karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add installer

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2024-12-19 17:36:05 +00:00
parent 4f13f13df6
commit dbc913fcd8
16 changed files with 271 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@@ -41,7 +41,8 @@ Any `options.nix` files create custom option definitions when present.
Below is a table of all hosts, with links to their respective README files, which may provide further details and/or post-installation checklists.
| Host | README |
|----------|----------------------------------------------------|
| `eirene` | [hosts/eirene/README.md](./hosts/eirene/README.md) |
| `elara` | [hosts/elara/README.md](./hosts/elara/README.md) |
| Host | README |
|-------------|------------------------------------------------------|
| `installer` | [hosts/installer/README.md](./hosts/installer/README.md) |
| `eirene` | [hosts/eirene/README.md](./hosts/eirene/README.md) |
| `elara` | [hosts/elara/README.md](./hosts/elara/README.md) |

8
flake.nix
View File

@@ -69,6 +69,14 @@
{ self, nixpkgs, ... }@inputs:
{
nixosConfigurations = {
installer = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs;
};
system = "x86_64-linux";
modules = [ ./hosts/installer ];
};
eirene = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs;

1
hosts/common/system/configs/ssh/default.nix
View File

@@ -2,6 +2,7 @@
{
programs.ssh = {
knownHosts = {
installer.publicKeyFile = ../../../../installer/secrets/ssh_host_ed25519_key.pub;
eirene.publicKeyFile = ../../../../eirene/secrets/ssh_host_ed25519_key.pub;
elara.publicKeyFile = ../../../../elara/secrets/ssh_host_ed25519_key.pub;
};

1
hosts/common/user/configs/console/ssh/default.nix
View File

@@ -14,6 +14,7 @@
enable = true;
addKeysToAgent = "yes";
userKnownHostsFile = lib.strings.concatStringsSep " " [
../../../../../installer/secrets/ssh_host_ed25519_key.pub
../../../../../eirene/secrets/ssh_host_ed25519_key.pub
../../../../../elara/secrets/ssh_host_ed25519_key.pub
];

2
hosts/elara/README.md
View File

@@ -1,4 +1,4 @@
# sas
# elara
## Post-Install Checklist

8
hosts/elara/default.nix
View File

@@ -6,6 +6,8 @@
(import ./format.nix {
device = "/dev/disk/by-id/usb-SanDisk_Ultra_Trek_0501990ddf7236633373ea7dd2e6715f954e2dbb35cadae343333f0562cda6aa7ec80000000000000000000042c100baff1e08109f5581078ea6d9c3-0:0";
})
./hardware.nix
# elara runs on an external drive on eirene
../eirene/hardware.nix
../eirene/display.nix
../common/system/configs/bluetooth
@@ -51,12 +53,6 @@
i18n.defaultLocale = "en_US.UTF-8";
sops.defaultSopsFile = ./secrets/secrets.yaml;
boot.initrd.kernelModules = [
"xhci_pci"
"usb_storage"
"sd_mod"
];
environment.impermanence.device =
config.disko.devices.disk.usb.content.partitions.root.content.name;
}

8
hosts/elara/hardware.nix Normal file
View File

@@ -0,0 +1,8 @@
{ ... }:
{
boot.initrd.kernelModules = [
"xhci_pci"
"usb_storage"
"sd_mod"
];
}

1
hosts/installer/README.md Normal file
View File

@@ -0,0 +1 @@
# installer

46
hosts/installer/default.nix Normal file
View File

@@ -0,0 +1,46 @@
{ config, inputs, ... }:
{
imports = [
../../lib
inputs.disko.nixosModules.disko
(import ./format.nix {
device = "/dev/disk/by-id/usb-SanDisk_Ultra_Trek_050133f0afb69de86a475ee8d2ad97e4916cce11764cffba9ab262d42a7d0d2f66460000000000000000000039b7a3b8ff990a109f5581078ea6e86a-0:0";
})
./hardware.nix
../common/system/configs/boot
../common/system/configs/btop
../common/system/configs/btrfs
../common/system/configs/fastfetch
../common/system/configs/getty
../common/system/configs/git
../common/system/configs/gpg-agent
../common/system/configs/impermanence
../common/system/configs/lsof
../common/system/configs/ncdu
../common/system/configs/neovim
../common/system/configs/networking
../common/system/configs/nix
../common/system/configs/nix-cleanup
../common/system/configs/nix-ld
../common/system/configs/nixpkgs
../common/system/configs/ntp
../common/system/configs/ranger
../common/system/configs/sops
../common/system/configs/ssh
../common/system/configs/system
../common/system/configs/timezone
../common/system/configs/tmux
../common/system/configs/tree
../common/system/configs/users
../common/system/configs/wget
../common/system/configs/zsh
./users/nick
];
networking.hostName = "installer";
i18n.defaultLocale = "en_US.UTF-8";
sops.defaultSopsFile = ./secrets/secrets.yaml;
environment.impermanence.device =
config.disko.devices.disk.usb.content.partitions.root.content.name;
}

