#!/usr/bin/env nix-shell #! nix-shell -i bash #! nix-shell -p bash nixos-install-tools echo FIXME Not flakes ready exit 1 set -euo pipefail SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) # Parse arguments function help { echo "Usage: $0 [-h|-e] profile" echo "Install NixOS on a device." echo echo "Arguments:" echo " profile: OS/disk profile to use" echo echo "Options:" echo " -h: Display this help message." echo " -e: Erase the disk. For cases where the partition scheme doesn't match the existing one." } disko_mode=mount while getopts "he" OPTION do case "$OPTION" in h) help exit 0 ;; e) disko_mode=disko ;; ?) help exit 2 ;; esac done shift "$(($OPTIND -1))" if [ "$#" -ne 1 ] then help exit 2 fi profile="$1" profile_dir="${SCRIPT_DIR}/${profile}" if [ ! -d "$profile_dir" ] then echo "Profile not found." fi disko_config="${profile_dir}/dk.nix" if [ ! -f "$disko_config" ] then echo "Disk configuration not found." fi nixos_config="${profile_dir}/os.nix" if [ ! -f "$nixos_config" ] then echo "NixOS configuration not found." fi mountpoint="/mnt/nixos" nix_flakes_cmd="nix --extra-experimental-features nix-command --extra-experimental-features flakes" luks_pass_path="luks/$(basename ${profile})" set -x sudo mkdir -p "$mountpoint" # Add channels to root user, as nixos-install uses those. # Not great, but fixable with flakes I guess sudo ./add_channels.sh # Load encryption password luks_pass_file="$(mktemp --suffix="luks_password")" pass $luks_pass_path | head -n1 | tr -d '\n' > $luks_pass_file # Format or mount disk sudo $nix_flakes_cmd run github:nix-community/disko -- --root-mountpoint "$mountpoint" --mode "$disko_mode" --argstr passwordFile "$luks_pass_file" "$disko_config" # Unload encryption password rm "$luks_pass_file" # Generate hardware-config.nix sudo nixos-generate-config --no-filesystems --root "$mountpoint" # --no-filesystems because they are imported via disko # Plug system configuration into this git repo sudo mkdir -p "${mountpoint}/etc/nixos" echo "{ ... }: { imports = [ ./hardware-configuration.nix ${nixos_config} ]; }" | sudo tee "${mountpoint}/etc/nixos/configuration.nix" > /dev/null # EXAMPLE # { # description = "curacao system config"; # # inputs.dotfiles.url = "git+file:/home/geoffrey/.config/gdotfiles"; # # outputs = { self, dotfiles, ... }: # { # nixosConfigurations.curacao = dotfiles.nixosConfigurations.curacao.extendModules { # modules = [ ./hardware-configuration.nix ]; # }; # }; # } # Everything there should be covered by (and conflicts with) the repo anyways. # Install NixOS! Or create a new generation. sudo nixos-install --no-root-password --root "$mountpoint" set +x # Signal the installation is done! echo  echo "Manual post-installation instructions:" echo "- Boot into the system" echo "- Transfer necessary private keys (or use ssh -A for testing)" echo "- Run git-sync-init" echo "- Check that the system can build itself" echo "- Change root and user password"