geoffrey/dotfiles
geoffrey/dotfiles
1
0
Fork 0
Code Issues 8 Pull requests Releases Activity

Fix OS scripts for flakes

Browse source
This commit is contained in:
Geoffrey Frogeye 2024-02-17 23:35:53 +01:00
parent 448a154d74
commit 833320e3fa
Signed by: geoffrey
GPG key ID: C72403E7F82E6AD8
9 changed files with 97 additions and 79 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.gitignore vendored
View file

@ -1,5 +1,2 @@
*/hm result
*/system
*/vm
*/vmWithBootLoader
*.qcow2 *.qcow2

39
build_os.sh
View file

@ -1,17 +1,14 @@
#!/usr/bin/env nix-shell #!/usr/bin/env nix-shell
#! nix-shell -i bash #! nix-shell -i bash
#! nix-shell -p bash nix-output-monitor #! nix-shell -p nix
echo FIXME Not flakes ready
exit 1
set -euo pipefail set -euo pipefail
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
# Parse arguments # Parse arguments
function help { function help {
echo "Usage: $0 [-h|-v|-b] profile" echo "Usage: $0 [-h|-e|-b] [flake-uri#]name"
echo "Build NixOS configuration on the local machine." echo "Build a NixOS configuration on the local machine."
echo echo
echo "Arguments:" echo "Arguments:"
echo " profile: OS/disk profile to use" echo " profile: OS/disk profile to use"
@ -22,7 +19,7 @@ function help {
echo " -b: Build a virtual machine with boot loader." echo " -b: Build a virtual machine with boot loader."
} }
attr=system arg=build
while getopts "hvb" OPTION while getopts "hvb" OPTION
do do
case "$OPTION" in case "$OPTION" in
@ -31,10 +28,10 @@ do
exit 0 exit 0
;; ;;
v) v)
attr=vm arg=build-vm
;; ;;
b) b)
attr=vmWithBootLoader arg=build-vm-with-bootloader
;; ;;
?) ?)
help help
@ -42,29 +39,35 @@ do
;; ;;
esac esac
done done
shift "$(($OPTIND -1))" shift "$((OPTIND -1))"
if [ "$#" -ne 1 ] if [ "$#" -ne 1 ]
then then
help help
exit 2 exit 2
fi fi
profile="$1"
profile_dir="${SCRIPT_DIR}/${profile}" if [[ "$1" == *"#"* ]]
if [ ! -d "$profile_dir" ]
then then
echo "Profile not found." flake_uri="$(echo "$1" | cut -d'#' -f1)"
flake_uri=$( cd -- "$flake_uri" &> /dev/null && pwd )
name="$(echo "$1" | cut -d'#' -f2)"
else
flake_uri="$SCRIPT_DIR"
name="$1"
fi fi
nixos_config="${profile_dir}/os.nix" if [ ! -f "$flake_uri/flake.nix" ]
if [ ! -f "$nixos_config" ]
then then
echo "NixOS configuration not found." echo "Flake not found."
fi fi
flake="${flake_uri}#${name}"
set -x set -x
nom-build '<nixpkgs/nixos>' -I "nixos-config=${nixos_config}" -A "$attr" -o "${profile_dir}/${attr}" nix --extra-experimental-features "nix-command flakes" run "${SCRIPT_DIR}#nixos-rebuild" -- "$arg" --flake "$flake"
echo  echo 
# TODO Use update-local-flakes?

2
curacao/usb.nix
View file

@ -1,7 +1,7 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }:
{ {
config = { config = {
boot.loader.grub.efiInstallAsRemovable = true; boot.loader.efi.canTouchEfiVariables = false;
disko.devices.disk."${config.networking.hostName}".device = "/dev/disk/by-id/usb-Kingston_DataTraveler_3.0_E0D55EA57414F510489F0F1A-0:0"; disko.devices.disk."${config.networking.hostName}".device = "/dev/disk/by-id/usb-Kingston_DataTraveler_3.0_E0D55EA57414F510489F0F1A-0:0";
networking.hostName = "curacao-usb"; networking.hostName = "curacao-usb";
}; };