74
hosts/installer/format.nix Normal file
View File

@@ -0,0 +1,74 @@
{
device ? throw "device argument is required",
...
}:
{
disko.devices = {
disk.usb = {
inherit device;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "esp";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
name = "root";
size = "100%";
content = {
name = "usb";
type = "luks";
settings = {
allowDiscards = true;
};
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"@" = {
mountpoint = "/";
};
"@persist" = {
mountpoint = "/persist";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"@cache" = {
mountpoint = "/cache";
mountOptions = [
"compress=zstd"
"noatime"
];
};
};
};
};
};
};
};
};
};
}

17
hosts/installer/hardware.nix Normal file
View File

@@ -0,0 +1,17 @@
{ ... }:
{
hardware.enableAllFirmware = true;
boot.initrd.kernelModules = [
"nvme"
"ahci"
"usbhid"
"xhci_pci"
"usb_storage"
"sd_mod"
];
nixpkgs.hostPlatform = "x86_64-linux";
services.fstrim.enable = true;
}

1
hosts/installer/secrets/ssh_host_ed25519_key.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEIK+JkxkC0E8w0IF59gtpG55JBS/osqs1B7VhsI0eI nick@eirene

88
hosts/installer/users/nick/default.nix Normal file
View File

@@ -0,0 +1,88 @@
{ config, lib, ... }:
let
# FIXME: https://github.com/NixOS/nixpkgs/issues/24570
# FIXME: https://github.com/NixOS/nixpkgs/issues/305643
user = "nick";
home = "/home/nick";
in
{
imports = [
../../../common/user/configs/options.nix
(import ../../../common/user/configs/console/bashmount { inherit user home; })
(import ../../../common/user/configs/console/btop { inherit user home; })
(import ../../../common/user/configs/console/fastfetch { inherit user home; })
(import ../../../common/user/configs/console/git { inherit user home; })
(import ../../../common/user/configs/console/gpg-agent { inherit user home; })
(import ../../../common/user/configs/console/home-manager { inherit user home; })
(import ../../../common/user/configs/console/ncdu { inherit user home; })
(import ../../../common/user/configs/console/neovim { inherit user home; })
(import ../../../common/user/configs/console/nix-develop { inherit user home; })
(import ../../../common/user/configs/console/nix-direnv { inherit user home; })
(import ../../../common/user/configs/console/nixpkgs { inherit user home; })
(import ../../../common/user/configs/console/ranger { inherit user home; })
(import ../../../common/user/configs/console/sops { inherit user home; })
(import ../../../common/user/configs/console/ssh { inherit user home; })
(import ../../../common/user/configs/console/tmux { inherit user home; })
(import ../../../common/user/configs/console/tree { inherit user home; })
(import ../../../common/user/configs/console/wget { inherit user home; })
(import ../../../common/user/configs/console/xdg { inherit user home; })
(import ../../../common/user/configs/console/zsh { inherit user home; })
];
# echo "password" | mkpasswd -s
sops.secrets."${user}-password" = {
sopsFile = ../../../../secrets/personal/secrets.yaml;
key = "password";
neededForUsers = true;
};
users.users.${user} = {
inherit home;
isNormalUser = true;
email = "nick@karaolidis.com";
fullName = "Nikolaos Karaolidis";
description = "Nikolaos Karaolidis";
hashedPasswordFile = config.sops.secrets."${user}-password".path;
extraGroups = [ "wheel" ];
linger = true;
uid = lib.strings.toInt (builtins.readFile ./uid);
};
services.getty.autologinUser = user;
home-manager.users.${user} = {
home = {
username = user;
homeDirectory = home;
};
sops.secrets = {
"git/credentials" = {
sopsFile = ../../../../secrets/personal/secrets.yaml;
path = "${home}/.config/git/credentials";
};
"git/cookies" = {
sopsFile = ../../../../secrets/personal/secrets.yaml;
path = "${home}/.config/git/cookies";
};
"ssh/personal/git/key" = {
sopsFile = ../../../../secrets/personal/secrets.yaml;
path = "${home}/.ssh/ssh_git_personal_ed25519_key";
};
"ssh/personal/git/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
"gpg/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml;
"gpg/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
};
programs.ssh.matchBlocks = {
"github.com" = {
hostname = "github.com";
user = "git";
identityFile = "${home}/.ssh/ssh_git_personal_ed25519_key";
extraOptions.StrictHostKeyChecking = "accept-new";
};
};
};
}

