From 5d6f91211133915234f15542157692b9931619a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Sat, 28 Dec 2024 14:11:03 +0100 Subject: [PATCH] WIP: install --- SwarselSystems.org | 219 ++++++++++++++++++++++++--- pkgs/default.nix | 1 + pkgs/swarsel-postinstall/default.nix | 7 + programs/bash/.bash_history | 2 +- scripts/swarsel-install.sh | 122 ++++++++++++--- scripts/swarsel-postinstall.sh | 74 +++++++++ 6 files changed, 375 insertions(+), 50 deletions(-) create mode 100644 pkgs/swarsel-postinstall/default.nix create mode 100644 scripts/swarsel-postinstall.sh diff --git a/SwarselSystems.org b/SwarselSystems.org index 79bcf2f..6f72a70 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -1871,7 +1871,7 @@ For added convenience, the live environment displays a helpful text on login, we Also, an initial bash history is provided to allow for a very quick local deployment: #+begin_src shell :tangle programs/bash/.bash_history -swarsel-install -f chaostheatre -d /dev/vda +swarsel-install -n chaostheatre -d /dev/vda #+end_src @@ -2176,6 +2176,7 @@ Note: The structure of generating the packages was changed in commit =2cf03a3 re "bootstrap" "swarsel-rebuild" "swarsel-install" + "swarsel-postinstall" "t2ts" "ts2t" "vershell" @@ -3261,9 +3262,13 @@ This program sets up a new NixOS host locally. set -eo pipefail target_config="chaostheatre" + target_hostname="chaostheatre" target_user="swarsel" - fs_type="ext4" - disk="" + # fs_type="ext4" + # disk="" + + # persist_dir="" + disk_encryption=0 function help_and_exit() { echo @@ -3284,6 +3289,12 @@ This program sets up a new NixOS host locally. exit 0 } + function red() { + echo -e "\x1B[31m[!] $1 \x1B[0m" + if [ -n "${2-}" ]; then + echo -e "\x1B[31m[!] $($2) \x1B[0m" + fi + } function green() { echo -e "\x1B[32m[+] $1 \x1B[0m" if [ -n "${2-}" ]; then @@ -3302,19 +3313,20 @@ This program sets up a new NixOS host locally. -n) shift target_config=$1 + target_hostname=$1 ;; -u) shift target_user=$1 ;; - -t) - shift - fs_type=$1 - ;; - -d) - shift - disk=$1 - ;; + # -t) + # shift + # fs_type=$1 + # ;; + # -d) + # shift + # disk=$1 + # ;; -h | --help) help_and_exit ;; ,*) echo "Invalid option detected." @@ -3324,14 +3336,57 @@ This program sets up a new NixOS host locally. shift done + function cleanup() { + sudo rm -rf .cache/nix + sudo rm -rf /root/.cache/nix + } + trap cleanup exit + + green "~SwarselSystems~ remote installer" + cd /home/"$target_user" + sudo rm -rf /root/.cache/nix sudo rm -rf .cache/nix sudo rm -rf .dotfiles green "Cloning repository from GitHub" git clone https://github.com/Swarsel/.dotfiles.git + green "Reading system information for $target_config ..." + DISK="$(nix eval --raw ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.rootDisk)" + green "Root Disk: $DISK" + + CRYPTED="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isCrypted)" + if [[ $CRYPTED == "true" ]]; then + green "Encryption: ✓" + disk_encryption=1 + else + red "Encryption: X" + disk_encryption=0 + fi + + IMPERMANENCE="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isImpermanence)" + if [[ $IMPERMANENCE == "true" ]]; then + green "Impermanence: ✓" + else + red "Impermanence: X" + fi + + SWAP="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isSwap)" + if [[ $SWAP == "true" ]]; then + green "Swap: ✓" + else + red "Swap: X" + fi + + SECUREBOOT="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isSecureBoot)" + if [[ $SECUREBOOT == "true" ]]; then + green "Secure Boot: ✓" + else + red "Secure Boot: X" + fi + local_keys=$(ssh-add -L || true) pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/nbl-imba-2.pub) read -ra pub_arr <<< "$pub_key" @@ -3346,25 +3401,46 @@ This program sets up a new NixOS host locally. green "Valid SSH key found! Continuing with installation" fi - green "Creating /boot partition" - sudo parted -a optimal --script "$disk" mklabel gpt - sudo parted -a optimal --script "$disk" mkpart "boot" fat32 1MiB 1025MiB - sudo parted -a optimal --script "$disk" set 1 esp on + if [ "$disk_encryption" -eq 1 ]; then + while true; do + green "Set disk encryption passphrase:" + read -rs luks_passphrase + green "Please confirm passphrase:" + read -rs luks_passphrase_confirm + if [[ $luks_passphrase == "$luks_passphrase_confirm" ]]; then + echo "$luks_passphrase" > /tmp/disko-password + break + else + red "Passwords do not match" + fi + done + fi + + green "Setting up disk" + sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks + + # green "Creating /boot partition" + # sudo parted -a optimal --script "$disk" mklabel gpt + # sudo parted -a optimal --script "$disk" mkpart "boot" fat32 1MiB 1025MiB + # sudo parted -a optimal --script "$disk" set 1 esp on - green "Creating / partition" - sudo parted -a optimal --script "$disk" mkpart "root" "$fs_type" 1025MiB 100% - sudo parted -a optimal --script "$disk" type 2 4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709 + # green "Creating / partition" + # sudo parted -a optimal --script "$disk" mkpart "root" "$fs_type" 1025MiB 100% + # sudo parted -a optimal --script "$disk" type 2 4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709 - green "Ensuring proper file systems" - sudo mkfs.fat -F32 "$disk"1 - sudo mkfs."${fs_type}" -F "$disk"2 + # green "Ensuring proper file systems" + # sudo mkfs.fat -F32 "$disk"1 + # sudo mkfs."${fs_type}" -F "$disk"2 green "Generating hardware configuration" - sudo mount "$disk"2 /mnt - sudo mkdir -p /mnt/boot - sudo mount "$disk"1 /mnt/boot + # sudo mount "$DISK"2 /mnt + # sudo mkdir -p /mnt/boot + # sudo mount "$DISK"1 /mnt/boot sudo nixos-generate-config --root /mnt --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/ + green "Injecting initialSetup" + sudo sed -i '/ boot.extraModulePackages /a \ swarselsystems.initialSetup = true;' /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix + git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix # sudo rm -rf /root/.nix-defexpr/channels # sudo rm -rf /nix/var/nix/profiles/per-user/channels @@ -3372,7 +3448,6 @@ This program sets up a new NixOS host locally. printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | sudo tee /root/.local/share/nix/trusted-settings.json > /dev/null green "Installing flake $target_config" sudo nixos-install --flake .#"$target_config" - yellow "Please keep in mind that this is only a demo of the configuration. Things might break unexpectedly." green "Installation finished! Reboot to see changes" #+end_src @@ -3388,6 +3463,100 @@ This program sets up a new NixOS host locally. } #+end_src +**** swarsel-postinstall + +This program sets up a new NixOS host locally. + +#+begin_src shell :tangle scripts/swarsel-postinstall.sh + set -eo pipefail + + target_config="chaostheatre" + target_user="swarsel" + + function help_and_exit() { + echo + echo "Locally installs SwarselSystem on this machine." + echo + echo "USAGE: $0 -d [OPTIONS]" + echo + echo "ARGS:" + echo " -d specify disk to install on." + echo " -n specify the nixos config to deploy." + echo " Default: chaostheatre" + echo " Default: chaostheatre" + echo " -u specify user to deploy for." + echo " Default: swarsel" + echo " -h | --help Print this help." + exit 0 + } + + function green() { + echo -e "\x1B[32m[+] $1 \x1B[0m" + if [ -n "${2-}" ]; then + echo -e "\x1B[32m[+] $($2) \x1B[0m" + fi + } + + while [[ $# -gt 0 ]]; do + case "$1" in + -n) + shift + target_config=$1 + ;; + -u) + shift + target_user=$1 + ;; + -h | --help) help_and_exit ;; + ,*) + echo "Invalid option detected." + help_and_exit + ;; + esac + shift + done + + function cleanup() { + sudo rm -rf .cache/nix + sudo rm -rf /root/.cache/nix + } + trap cleanup exit + + sudo rm -rf .cache/nix + sudo rm -rf /root/.cache/nix + + green "~SwarselSystems~ remote post-installer" + + cd /home/"$target_user"/.dotfiles + + SECUREBOOT="$(nix eval ~/.dotfiles#nixosConfigurations."$target_config".config.swarselsystems.isSecureBoot)" + + if [[ $SECUREBOOT == "true" ]]; then + green "Setting up secure boot keys" + sudo mkdir -p /var/lib/sbctl + sbctl create-keys || true + sbctl enroll-keys --ignore-immutable --microsoft || true + fi + + green "Disabling initialSetup" + sed -i '/swarselsystems\.initialSetup = true;/d' /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix + sudo nixos-rebuild --flake .