23
flake.nix
View file

@ -76,6 +76,26 @@
}; };
in in
{ {
# Easily expose apps to scripts
apps = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: {
disko = {
type = "app";
program = "${disko.packages.${system}.default}/bin/disko";
};
nixos-generate-config = {
type = "app";
program = "${nixpkgs.legacyPackages.${system}.nixos-install-tools}/bin/nixos-generate-config";
};
nixos-install = {
type = "app";
program = "${nixpkgs.legacyPackages.${system}.nixos-install-tools}/bin/nixos-install";
};
nixos-rebuild = {
type = "app";
program = "${nixpkgs.legacyPackages.${system}.nixos-rebuild}/bin/nixos-rebuild";
};
});
# Reusable configurations
lib = lib; lib = lib;
nixosModules.dotfiles = { nixosModules.dotfiles = {
imports = [ imports = [
@ -99,6 +119,7 @@
nur.hmModules.nur nur.hmModules.nur
]; ];
}; };
# Actual configurations
nixosConfigurations.curacao = lib.nixosSystem { nixosConfigurations.curacao = lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
@ -106,7 +127,7 @@
nixos-hardware.nixosModules.dell-g3-3779 nixos-hardware.nixosModules.dell-g3-3779
]; ];
}; };
nixosConfigurations.curacao_usb = lib.nixosSystem { nixosConfigurations.curacao-usb = lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
./curacao/usb.nix ./curacao/usb.nix

93
install_os.sh
View file

@ -1,20 +1,18 @@
#!/usr/bin/env nix-shell #!/usr/bin/env nix-shell
#! nix-shell -i bash #! nix-shell -i bash
#! nix-shell -p bash nixos-install-tools #! nix-shell -p nix
echo FIXME Not flakes ready
exit 1
set -euo pipefail set -euo pipefail
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
# Parse arguments # Parse arguments
function help { function help {
echo "Usage: $0 [-h|-e] profile" echo "Usage: $0 [-h|-e] [flake-uri#]name"
echo "Install NixOS on a device." echo "Install a NixOS configuration from another installation on the same machine."
echo echo
echo "Arguments:" echo "Arguments:"
echo " profile: OS/disk profile to use" echo " flake-uri: Path to flake containing the system configuration. Default: the one where the script is located."
echo " name: Hostname of the configuration to install. The flake must contain an output named 'nixosConfigurations.*name*'"
echo echo
echo "Options:" echo "Options:"
echo " -h: Display this help message." echo " -h: Display this help message."
@ -38,79 +36,75 @@ do
;; ;;
esac esac
done done
shift "$(($OPTIND -1))" shift "$((OPTIND -1))"
if [ "$#" -ne 1 ] if [ "$#" -ne 1 ]
then then
help help
exit 2 exit 2
fi fi
profile="$1"
profile_dir="${SCRIPT_DIR}/${profile}" if [[ "$1" == *"#"* ]]
if [ ! -d "$profile_dir" ]
then then
echo "Profile not found." flake_uri="$(echo "$1" | cut -d'#' -f1)"
flake_uri=$( cd -- "$flake_uri" &> /dev/null && pwd )
name="$(echo "$1" | cut -d'#' -f2)"
else
flake_uri="$SCRIPT_DIR"
name="$1"
fi fi
disko_config="${profile_dir}/dk.nix" if [ ! -f "$flake_uri/flake.nix" ]
if [ ! -f "$disko_config" ]
then then
echo "Disk configuration not found." echo "Flake not found."
fi
nixos_config="${profile_dir}/os.nix"
if [ ! -f "$nixos_config" ]
then
echo "NixOS configuration not found."
fi fi
flake="${flake_uri}#${name}"
mountpoint="/mnt/nixos" mountpoint="/mnt/nixos"
nix_flakes_cmd="nix --extra-experimental-features nix-command --extra-experimental-features flakes" mountpoint_flake="${mountpoint}/etc/nixos/flake.nix"
luks_pass_path="luks/$(basename ${profile})" luks_pass_path="luks/$(basename "${name}")"
set -x set -x
sudo mkdir -p "$mountpoint" sudo mkdir -p "$mountpoint"
# Add channels to root user, as nixos-install uses those.
# Not great, but fixable with flakes I guess
sudo ./add_channels.sh
# Load encryption password # Load encryption password
luks_pass_file="$(mktemp --suffix="luks_password")" luks_pass_file="/tmp/dotfiles_${name}_password";
pass $luks_pass_path | head -n1 | tr -d '\n' > $luks_pass_file trap 'rm "$luks_pass_file"' ERR
touch "$luks_pass_file"
chmod "u=rw" "$luks_pass_file"
pass "$luks_pass_path" | head -n1 | tr -d '\n' > "$luks_pass_file"
# Format or mount disk # Format or mount disk
sudo $nix_flakes_cmd run github:nix-community/disko -- --root-mountpoint "$mountpoint" --mode "$disko_mode" --argstr passwordFile "$luks_pass_file" "$disko_config" sudo nix --extra-experimental-features "nix-command flakes" run "${SCRIPT_DIR}#disko" -- --mode "$disko_mode" --flake "$flake"
# --root-mountpoint is ignored with flakes, so this is set in os/common.nix
# Unload encryption password # Unload encryption password
trap - ERR
rm "$luks_pass_file" rm "$luks_pass_file"
# Generate hardware-config.nix # Generate hardware-config.nix
sudo nixos-generate-config --no-filesystems --root "$mountpoint" sudo nix --extra-experimental-features "nix-command flakes" run "${SCRIPT_DIR}#nixos-generate-config" -- --no-filesystems --root "$mountpoint"
# --no-filesystems because they are imported via disko # --no-filesystems because they are imported via disko
sudo rm "$mountpoint/etc/nixos/configuration.nix"
# Plug system configuration into this git repo # Plug system configuration into this git repo
sudo mkdir -p "${mountpoint}/etc/nixos" sudo mkdir -p "${mountpoint}/etc/nixos"
echo "{ ... }: { imports = [ ./hardware-configuration.nix ${nixos_config} ]; }" | sudo tee "${mountpoint}/etc/nixos/configuration.nix" > /dev/null echo "{
# EXAMPLE description = \"$name system config\";
# { inputs.entrypoint.url = \"git+file:$flake_uri\";
# description = "curacao system config"; outputs = { self, entrypoint, ... }:
# {
# inputs.dotfiles.url = "git+file:/home/geoffrey/.config/gdotfiles"; nixosConfigurations.$name = entrypoint.nixosConfigurations.$name.extendModules {
# modules = [ ./hardware-configuration.nix ];
# outputs = { self, dotfiles, ... }: };
# { };
# nixosConfigurations.curacao = dotfiles.nixosConfigurations.curacao.extendModules { }" | sudo tee "$mountpoint_flake" > /dev/null
# modules = [ ./hardware-configuration.nix ];
# };
# };
# }
# Everything there should be covered by (and conflicts with) the repo anyways. # Everything there should be covered by (and conflicts with) the repo anyways.
# Install NixOS! Or create a new generation. # Install NixOS! Or create a new generation.
sudo nixos-install --no-root-password --root "$mountpoint" sudo nix --extra-experimental-features "nix-command flakes" run "${SCRIPT_DIR}#nixos-install" -- --no-root-password --root "$mountpoint" --flake "${mountpoint_flake}#${name}"
# TODO Add this? --flake "$flake"
set +x set +x
@ -120,6 +114,9 @@ echo 
echo "Manual post-installation instructions:" echo "Manual post-installation instructions:"
echo "- Boot into the system" echo "- Boot into the system"
echo "- Transfer necessary private keys (or use ssh -A for testing)" echo "- Transfer necessary private keys (or use ssh -A for testing)"
echo "- Run git-sync-init" echo "- Run git-sync"
echo "- Check that the system can build itself" echo "- Run install-passwords"
echo "- Run rb"
echo "- Change root and user password" echo "- Change root and user password"
# TODO Use update-local-flakes?

