geoffrey/dotfiles
geoffrey/dotfiles
1
0
Fork 0
Code Issues 8 Pull requests Releases Activity

Fix OS scripts for flakes

Browse source
This commit is contained in:
Geoffrey Frogeye 2024-02-17 23:35:53 +01:00
parent 448a154d74
commit 833320e3fa
Signed by: geoffrey
GPG key ID: C72403E7F82E6AD8
9 changed files with 97 additions and 79 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.gitignore vendored
View file

@ -1,5 +1,2 @@
*/hm
*/system
*/vm
*/vmWithBootLoader
result
*.qcow2

39
build_os.sh
View file

@ -1,17 +1,14 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash
#! nix-shell -p bash nix-output-monitor
echo FIXME Not flakes ready
exit 1
#! nix-shell -p nix
set -euo pipefail
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
# Parse arguments
function help {
echo "Usage: $0 [-h|-v|-b] profile"
echo "Build NixOS configuration on the local machine."
echo "Usage: $0 [-h|-e|-b] [flake-uri#]name"
echo "Build a NixOS configuration on the local machine."
echo
echo "Arguments:"
echo " profile: OS/disk profile to use"
@ -22,7 +19,7 @@ function help {
echo " -b: Build a virtual machine with boot loader."
}
attr=system
arg=build
while getopts "hvb" OPTION
do
case "$OPTION" in
@ -31,10 +28,10 @@ do
exit 0
;;
v)
attr=vm
arg=build-vm
;;
b)
attr=vmWithBootLoader
arg=build-vm-with-bootloader
;;
?)
help
@ -42,29 +39,35 @@ do
;;
esac
done
shift "$(($OPTIND -1))"
shift "$((OPTIND -1))"
if [ "$#" -ne 1 ]
then
help
exit 2
fi
profile="$1"
profile_dir="${SCRIPT_DIR}/${profile}"
if [ ! -d "$profile_dir" ]
if [[ "$1" == *"#"* ]]
then
echo "Profile not found."
flake_uri="$(echo "$1" | cut -d'#' -f1)"
flake_uri=$( cd -- "$flake_uri" &> /dev/null && pwd )
name="$(echo "$1" | cut -d'#' -f2)"
else
flake_uri="$SCRIPT_DIR"
name="$1"
fi
nixos_config="${profile_dir}/os.nix"
if [ ! -f "$nixos_config" ]
if [ ! -f "$flake_uri/flake.nix" ]
then
echo "NixOS configuration not found."
echo "Flake not found."
fi
flake="${flake_uri}#${name}"
set -x
nom-build '<nixpkgs/nixos>' -I "nixos-config=${nixos_config}" -A "$attr" -o "${profile_dir}/${attr}"
nix --extra-experimental-features "nix-command flakes" run "${SCRIPT_DIR}#nixos-rebuild" -- "$arg" --flake "$flake"
echo 
# TODO Use update-local-flakes?

2
curacao/usb.nix
View file

@ -1,7 +1,7 @@
{ pkgs, lib, config, ... }:
{
config = {
boot.loader.grub.efiInstallAsRemovable = true;
boot.loader.efi.canTouchEfiVariables = false;
disko.devices.disk."${config.networking.hostName}".device = "/dev/disk/by-id/usb-Kingston_DataTraveler_3.0_E0D55EA57414F510489F0F1A-0:0";
networking.hostName = "curacao-usb";
};

