfiles/nixfiles-updated-inputs.nix {};
nixfiles-update-ssh-host-keys = self.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {}; nixfiles-update-ssh-host-keys = self.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
pyexcel-xlsx = self.python3.pkgs.callPackage ./pyexcel-xlsx {}; pyexcel-xlsx = self.python3.pkgs.callPackage ./pyexcel-xlsx {};