From 833320e3fa29cc7d9579e2cac71c71466dbd13dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Geoffrey=20=E2=80=9CFrogeye=E2=80=9D=20Preud=27homme?= Date: Sat, 17 Feb 2024 23:35:53 +0100 Subject: [PATCH] Fix OS scripts for flakes --- .gitignore | 5 +-- build_os.sh | 39 ++++++++++-------- curacao/usb.nix | 2 +- flake.nix | 23 ++++++++++- install_os.sh | 93 ++++++++++++++++++++---------------------- os/boot/default.nix | 1 + os/common.nix | 3 ++ pindakaas/hardware.nix | 8 +--- pindakaas/sd.nix | 2 +- 9 files changed, 97 insertions(+), 79 deletions(-) diff --git a/.gitignore b/.gitignore index 9143aca..87a3018 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,2 @@ -*/hm -*/system -*/vm -*/vmWithBootLoader +result *.qcow2 diff --git a/build_os.sh b/build_os.sh index c64767d..636d716 100755 --- a/build_os.sh +++ b/build_os.sh @@ -1,17 +1,14 @@ #!/usr/bin/env nix-shell #! nix-shell -i bash -#! nix-shell -p bash nix-output-monitor - -echo FIXME Not flakes ready -exit 1 +#! nix-shell -p nix set -euo pipefail SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) # Parse arguments function help { - echo "Usage: $0 [-h|-v|-b] profile" - echo "Build NixOS configuration on the local machine." + echo "Usage: $0 [-h|-e|-b] [flake-uri#]name" + echo "Build a NixOS configuration on the local machine." echo echo "Arguments:" echo " profile: OS/disk profile to use" @@ -22,7 +19,7 @@ function help { echo " -b: Build a virtual machine with boot loader." } -attr=system +arg=build while getopts "hvb" OPTION do case "$OPTION" in @@ -31,10 +28,10 @@ do exit 0 ;; v) - attr=vm + arg=build-vm ;; b) - attr=vmWithBootLoader + arg=build-vm-with-bootloader ;; ?) help @@ -42,29 +39,35 @@ do ;; esac done -shift "$(($OPTIND -1))" +shift "$((OPTIND -1))" if [ "$#" -ne 1 ] then help exit 2 fi -profile="$1" -profile_dir="${SCRIPT_DIR}/${profile}" -if [ ! -d "$profile_dir" ] +if [[ "$1" == *"#"* ]] then - echo "Profile not found." + flake_uri="$(echo "$1" | cut -d'#' -f1)" + flake_uri=$( cd -- "$flake_uri" &> /dev/null && pwd ) + name="$(echo "$1" | cut -d'#' -f2)" +else + flake_uri="$SCRIPT_DIR" + name="$1" fi -nixos_config="${profile_dir}/os.nix" -if [ ! -f "$nixos_config" ] +if [ ! -f "$flake_uri/flake.nix" ] then - echo "NixOS configuration not found." + echo "Flake not found." fi +flake="${flake_uri}#${name}" + set -x -nom-build '' -I "nixos-config=${nixos_config}" -A "$attr" -o "${profile_dir}/${attr}" +nix --extra-experimental-features "nix-command flakes" run "${SCRIPT_DIR}#nixos-rebuild" -- "$arg" --flake "$flake" echo  + +# TODO Use update-local-flakes? diff --git a/curacao/usb.nix b/curacao/usb.nix index 3d6042d..e9b5673 100644 --- a/curacao/usb.nix +++ b/curacao/usb.nix @@ -1,7 +1,7 @@ { pkgs, lib, config, ... }: { config = { - boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.efi.canTouchEfiVariables = false; disko.devices.disk."${config.networking.hostName}".device = "/dev/disk/by-id/usb-Kingston_DataTraveler_3.0_E0D55EA57414F510489F0F1A-0:0"; networking.hostName = "curacao-usb"; }; diff --git a/flake.nix b/flake.nix index 22f15fc..59e7479 100644 --- a/flake.nix +++ b/flake.nix @@ -76,6 +76,26 @@ }; in { + # Easily expose apps to scripts + apps = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: { + disko = { + type = "app"; + program = "${disko.packages.${system}.default}/bin/disko"; + }; + nixos-generate-config = { + type = "app"; + program = "${nixpkgs.legacyPackages.${system}.nixos-install-tools}/bin/nixos-generate-config"; + }; + nixos-install = { + type = "app"; + program = "${nixpkgs.legacyPackages.