23
flake.nix
View file

@ -76,6 +76,26 @@
};
in
{
# Easily expose apps to scripts
apps = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: {
disko = {
type = "app";
program = "${disko.packages.${system}.default}/bin/disko";
};
nixos-generate-config = {
type = "app";
program = "${nixpkgs.legacyPackages.${system}.nixos-install-tools}/bin/nixos-generate-config";
};
nixos-install = {
type = "app";
program = "${nixpkgs.legacyPackages.${system}.nixos-install-tools}/bin/nixos-install";
};
nixos-rebuild = {
type = "app";
program = "${nixpkgs.legacyPackages.${system}.nixos-rebuild}/bin/nixos-rebuild";
};
});
# Reusable configurations
lib = lib;
nixosModules.dotfiles = {
imports = [
@ -99,6 +119,7 @@
nur.hmModules.nur
];
};
# Actual configurations
nixosConfigurations.curacao = lib.nixosSystem {
system = "x86_64-linux";
modules = [
@ -106,7 +127,7 @@
nixos-hardware.nixosModules.dell-g3-3779
];
};
nixosConfigurations.curacao_usb = lib.nixosSystem {
nixosConfigurations.curacao-usb = lib.nixosSystem {
system = "x86_64-linux";
modules = [
./curacao/usb.nix

93
install_os.sh
View file

@ -1,20 +1,18 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash
#! nix-shell -p bash nixos-install-tools
echo FIXME Not flakes ready
exit 1
#! nix-shell -p nix
set -euo pipefail
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
# Parse arguments
function help {
echo "Usage: $0 [-h|-e] profile"
echo "Install NixOS on a device."
echo "Usage: $0 [-h|-e] [flake-uri#]name"
echo "Install a NixOS configuration from another installation on the same machine."
echo
echo "Arguments:"
echo " profile: OS/disk profile to use"
echo " flake-uri: Path to flake containing the system configuration. Default: the one where the script is located."
echo " name: Hostname of the configuration to install. The flake must contain an output named 'nixosConfigurations.*name*'"
echo
echo "Options:"
echo " -h: Display this help message."
@ -38,79 +36,75 @@ do
;;
esac
done
shift "$(($OPTIND -1))"
shift "$((OPTIND -1))"
if [ "$#" -ne 1 ]
then
help
exit 2
fi
profile="$1"
profile_dir="${SCRIPT_DIR}/${profile}"
if [ ! -d "$profile_dir" ]
if [[ "$1" == *"#"* ]]
then
echo "Profile not found."
flake_uri="$(echo "$1" | cut -d'#' -f1)"
flake_uri=$( cd -- "$flake_uri" &> /dev/null && pwd )
name="$(echo "$1" | cut -d'#' -f2)"
else
flake_uri="$SCRIPT_DIR"
name="$1"
fi
disko_config="${profile_dir}/dk.nix"
if [ ! -f "$disko_config" ]
if [ ! -f "$flake_uri/flake.nix" ]
then
echo "Disk configuration not found."
fi
nixos_config="${profile_dir}/os.nix"
if [ ! -f "$nixos_config" ]
then
echo "NixOS configuration not found."
echo "Flake not found."
fi
flake="${flake_uri}#${name}"
mountpoint="/mnt/nixos"
nix_flakes_cmd="nix --extra-experimental-features nix-command --extra-experimental-features flakes"
luks_pass_path="luks/$(basename ${profile})"
mountpoint_flake="${mountpoint}/etc/nixos/flake.nix"
luks_pass_path="luks/$(basename "${name}")"
set -x
sudo mkdir -p "$mountpoint"
# Add channels to root user, as nixos-install uses those.
# Not great, but fixable with flakes I guess
sudo ./add_channels.sh
# Load encryption password
luks_pass_file="$(mktemp --suffix="luks_password")"
pass $luks_pass_path | head -n1 | tr -d '\n' > $luks_pass_file
luks_pass_file="/tmp/dotfiles_${name}_password";
trap 'rm "$luks_pass_file"' ERR
touch "$luks_pass_file"
chmod "u=rw" "$luks_pass_file"
pass "$luks_pass_path" | head -n1 | tr -d '\n' > "$luks_pass_file"
# Format or mount disk
sudo $nix_flakes_cmd run github:nix-community/disko -- --root-mountpoint "$mountpoint" --mode "$disko_mode" --argstr passwordFile "$luks_pass_file" "$disko_config"
sudo nix --extra-experimental-features "nix-command flakes" run "${SCRIPT_DIR}#disko" -- --mode "$disko_mode" --flake "$flake"
# --root-mountpoint is ignored with flakes, so this is set in os/common.nix
# Unload encryption password
trap - ERR
rm "$luks_pass_file"
# Generate hardware-config.nix
sudo nixos-generate-config --no-filesystems --root "$mountpoint"
sudo nix --extra-experimental-features "nix-command flakes" run "${SCRIPT_DIR}#nixos-generate-config" -- --no-filesystems --root "$mountpoint"
# --no-filesystems because they are imported via disko
sudo rm "$mountpoint/etc/nixos/configuration.nix"
# Plug system configuration into this git repo
sudo mkdir -p "${mountpoint}/etc/nixos"
echo "{ ... }: { imports = [ ./hardware-configuration.nix ${nixos_config} ]; }" | sudo tee "${mountpoint}/etc/nixos/configuration.nix" > /dev/null
# EXAMPLE
# {
# description = "curacao system config";
#
# inputs.dotfiles.url = "git+file:/home/geoffrey/.config/gdotfiles";
#
# outputs = { self, dotfiles, ... }:
# {
# nixosConfigurations.curacao = dotfiles.nixosConfigurations.curacao.extendModules {
# modules = [ ./hardware-configuration.nix ];
# };
# };
# }
echo "{
description = \"$name system config\";
inputs.entrypoint.url = \"git+file:$flake_uri\";
outputs = { self, entrypoint, ... }:
{
nixosConfigurations.$name = entrypoint.nixosConfigurations.$name.extendModules {
modules = [ ./hardware-configuration.nix ];
};
};
}" | sudo tee "$mountpoint_flake" > /dev/null
# Everything there should be covered by (and conflicts with) the repo anyways.
# Install NixOS! Or create a new generation.
sudo nixos-install --no-root-password --root "$mountpoint"
sudo nix --extra-experimental-features "nix-command flakes" run "${SCRIPT_DIR}#nixos-install" -- --no-root-password --root "$mountpoint" --flake "${mountpoint_flake}#${name}"
# TODO Add this? --flake "$flake"
set +x
@ -120,6 +114,9 @@ echo 
echo "Manual post-installation instructions:"
echo "- Boot into the system"
echo "- Transfer necessary private keys (or use ssh -A for testing)"
echo "- Run git-sync-init"
echo "- Check that the system can build itself"
echo "- Run git-sync"
echo "- Run install-passwords"
echo "- Run rb"
echo "- Change root and user password"
# TODO Use update-local-flakes?

