dotfiles/install_os.sh
2023-12-09 23:58:19 +01:00

116 lines
3.1 KiB
Bash
Executable file
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env nix-shell
#! nix-shell -i bash
#! nix-shell -p bash nixos-install-tools
set -euo pipefail
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
# Parse arguments
function help {
echo "Usage: $0 [-h|-e] profile"
echo "Install NixOS on a device."
echo
echo "Arguments:"
echo " profile: OS/disk profile to use"
echo
echo "Options:"
echo " -h: Display this help message."
echo " -e: Erase the disk. For cases where the partition scheme doesn't match the existing one."
}
disko_mode=mount
while getopts "he" OPTION
do
case "$OPTION" in
h)
help
exit 0
;;
e)
disko_mode=disko
;;
?)
help
exit 2
;;
esac
done
shift "$(($OPTIND -1))"
if [ "$#" -ne 1 ]
then
help
exit 2
fi
profile="$1"
profile_dir="${SCRIPT_DIR}/${profile}"
if [ ! -d "$profile_dir" ]
then
echo "Profile not found."
fi
disko_config="${profile_dir}/dk.nix"
if [ ! -f "$disko_config" ]
then
echo "Disk configuration not found."
fi
nixos_config="${profile_dir}/os.nix"
if [ ! -f "$nixos_config" ]
then
echo "NixOS configuration not found."
fi
mountpoint="/mnt/nixos"
nix_flakes_cmd="nix --extra-experimental-features nix-command --extra-experimental-features flakes"
luks_pass_path="luks/$(basename ${profile})"
set -x
sudo mkdir -p "$mountpoint"
# Add channels to root user, as nixos-install uses those.
# Not great, but fixable with flakes I guess
sudo ./add_channels.sh
# Load encryption password
luks_pass_file="$(mktemp --suffix="luks_password")"
pass $luks_pass_path | head -n1 | tr -d '\n' > $luks_pass_file
# Format or mount disk
sudo $nix_flakes_cmd run github:nix-community/disko -- --root-mountpoint "$mountpoint" --mode "$disko_mode" --argstr passwordFile "$luks_pass_file" "$disko_config"
# Unload encryption password
rm "$luks_pass_file"
# Generate hardware-config.nix
sudo nixos-generate-config --no-filesystems --root "$mountpoint"
# --no-filesystems because they are imported via disko
# Plug system configuration into this git repo
sudo mkdir -p "${mountpoint}/etc/nixos"
echo "{ ... }: { imports = [ ./hardware-configuration.nix ${nixos_config} ]; }" | sudo tee "${mountpoint}/etc/nixos/configuration.nix" > /dev/null
# Everything there should be covered by (and conflicts with) the repo anyways.
# Install NixOS! Or create a new generation.
sudo nixos-install --no-root-password --root "$mountpoint"
# Install dotfiles. Actually not needed by nixos-install since it doesn't rewrite global paths to the mountpoint.
# Without it no nixos-rebuild from the system itself once installed though.
# Should probably be replaced with something like git-sync
# sudo mkdir -p $mountpoint/home/geoffrey/.config/
# sudo cp -a ../dotfiles $mountpoint/home/geoffrey/.config/
# sudo chown geoffrey:geoffrey $mountpoint/home/geoffrey -R
set +x
# Signal the installation is done!
echo 
echo "Manual post-installation instructions:"
echo "- Boot into the system"
echo "- Transfer necessary private keys (or use ssh -A for testing)"
echo "- Run git-sync-init"
echo "- Check that the system can build itself"