${system}.nixos-install-tools}/bin/nixos-install"; + }; + nixos-rebuild = { + type = "app"; + program = "${nixpkgs.legacyPackages.${system}.nixos-rebuild}/bin/nixos-rebuild"; + }; + }); + # Reusable configurations lib = lib; nixosModules.dotfiles = { imports = [ @@ -99,6 +119,7 @@ nur.hmModules.nur ]; }; + # Actual configurations nixosConfigurations.curacao = lib.nixosSystem { system = "x86_64-linux"; modules = [ @@ -106,7 +127,7 @@ nixos-hardware.nixosModules.dell-g3-3779 ]; }; - nixosConfigurations.curacao_usb = lib.nixosSystem { + nixosConfigurations.curacao-usb = lib.nixosSystem { system = "x86_64-linux"; modules = [ ./curacao/usb.nix diff --git a/install_os.sh b/install_os.sh index ada3235..b4dfa68 100755 --- a/install_os.sh +++ b/install_os.sh @@ -1,20 +1,18 @@ #!/usr/bin/env nix-shell #! nix-shell -i bash -#! nix-shell -p bash nixos-install-tools - -echo FIXME Not flakes ready -exit 1 +#! nix-shell -p nix set -euo pipefail SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) # Parse arguments function help { - echo "Usage: $0 [-h|-e] profile" - echo "Install NixOS on a device." + echo "Usage: $0 [-h|-e] [flake-uri#]name" + echo "Install a NixOS configuration from another installation on the same machine." echo echo "Arguments:" - echo " profile: OS/disk profile to use" + echo " flake-uri: Path to flake containing the system configuration. Default: the one where the script is located." + echo " name: Hostname of the configuration to install. The flake must contain an output named 'nixosConfigurations.*name*'" echo echo "Options:" echo " -h: Display this help message." @@ -38,79 +36,75 @@ do ;; esac done -shift "$(($OPTIND -1))" +shift "$((OPTIND -1))" if [ "$#" -ne 1 ] then help exit 2 fi -profile="$1" -profile_dir="${SCRIPT_DIR}/${profile}" -if [ ! -d "$profile_dir" ] +if [[ "$1" == *"#"* ]] then - echo "Profile not found." + flake_uri="$(echo "$1" | cut -d'#' -f1)" + flake_uri=$( cd -- "$flake_uri" &> /dev/null && pwd ) + name="$(echo "$1" | cut -d'#' -f2)" +else + flake_uri="$SCRIPT_DIR" + name="$1" fi -disko_config="${profile_dir}/dk.nix" -if [ ! -f "$disko_config" ] +if [ ! -f "$flake_uri/flake.nix" ] then - echo "Disk configuration not found." -fi - -nixos_config="${profile_dir}/os.nix" -if [ ! -f "$nixos_config" ] -then - echo "NixOS configuration not found." + echo "Flake not found." fi +flake="${flake_uri}#${name}" mountpoint="/mnt/nixos" -nix_flakes_cmd="nix --extra-experimental-features nix-command --extra-experimental-features flakes" -luks_pass_path="luks/$(basename ${profile})" +mountpoint_flake="${mountpoint}/etc/nixos/flake.nix" +luks_pass_path="luks/$(basename "${name}")" set -x sudo mkdir -p "$mountpoint" -# Add channels to root user, as nixos-install uses those. -# Not great, but fixable with flakes I guess -sudo ./add_channels.sh - # Load encryption password -luks_pass_file="$(mktemp --suffix="luks_password")" -pass $luks_pass_path | head -n1 | tr -d '\n' > $luks_pass_file +luks_pass_file="/tmp/dotfiles_${name}_password"; +trap 'rm "$luks_pass_file"' ERR +touch "$luks_pass_file" +chmod "u=rw" "$luks_pass_file" +pass "$luks_pass_path" | head -n1 | tr -d '\n' > "$luks_pass_file" # Format or mount disk -sudo $nix_flakes_cmd run github:nix-community/disko -- --root-mountpoint "$mountpoint" --mode "$disko_mode" --argstr passwordFile "$luks_pass_file" "$disko_config" +sudo nix --extra-experimental-features "nix-command flakes" run "${SCRIPT_DIR}#disko" -- --mode "$disko_mode" --flake "$flake" +# --root-mountpoint is ignored with flakes, so this is set in os/common.nix # Unload encryption password +trap - ERR rm "$luks_pass_file" # Generate hardware-config.nix -sudo nixos-generate-config --no-filesystems --root "$mountpoint" +sudo nix --extra-experimental-features "nix-command flakes" run "${SCRIPT_DIR}#nixos-generate-config" -- --no-filesystems --root "$mountpoint" # --no-filesystems because they are imported via disko +sudo rm "$mountpoint/etc/nixos/configuration.nix" # Plug system configuration into this git repo sudo mkdir -p "${mountpoint}/etc/nixos" -echo "{ ... }: { imports = [ ./hardware-configuration.nix ${nixos_config} ]; }" | sudo tee "${mountpoint}/etc/nixos/configuration.nix" > /dev/null -# EXAMPLE -# { -# description = "curacao system config"; -# -# inputs.dotfiles.url = "git+file:/home/geoffrey/.config/gdotfiles"; -# -# outputs = { self, dotfiles, ... }: -# { -# nixosConfigurations.curacao = dotfiles.nixosConfigurations.curacao.extendModules { -# modules = [ ./hardware-configuration.nix ]; -# }; -# }; -# } +echo "{ + description = \"$name system config\"; + inputs.entrypoint.url = \"git+file:$flake_uri\"; + outputs = { self, entrypoint, ... }: + { + nixosConfigurations.$name = entrypoint.nixosConfigurations.$name.extendModules { + modules = [ ./hardware-configuration.nix ]; + }; + }; +}" | sudo tee "$mountpoint_flake" > /dev/null # Everything there should be covered by (and conflicts with) the repo anyways. # Install NixOS! Or create a new generation. -sudo nixos-install --no-root-password --root "$mountpoint" +sudo nix --extra-experimental-features "nix-command flakes" run "${SCRIPT_DIR}#nixos-install" -- --no-root-password --root "$mountpoint" --flake "${mountpoint_flake}#${name}" +# TODO Add this? --flake "$flake" set +x @@ -120,6 +114,9 @@ echo  echo "Manual post-installation instructions:" echo "- Boot into the system" echo "- Transfer necessary private keys (or use ssh -A for testing)" -echo "- Run git-sync-init" -echo "- Check that the system can build itself" +echo "- Run git-sync" +echo "- Run install-passwords" +echo "- Run rb" echo "- Change root and user password" + +# TODO Use update-local-flakes? diff --git a/os/boot/default.nix b/os/boot/default.nix index fd5b0b6..49d8004 100644 --- a/os/boot/default.nix +++ b/os/boot/default.nix @@ -4,6 +4,7 @@ grub = { enable = true; efiSupport = true; + efiInstallAsRemovable = !config.boot.loader.efi.canTouchEfiVariables; device = "nodev"; # Don't install on MBR }; }; diff --git a/os/common.nix b/os/common.nix index 7bd95ff..ce8fca9 100644 --- a/os/common.nix +++ b/os/common.nix @@ -21,6 +21,9 @@ }]; }]; + # UPST disko --root-mountpoint doesn't work when using flake, workaround: + disko.rootMountPoint = "/mnt/nixos"; + environment.systemPackages = with pkgs; [ wget kexec-tools diff --git a/pindakaas/hardware.nix b/pindakaas/hardware.nix index 4693218..783d473 100644 --- a/pindakaas/hardware.nix +++ b/pindakaas/hardware.nix @@ -8,12 +8,8 @@ # UPST kernelParams = [ "console=tty0" ]; - # Pinebook supports UEFI, at least when tow-boot is installed on the SPI - loader = { - # EFI Variables don't work (no generation appears in systemd-boot) - efi.canTouchEfiVariables = false; - grub.efiInstallAsRemovable = true; - }; + # EFI Variables don't seem to work (no generation appear in systemd-boot with SD) + loader.efi.canTouchEfiVariables = false; }; frogeye.desktop = { diff --git a/pindakaas/sd.nix b/pindakaas/sd.nix index 7ce0b41..8a09d34 100644 --- a/pindakaas/sd.nix +++ b/pindakaas/sd.nix @@ -1,7 +1,7 @@ { pkgs, lib, config, ... }: { config = { - boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.efi.canTouchEfiVariables = false; disko.devices.disk."${config.networking.hostName}".device = "/dev/disk/by-id/mmc-SN32G_0xfb19ae99"; networking.hostName = "pindakaas-sd"; };