Skip to content

Commit

Permalink
feat: catchup local installer to remote
Browse files Browse the repository at this point in the history
  • Loading branch information
Swarsel committed Dec 28, 2024
1 parent 665abec commit 1f9adaa
Show file tree
Hide file tree
Showing 10 changed files with 355 additions and 70 deletions.
219 changes: 184 additions & 35 deletions SwarselSystems.org
Original file line number Diff line number Diff line change
Expand Up @@ -1074,6 +1074,11 @@ In this section I am creating some attributes that define general concepts of my
program = "${self.packages.${system}.swarsel-install}/bin/swarsel-install";
};

postinstall = {
type = "app";
program = "${self.packages.${system}.swarsel-postinstall}/bin/swarsel-postinstall";
};

rebuild = {
type = "app";
program = "${self.packages.${system}.swarsel-rebuild}/bin/swarsel-rebuild";
Expand Down Expand Up @@ -1864,14 +1869,14 @@ For added convenience, the live environment displays a helpful text on login, we
IP of primary interface: \4
The Password for all users & root is 'setup'.
Install the system remotely by running 'bootstrap -n <CONFIGURATION_NAME> -d <IP_FROM_ABOVE> ' on a machine with deployed secrets.
Alternatively, run 'swarsel-install -d <DISK> -n <CONFIGURATION_NAME>' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access).
Alternatively, run 'swarsel-install -n <CONFIGURATION_NAME>' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access).

#+end_src

Also, an initial bash history is provided to allow for a very quick local deployment:

#+begin_src shell :tangle programs/bash/.bash_history
swarsel-install -f chaostheatre -d /dev/vda
swarsel-install -n chaostheatr
#+end_src


Expand Down Expand Up @@ -2176,6 +2181,7 @@ Note: The structure of generating the packages was changed in commit =2cf03a3 re
"bootstrap"
"swarsel-rebuild"
"swarsel-install"
"swarsel-postinstall"
"t2ts"
"ts2t"
"vershell"
Expand Down Expand Up @@ -3261,29 +3267,33 @@ This program sets up a new NixOS host locally.
set -eo pipefail

target_config="chaostheatre"
target_hostname="chaostheatre"
target_user="swarsel"
fs_type="ext4"
disk=""
persist_dir=""
disk_encryption=0

function help_and_exit() {
echo
echo "Locally installs SwarselSystem on this machine."
echo
echo "USAGE: $0 -d <disk> [OPTIONS]"
echo "USAGE: $0 -n <target_config> [OPTIONS]"
echo
echo "ARGS:"
echo " -d <disk> specify disk to install on."
echo " -n <target_config> specify the nixos config to deploy."
echo " Default: chaostheatre"
echo " Default: chaostheatre"
echo " -u <target_user> specify user to deploy for."
echo " Default: swarsel"
echo " -t <fs_type> specify file system type to deploy for."
echo " Default: ext4"
echo " -h | --help Print this help."
exit 0
}

function red() {
echo -e "\x1B[31m[!] $1 \x1B[0m"
if [ -n "${2-}" ]; then
echo -e "\x1B[31m[!] $($2) \x1B[0m"
fi
}
function green() {
echo -e "\x1B[32m[+] $1 \x1B[0m"
if [ -n "${2-}" ]; then
Expand All @@ -3302,19 +3312,12 @@ This program sets up a new NixOS host locally.
-n)
shift
target_config=$1
target_hostname=$1
;;
-u)
shift
target_user=$1
;;
-t)
shift
fs_type=$1
;;
-d)
shift
disk=$1
;;
-h | --help) help_and_exit ;;
,*)
echo "Invalid option detected."
Expand All @@ -3324,14 +3327,59 @@ This program sets up a new NixOS host locally.
shift
done

function cleanup() {
sudo rm -rf .cache/nix
sudo rm -rf /root/.cache/nix
}
trap cleanup exit

green "~SwarselSystems~ remote installer"

cd /home/"$target_user"

sudo rm -rf /root/.cache/nix
sudo rm -rf .cache/nix
sudo rm -rf .dotfiles

green "Cloning repository from GitHub"
git clone https://github.com/Swarsel/.dotfiles.git

green "Reading system information for $target_config ..."
DISK="$(nix eval --raw ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.rootDisk)"
green "Root Disk: $DISK"

