From 7a75ef238a62760891e8ac89ec356d1126925c3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Sat, 28 Dec 2024 14:11:03 +0100 Subject: [PATCH] WIP: install --- SwarselSystems.org | 123 +++++++++++++++++++++++++++++------- programs/bash/.bash_history | 2 +- scripts/swarsel-install.sh | 121 ++++++++++++++++++++++++++++------- 3 files changed, 198 insertions(+), 48 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 79bcf2f..f14e06f 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -1871,7 +1871,7 @@ For added convenience, the live environment displays a helpful text on login, we Also, an initial bash history is provided to allow for a very quick local deployment: #+begin_src shell :tangle programs/bash/.bash_history -swarsel-install -f chaostheatre -d /dev/vda +swarsel-install -n chaostheatre -d /dev/vda #+end_src @@ -3261,9 +3261,13 @@ This program sets up a new NixOS host locally. set -eo pipefail target_config="chaostheatre" + target_hostname="chaostheatre" target_user="swarsel" - fs_type="ext4" - disk="" + # fs_type="ext4" + # disk="" + + # persist_dir="" + disk_encryption=0 function help_and_exit() { echo @@ -3284,6 +3288,12 @@ This program sets up a new NixOS host locally. exit 0 } + function red() { + echo -e "\x1B[31m[!] $1 \x1B[0m" + if [ -n "${2-}" ]; then + echo -e "\x1B[31m[!] $($2) \x1B[0m" + fi + } function green() { echo -e "\x1B[32m[+] $1 \x1B[0m" if [ -n "${2-}" ]; then @@ -3302,19 +3312,20 @@ This program sets up a new NixOS host locally. -n) shift target_config=$1 + target_hostname=$1 ;; -u) shift target_user=$1 ;; - -t) - shift - fs_type=$1 - ;; - -d) - shift - disk=$1 - ;; + # -t) + # shift + # fs_type=$1 + # ;; + # -d) + # shift + # disk=$1 + # ;; -h | --help) help_and_exit ;; ,*) echo "Invalid option detected." @@ -3324,14 +3335,57 @@ This program sets up a new NixOS host locally. shift done + function cleanup() { + sudo rm -rf .cache/nix + sudo rm -rf /root/.cache/nix + } + trap cleanup exit + + green "~SwarselSystems~ remote installer" + cd /home/"$target_user" + sudo rm -rf /root/.cache/nix sudo rm -rf .cache/nix sudo rm -rf .dotfiles green "Cloning repository from GitHub" git clone https://github.com/Swarsel/.dotfiles.git + green "Reading system information for $target_config ..." + DISK="$(nix eval --raw ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.rootDisk)" + green "Root Disk: $DISK" + + CRYPTED="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isCrypted)" + if [[ $CRYPTED == "true" ]]; then + green "Encryption: ✓" + disk_encryption=1 + else + red "Encryption: X" + disk_encryption=0 + fi + + IMPERMANENCE="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isImpermanence)" + if [[ $IMPERMANENCE == "true" ]]; then + green "Impermanence: ✓" + else + red "Impermanence: X" + fi + + SWAP="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isSwap)" + if [[ $SWAP == "true" ]]; then + green "Swap: ✓" + else + red "Swap: X" + fi + + SECUREBOOT="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isSecureBoot)" + if [[ $SECUREBOOT == "true" ]]; then + green "Secure Boot: ✓" + else + red "Secure Boot: X" + fi + local_keys=$(ssh-add -L || true) pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/nbl-imba-2.pub) read -ra pub_arr <<< "$pub_key" @@ -3346,25 +3400,46 @@ This program sets up a new NixOS host locally. green "Valid SSH key found! Continuing with installation" fi - green "Creating /boot partition" - sudo parted -a optimal --script "$disk" mklabel gpt - sudo parted -a optimal --script "$disk" mkpart "boot" fat32 1MiB 1025MiB - sudo parted -a optimal --script "$disk" set 1 esp on + if [ "$disk_encryption" -eq 1 ]; then + while true; do + green "Set disk encryption passphrase:" + read -rs luks_passphrase + green "Please confirm passphrase:" + read -rs luks_passphrase_confirm + if [[ $luks_passphrase == "$luks_passphrase_confirm" ]]; then + echo "$luks_passphrase" > /tmp/disko-password + break + else + red "Passwords do not match" + fi + done + fi - green "Creating / partition" - sudo parted -a optimal --script "$disk" mkpart "root" "$fs_type" 1025MiB 100% - sudo parted -a optimal --script "$disk" type 2 4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709 + green "Setting up disk" + sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks - green "Ensuring proper file systems" - sudo mkfs.fat -F32 "$disk"1 - sudo mkfs."${fs_type}" -F "$disk"2 + # green "Creating /boot partition" + # sudo parted -a optimal --script "$disk" mklabel gpt + # sudo parted -a optimal --script "$disk" mkpart "boot" fat32 1MiB 1025MiB + # sudo parted -a optimal --script "$disk" set 1 esp on + + # green "Creating / partition" + # sudo parted -a optimal --script "$disk" mkpart "root" "$fs_type" 1025MiB 100% + # sudo parted -a optimal --script "$disk" type 2 4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709 + + # green "Ensuring proper file systems" + # sudo mkfs.fat -F32 "$disk"1 + # sudo mkfs."${fs_type}" -F "$disk"2 green "Generating hardware configuration" - sudo mount "$disk"2 /mnt - sudo mkdir -p /mnt/boot - sudo mount "$disk"1 /mnt/boot + # sudo mount "$DISK"2 /mnt + # sudo mkdir -p /mnt/boot + # sudo mount "$DISK"1 /mnt/boot sudo nixos-generate-config --root /mnt --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/ + green "Injecting initialSetup" + sudo sed -i '/ boot.extraModulePackages /a \ swarselsystems.initialSetup = true;' /mnt/etc/nixos/hardware-configuration.nix + git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix # sudo rm -rf /root/.nix-defexpr/channels # sudo rm -rf /nix/var/nix/profiles/per-user/channels diff --git a/programs/bash/.bash_history b/programs/bash/.bash_history index 6ede487..3e70bc2 100644 --- a/programs/bash/.bash_history +++ b/programs/bash/.bash_history @@ -1 +1 @@ -swarsel-install -f chaostheatre -d /dev/vda +swarsel-install -n chaostheatre -d /dev/vda diff --git a/scripts/swarsel-install.sh b/scripts/swarsel-install.sh index 729b62c..1820e72 100644 --- a/scripts/swarsel-install.sh +++ b/scripts/swarsel-install.sh @@ -1,9 +1,13 @@ set -eo pipefail target_config="chaostheatre" +target_hostname="chaostheatre" target_user="swarsel" -fs_type="ext4" -disk="" +# fs_type="ext4" +# disk="" + +# persist_dir="" +disk_encryption=0 function help_and_exit() { echo @@ -24,6 +28,12 @@ function help_and_exit() { exit 0 } +function red() { + echo -e "\x1B[31m[!] $1 \x1B[0m" + if [ -n "${2-}" ]; then + echo -e "\x1B[31m[!] $($2) \x1B[0m" + fi +} function green() { echo -e "\x1B[32m[+] $1 \x1B[0m" if [ -n "${2-}" ]; then @@ -42,19 +52,20 @@ while [[ $# -gt 0 ]]; do -n) shift target_config=$1 + target_hostname=$1 ;; -u) shift target_user=$1 ;; - -t) - shift - fs_type=$1 - ;; - -d) - shift - disk=$1 - ;; + # -t) + # shift + # fs_type=$1 + # ;; + # -d) + # shift + # disk=$1 + # ;; -h | --help) help_and_exit ;; *) echo "Invalid option detected." @@ -64,14 +75,57 @@ while [[ $# -gt 0 ]]; do shift done +function cleanup() { + sudo rm -rf .cache/nix + sudo rm -rf /root/.cache/nix +} +trap cleanup exit + +green "~SwarselSystems~ remote installer" + cd /home/"$target_user" +sudo rm -rf /root/.cache/nix sudo rm -rf .cache/nix sudo rm -rf .dotfiles green "Cloning repository from GitHub" git clone https://github.com/Swarsel/.dotfiles.git +green "Reading system information for $target_config ..." +DISK="$(nix eval --raw ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.rootDisk)" +green "Root Disk: $DISK" + +CRYPTED="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isCrypted)" +if [[ $CRYPTED == "true" ]]; then + green "Encryption: ✓" + disk_encryption=1 +else + red "Encryption: X" + disk_encryption=0 +fi + +IMPERMANENCE="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isImpermanence)" +if [[ $IMPERMANENCE == "true" ]]; then + green "Impermanence: ✓" +else + red "Impermanence: X" +fi + +SWAP="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isSwap)" +if [[ $SWAP == "true" ]]; then + green "Swap: ✓" +else + red "Swap: X" +fi + +SECUREBOOT="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isSecureBoot)" +if [[ $SECUREBOOT == "true" ]]; then + green "Secure Boot: ✓" +else + red "Secure Boot: X" +fi + local_keys=$(ssh-add -L || true) pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/nbl-imba-2.pub) read -ra pub_arr <<< "$pub_key" @@ -86,25 +140,46 @@ else green "Valid SSH key found! Continuing with installation" fi -green "Creating /boot partition" -sudo parted -a optimal --script "$disk" mklabel gpt -sudo parted -a optimal --script "$disk" mkpart "boot" fat32 1MiB 1025MiB -sudo parted -a optimal --script "$disk" set 1 esp on +if [ "$disk_encryption" -eq 1 ]; then + while true; do + green "Set disk encryption passphrase:" + read -rs luks_passphrase + green "Please confirm passphrase:" + read -rs luks_passphrase_confirm + if [[ $luks_passphrase == "$luks_passphrase_confirm" ]]; then + echo "$luks_passphrase" > /tmp/disko-password + break + else + red "Passwords do not match" + fi + done +fi -green "Creating / partition" -sudo parted -a optimal --script "$disk" mkpart "root" "$fs_type" 1025MiB 100% -sudo parted -a optimal --script "$disk" type 2 4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709 +green "Setting up disk" +sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks -green "Ensuring proper file systems" -sudo mkfs.fat -F32 "$disk"1 -sudo mkfs."${fs_type}" -F "$disk"2 +# green "Creating /boot partition" +# sudo parted -a optimal --script "$disk" mklabel gpt +# sudo parted -a optimal --script "$disk" mkpart "boot" fat32 1MiB 1025MiB +# sudo parted -a optimal --script "$disk" set 1 esp on + +# green "Creating / partition" +# sudo parted -a optimal --script "$disk" mkpart "root" "$fs_type" 1025MiB 100% +# sudo parted -a optimal --script "$disk" type 2 4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709 + +# green "Ensuring proper file systems" +# sudo mkfs.fat -F32 "$disk"1 +# sudo mkfs."${fs_type}" -F "$disk"2 green "Generating hardware configuration" -sudo mount "$disk"2 /mnt -sudo mkdir -p /mnt/boot -sudo mount "$disk"1 /mnt/boot +# sudo mount "$DISK"2 /mnt +# sudo mkdir -p /mnt/boot +# sudo mount "$DISK"1 /mnt/boot sudo nixos-generate-config --root /mnt --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/ +green "Injecting initialSetup" +sudo sed -i '/ boot.extraModulePackages /a \ swarselsystems.initialSetup = true;' /mnt/etc/nixos/hardware-configuration.nix + git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix # sudo rm -rf /root/.nix-defexpr/channels # sudo rm -rf /nix/var/nix/profiles/per-user/channels