#"$target_config" switch + green "Post-install finished!" + +#+end_src + + + +#+begin_src nix :tangle pkgs/swarsel-postinstall/default.nix + { writeShellApplication, git }: + + writeShellApplication { + name = "swarsel-postinstall"; + runtimeInputs = [ git ]; + text = builtins.readFile ../../scripts/swarsel-postinstall.sh; + } +#+end_src + **** t2ts :PROPERTIES: :CUSTOM_ID: h:5ad99997-e54c-4f0b-9ab7-15f76b1e16e1 diff --git a/pkgs/default.nix b/pkgs/default.nix index 2e02ba0..5491cf6 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -19,6 +19,7 @@ let "bootstrap" "swarsel-rebuild" "swarsel-install" + "swarsel-postinstall" "t2ts" "ts2t" "vershell" diff --git a/pkgs/swarsel-postinstall/default.nix b/pkgs/swarsel-postinstall/default.nix new file mode 100644 index 0000000..6191846 --- /dev/null +++ b/pkgs/swarsel-postinstall/default.nix @@ -0,0 +1,7 @@ +{ writeShellApplication, git }: + +writeShellApplication { + name = "swarsel-postinstall"; + runtimeInputs = [ git ]; + text = builtins.readFile ../../scripts/swarsel-postinstall.sh; +} diff --git a/programs/bash/.bash_history b/programs/bash/.bash_history index 6ede487..3e70bc2 100644 --- a/programs/bash/.bash_history +++ b/programs/bash/.bash_history @@ -1 +1 @@ -swarsel-install -f chaostheatre -d /dev/vda +swarsel-install -n chaostheatre -d /dev/vda diff --git a/scripts/swarsel-install.sh b/scripts/swarsel-install.sh index 729b62c..df6be89 100644 --- a/scripts/swarsel-install.sh +++ b/scripts/swarsel-install.sh @@ -1,9 +1,13 @@ set -eo pipefail target_config="chaostheatre" +target_hostname="chaostheatre" target_user="swarsel" -fs_type="ext4" -disk="" +# fs_type="ext4" +# disk="" + +# persist_dir="" +disk_encryption=0 function help_and_exit() { echo @@ -24,6 +28,12 @@ function help_and_exit() { exit 0 } +function red() { + echo -e "\x1B[31m[!] $1 \x1B[0m" + if [ -n "${2-}" ]; then + echo -e "\x1B[31m[!] $($2) \x1B[0m" + fi +} function green() { echo -e "\x1B[32m[+] $1 \x1B[0m" if [ -n "${2-}" ]; then @@ -42,19 +52,20 @@ while [[ $# -gt 0 ]]; do -n) shift target_config=$1 + target_hostname=$1 ;; -u) shift target_user=$1 ;; - -t) - shift - fs_type=$1 - ;; - -d) - shift - disk=$1 - ;; + # -t) + # shift + # fs_type=$1 + # ;; + # -d) + # shift + # disk=$1 + # ;; -h | --help) help_and_exit ;; *) echo "Invalid option detected." @@ -64,14 +75,57 @@ while [[ $# -gt 0 ]]; do shift done +function cleanup() { + sudo rm -rf .cache/nix + sudo rm -rf /root/.cache/nix +} +trap cleanup exit + +green "~SwarselSystems~ remote installer" + cd /home/"$target_user" +sudo rm -rf /root/.cache/nix sudo rm -rf .cache/nix sudo rm -rf .dotfiles green "Cloning repository from GitHub" git clone https://github.com/Swarsel/.dotfiles.git +green "Reading system information for $target_config ..." +DISK="$(nix eval --raw ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.rootDisk)" +green "Root Disk: $DISK" + +CRYPTED="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isCrypted)" +if [[ $CRYPTED == "true" ]]; then + green "Encryption: ✓" + disk_encryption=1 +else + red "Encryption: X" + disk_encryption=0 +fi + +IMPERMANENCE="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isImpermanence)" +if [[ $IMPERMANENCE == "true" ]]; then + green "Impermanence: ✓" +else + red "Impermanence: X" +fi + +SWAP="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isSwap)" +if [[ $SWAP == "true" ]]; then + green "Swap: ✓" +else + red "Swap: X" +fi + +SECUREBOOT="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isSecureBoot)" +if [[ $SECUREBOOT == "true" ]]; then + green "Secure Boot: ✓" +else + red "Secure Boot: X" +fi + local_keys=$(ssh-add -L || true) pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/nbl-imba-2.pub) read -ra pub_arr <<< "$pub_key" @@ -86,25 +140,46 @@ else green "Valid SSH key found! Continuing with installation" fi -green "Creating /boot partition" -sudo parted -a optimal --script "$disk" mklabel gpt -sudo parted -a optimal --script "$disk" mkpart "boot" fat32 1MiB 1025MiB -sudo parted -a optimal --script "$disk" set 1 esp on +if [ "$disk_encryption" -eq 1 ]; then + while true; do + green "Set disk encryption