CRYPTED="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isCrypted)"
if [[ $CRYPTED == "true" ]]; then
green "Encryption: ✓"
disk_encryption=1
else
red "Encryption: X"
disk_encryption=0
fi

IMPERMANENCE="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isImpermanence)"
if [[ $IMPERMANENCE == "true" ]]; then
green "Impermanence: ✓"
persist_dir="/persist"
else
red "Impermanence: X"
persist_dir=""
fi

SWAP="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isSwap)"
if [[ $SWAP == "true" ]]; then
green "Swap: ✓"
else
red "Swap: X"
fi

SECUREBOOT="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isSecureBoot)"
if [[ $SECUREBOOT == "true" ]]; then
green "Secure Boot: ✓"
else
red "Secure Boot: X"
fi

local_keys=$(ssh-add -L || true)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/nbl-imba-2.pub)
read -ra pub_arr <<< "$pub_key"
Expand All @@ -3346,33 +3394,38 @@ This program sets up a new NixOS host locally.
green "Valid SSH key found! Continuing with installation"
fi

green "Creating /boot partition"
sudo parted -a optimal --script "$disk" mklabel gpt
sudo parted -a optimal --script "$disk" mkpart "boot" fat32 1MiB 1025MiB
sudo parted -a optimal --script "$disk" set 1 esp on

green "Creating / partition"
sudo parted -a optimal --script "$disk" mkpart "root" "$fs_type" 1025MiB 100%
sudo parted -a optimal --script "$disk" type 2 4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709
if [ "$disk_encryption" -eq 1 ]; then
while true; do
green "Set disk encryption passphrase:"
read -rs luks_passphrase
green "Please confirm passphrase:"
read -rs luks_passphrase_confirm
if [[ $luks_passphrase == "$luks_passphrase_confirm" ]]; then
echo "$luks_passphrase" > /tmp/disko-password
break
else
red "Passwords do not match"
fi
done
fi

green "Ensuring proper file systems"
sudo mkfs.fat -F32 "$disk"1
sudo mkfs."${fs_type}" -F "$disk"2
green "Setting up disk"
sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks
sudo mkdir -p /mnt/"$persist_dir"/home/"$target_user"/
sudo cp -r /home/"$target_user"/.dotfiles /mnt/"$persist_dir"/home/"$target_user"/
sudo chown 1000:100 /mnt/"$persist_dir"/home/"$target_user"

green "Generating hardware configuration"
sudo mount "$disk"2 /mnt
sudo mkdir -p /mnt/boot
sudo mount "$disk"1 /mnt/boot
sudo nixos-generate-config --root /mnt --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/
sudo nixos-generate-config --root /mnt --no-filesystems --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/

green "Injecting initialSetup"
sudo sed -i '/ boot.extraModulePackages /a \ swarselsystems.initialSetup = true;' /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix

git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix
# sudo rm -rf /root/.nix-defexpr/channels
# sudo rm -rf /nix/var/nix/profiles/per-user/channels
sudo mkdir -p /root/.local/share/nix/
printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | sudo tee /root/.local/share/nix/trusted-settings.json > /dev/null
green "Installing flake $target_config"
sudo nixos-install --flake .#"$target_config"
yellow "Please keep in mind that this is only a demo of the configuration. Things might break unexpectedly."
green "Installation finished! Reboot to see changes"
#+end_src

Expand All @@ -3388,6 +3441,100 @@ This program sets up a new NixOS host locally.
}
#+end_src

**** swarsel-postinstall

This program sets up a new NixOS host locally.