1
hosts/installer/users/nick/uid Normal file
View File

@@ -0,0 +1 @@
1000

2
lib/scripts/add-host.sh
View File

@@ -23,7 +23,7 @@ for SOPS_FILE in $(find . -type f -name "sops.yaml"); do
done
sed -i "/knownHosts = {/a\ ${HOST}.publicKeyFile = ../../../../${HOST}/secrets/ssh_host_ed25519_key.pub;" ./hosts/common/system/configs/ssh/default.nix
sed -i "/userKnownHostsFile = lib.strings.concatStringsSep " " [/a\ \${../../../../../${HOST}/secrets/ssh_host_ed25519_key.pub}" ./hosts/common/user/configs/console/ssh/default.nix
sed -i "/userKnownHostsFile = lib.strings.concatStringsSep \" \" \[/a\ ../../../../../${HOST}/secrets/ssh_host_ed25519_key.pub" ./hosts/common/user/configs/console/ssh/default.nix
"$(dirname "$0")/update-keys.sh" "$2"

34
lib/scripts/install.sh
View File

@@ -3,7 +3,6 @@
set -o errexit
set -o nounset
set -o pipefail
set -x
check_root() {
if [[ "${EUID}" -ne 0 ]]; then
@@ -22,11 +21,10 @@ check_network() {
echo "No network connection detected."
echo "Would you like to connect to a Wi-Fi network? [y/N]"
read -r connect_wifi
if ! [[ "${connect_wifi}" =~ ^([yY][eE][sS]|[yY])$ ]]; then
echo "Please connect to a network before proceeding."
echo "Connect to a network before proceeding."
exit 1
fi
@@ -34,33 +32,33 @@ check_network() {
}
setup_wifi() {
echo "Available network interfaces:"
ip link show | grep -E '^[0-9]+:' | awk '{print $2}' | tr -d ':'
echo "Available Wi-Fi interfaces:"
nmcli device status | awk '$2 == "wifi" {print $1}'
echo "Enter the network interface you want to use:"
echo "Enter the Wi-Fi interface you want to use:"
read -r interface
echo "Enter the SSID of the open network:"
echo "Scanning for Wi-Fi networks..."
nmcli device wifi rescan
echo "Available Wi-Fi networks:"
nmcli device wifi list
echo "Enter the SSID of the network:"
read -r ssid
echo "Do you want to connect to an open network? [y/N]"
echo "Is this network open? [y/N]"
read -r open_network
if [[ "${open_network}" =~ ^([yY][eE][sS]|[yY])$ ]]; then
wpa_supplicant -i "${interface}" -c <(wpa_passphrase "${ssid}") -B
nmcli device wifi connect "${ssid}" ifname "${interface}"
else
echo "Enter the passphrase:"
read -rs passphrase
wpa_passphrase "${ssid}" "${passphrase}" > wifi.conf
wpa_supplicant -i "${interface}" -c wifi.conf -B
rm wifi.conf
nmcli device wifi connect "${ssid}" password "${passphrase}" ifname "${interface}"
fi
dhcpcd
echo "Waiting for a network connection..."
for i in {1..10}; do
if ping -c 1 google.com &>/dev/null; then
echo "Connected to the network successfully."
@@ -148,12 +146,12 @@ main() {
copy_keys
install
copy_config
echo "Installation complete. Please reboot your system."
echo "Installation complete. Reboot your system."
;;
2)
prepare_disk "mount"
install
echo "Repair complete. Please reboot your system."
echo "Repair complete. Reboot your system."
;;
*)
echo "Invalid choice."