passphrase:" + read -rs luks_passphrase + green "Please confirm passphrase:" + read -rs luks_passphrase_confirm + if [[ $luks_passphrase == "$luks_passphrase_confirm" ]]; then + echo "$luks_passphrase" > /tmp/disko-password + break + else + red "Passwords do not match" + fi + done +fi -green "Creating / partition" -sudo parted -a optimal --script "$disk" mkpart "root" "$fs_type" 1025MiB 100% -sudo parted -a optimal --script "$disk" type 2 4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709 +green "Setting up disk" +sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks -green "Ensuring proper file systems" -sudo mkfs.fat -F32 "$disk"1 -sudo mkfs."${fs_type}" -F "$disk"2 +# green "Creating /boot partition" +# sudo parted -a optimal --script "$disk" mklabel gpt +# sudo parted -a optimal --script "$disk" mkpart "boot" fat32 1MiB 1025MiB +# sudo parted -a optimal --script "$disk" set 1 esp on + +# green "Creating / partition" +# sudo parted -a optimal --script "$disk" mkpart "root" "$fs_type" 1025MiB 100% +# sudo parted -a optimal --script "$disk" type 2 4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709 + +# green "Ensuring proper file systems" +# sudo mkfs.fat -F32 "$disk"1 +# sudo mkfs."${fs_type}" -F "$disk"2 green "Generating hardware configuration" -sudo mount "$disk"2 /mnt -sudo mkdir -p /mnt/boot -sudo mount "$disk"1 /mnt/boot +# sudo mount "$DISK"2 /mnt +# sudo mkdir -p /mnt/boot +# sudo mount "$DISK"1 /mnt/boot sudo nixos-generate-config --root /mnt --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/ +green "Injecting initialSetup" +sudo sed -i '/ boot.extraModulePackages /a \ swarselsystems.initialSetup = true;' /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix + git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix # sudo rm -rf /root/.nix-defexpr/channels # sudo rm -rf /nix/var/nix/profiles/per-user/channels @@ -112,5 +187,4 @@ sudo mkdir -p /root/.local/share/nix/ printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | sudo tee /root/.local/share/nix/trusted-settings.json > /dev/null green "Installing flake $target_config" sudo nixos-install --flake .#"$target_config" -yellow "Please keep in mind that this is only a demo of the configuration. Things might break unexpectedly." green "Installation finished! Reboot to see changes" diff --git a/scripts/swarsel-postinstall.sh b/scripts/swarsel-postinstall.sh new file mode 100644 index 0000000..f7d41bf --- /dev/null +++ b/scripts/swarsel-postinstall.sh @@ -0,0 +1,74 @@ +set -eo pipefail + +target_config="chaostheatre" +target_user="swarsel" + +function help_and_exit() { + echo + echo "Locally installs SwarselSystem on this machine." + echo + echo "USAGE: $0 -d [OPTIONS]" + echo + echo "ARGS:" + echo " -d specify disk to install on." + echo " -n specify the nixos config to deploy." + echo " Default: chaostheatre" + echo " Default: chaostheatre" + echo " -u specify user to deploy for." + echo " Default: swarsel" + echo " -h | --help Print this help." + exit 0 +} + +function green() { + echo -e "\x1B[32m[+] $1 \x1B[0m" + if [ -n "${2-}" ]; then + echo -e "\x1B[32m[+] $($2) \x1B[0m" + fi +} + +while [[ $# -gt 0 ]]; do + case "$1" in + -n) + shift + target_config=$1 + ;; + -u) + shift + target_user=$1 + ;; + -h | --help) help_and_exit ;; + *) + echo "Invalid option detected." + help_and_exit + ;; + esac + shift +done + +function cleanup() { + sudo rm -rf .cache/nix + sudo rm -rf /root/.cache/nix +} +trap cleanup exit + +sudo rm -rf .cache/nix +sudo rm -rf /root/.cache/nix + +green "~SwarselSystems~ remote post-installer" + +cd /home/"$target_user"/.dotfiles + +SECUREBOOT="$(nix eval ~/.dotfiles#nixosConfigurations."$target_config".config.swarselsystems.isSecureBoot)" + +if [[ $SECUREBOOT == "true" ]]; then + green "Setting up secure boot keys" + sudo mkdir -p /var/lib/sbctl + sbctl create-keys || true + sbctl enroll-keys --ignore-immutable --microsoft || true +fi + +green "Disabling initialSetup" +sed -i '/swarselsystems\.initialSetup = true;/d' /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix +sudo nixos-rebuild --flake .#"$target_config" switch +green "Post-install finished!"