1
os/boot/default.nix
View file

@ -4,6 +4,7 @@
grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = !config.boot.loader.efi.canTouchEfiVariables;
device = "nodev"; # Don't install on MBR
};
};

3
os/common.nix
View file

@ -21,6 +21,9 @@
}];
}];
# UPST disko --root-mountpoint doesn't work when using flake, workaround:
disko.rootMountPoint = "/mnt/nixos";
environment.systemPackages = with pkgs; [
wget
kexec-tools

8
pindakaas/hardware.nix
View file

@ -8,12 +8,8 @@
# UPST
kernelParams = [ "console=tty0" ];
# Pinebook supports UEFI, at least when tow-boot is installed on the SPI
loader = {
# EFI Variables don't work (no generation appears in systemd-boot)
efi.canTouchEfiVariables = false;
grub.efiInstallAsRemovable = true;
};
# EFI Variables don't seem to work (no generation appear in systemd-boot with SD)
loader.efi.canTouchEfiVariables = false;
};
frogeye.desktop = {

2
pindakaas/sd.nix
View file

@ -1,7 +1,7 @@
{ pkgs, lib, config, ... }:
{
config = {
boot.loader.grub.efiInstallAsRemovable = true;
boot.loader.efi.canTouchEfiVariables = false;
disko.devices.disk."${config.networking.hostName}".device = "/dev/disk/by-id/mmc-SN32G_0xfb19ae99";
networking.hostName = "pindakaas-sd";
};