1
os/boot/default.nix
View file

@ -4,6 +4,7 @@
grub = { grub = {
enable = true; enable = true;
efiSupport = true; efiSupport = true;
efiInstallAsRemovable = !config.boot.loader.efi.canTouchEfiVariables;
device = "nodev"; # Don't install on MBR device = "nodev"; # Don't install on MBR
}; };
}; };

3
os/common.nix
View file

@ -21,6 +21,9 @@
}]; }];
}]; }];
# UPST disko --root-mountpoint doesn't work when using flake, workaround:
disko.rootMountPoint = "/mnt/nixos";
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wget wget
kexec-tools kexec-tools

8
pindakaas/hardware.nix
View file

@ -8,12 +8,8 @@
# UPST # UPST
kernelParams = [ "console=tty0" ]; kernelParams = [ "console=tty0" ];
# Pinebook supports UEFI, at least when tow-boot is installed on the SPI # EFI Variables don't seem to work (no generation appear in systemd-boot with SD)
loader = { loader.efi.canTouchEfiVariables = false;
# EFI Variables don't work (no generation appears in systemd-boot)
efi.canTouchEfiVariables = false;
grub.efiInstallAsRemovable = true;
};
}; };
frogeye.desktop = { frogeye.desktop = {

2
pindakaas/sd.nix
View file

@ -1,7 +1,7 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }:
{ {
config = { config = {
boot.loader.grub.efiInstallAsRemovable = true; boot.loader.efi.canTouchEfiVariables = false;
disko.devices.disk."${config.networking.hostName}".device = "/dev/disk/by-id/mmc-SN32G_0xfb19ae99"; disko.devices.disk."${config.networking.hostName}".device = "/dev/disk/by-id/mmc-SN32G_0xfb19ae99";
networking.hostName = "pindakaas-sd"; networking.hostName = "pindakaas-sd";
}; };