#+begin_src shell :tangle scripts/swarsel-postinstall.sh
set -eo pipefail

target_config="chaostheatre"
target_user="swarsel"

function help_and_exit() {
echo
echo "Locally installs SwarselSystem on this machine."
echo
echo "USAGE: $0 -d <disk> [OPTIONS]"
echo
echo "ARGS:"
echo " -d <disk> specify disk to install on."
echo " -n <target_config> specify the nixos config to deploy."
echo " Default: chaostheatre"
echo " Default: chaostheatre"
echo " -u <target_user> specify user to deploy for."
echo " Default: swarsel"
echo " -h | --help Print this help."
exit 0
}

function green() {
echo -e "\x1B[32m[+] $1 \x1B[0m"
if [ -n "${2-}" ]; then
echo -e "\x1B[32m[+] $($2) \x1B[0m"
fi
}

while [[ $# -gt 0 ]]; do
case "$1" in
-n)
shift
target_config=$1
;;
-u)
shift
target_user=$1
;;
-h | --help) help_and_exit ;;
,*)
echo "Invalid option detected."
help_and_exit
;;
esac
shift
done

function cleanup() {
sudo rm -rf .cache/nix
sudo rm -rf /root/.cache/nix
}
trap cleanup exit

sudo rm -rf .cache/nix
sudo rm -rf /root/.cache/nix

green "~SwarselSystems~ remote post-installer"

cd /home/"$target_user"/.dotfiles

SECUREBOOT="$(nix eval ~/.dotfiles#nixosConfigurations."$target_config".config.swarselsystems.isSecureBoot)"

if [[ $SECUREBOOT == "true" ]]; then
green "Setting up secure boot keys"
sudo mkdir -p /var/lib/sbctl
sbctl create-keys || true
sbctl enroll-keys --ignore-immutable --microsoft || true
fi

green "Disabling initialSetup"
sed -i '/swarselsystems\.initialSetup = true;/d' /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix
sudo nixos-rebuild --flake .#"$target_config" switch
green "Post-install finished!"

#+end_src



#+begin_src nix :tangle pkgs/swarsel-postinstall/default.nix
{ writeShellApplication, git }:

writeShellApplication {
name = "swarsel-postinstall";
runtimeInputs = [ git ];
text = builtins.readFile ../../scripts/swarsel-postinstall.sh;
}
#+end_src

**** t2ts
:PROPERTIES:
:CUSTOM_ID: h:5ad99997-e54c-4f0b-9ab7-15f76b1e16e1
Expand Down Expand Up @@ -5679,6 +5826,7 @@ Normally, doing that also resets the lecture that happens on the first use of =s
"/etc/nix"
"/etc/NetworkManager/system-connections"
# "/etc/secureboot"
"/home/swarsel/.dotfiles"
"/var/db/sudo"
"/var/cache"
"/var/lib"
Expand Down Expand Up @@ -10463,7 +10611,8 @@ Currently, I am too lazy to explain every option here, but most of it is very se
"${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\"";
"${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\"";
"${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\"";
"${modifier}+m" = "exec swarselcheck -s";
"${modifier}+m" = "exec swaymsg workspace back_and_forth";
"${modifier}+a" = "exec swarselcheck -s";
"${modifier}+x" = "exec swarselcheck -k";
"${modifier}+d" = "exec swarselcheck -d";
"${modifier}+w" = "exec swarselcheck -e";
Expand Down
5 changes: 5 additions & 0 deletions flake.nix
Original file line number Diff line number Diff line change
Expand Up @@ -218,6 +218,11 @@
program = "${self.packages.${system}.swarsel-install}/bin/swarsel-install";
};

postinstall = {
type = "app";
program = "${self.packages.${system}.swarsel-postinstall}/bin/swarsel-postinstall";
};

rebuild = {
type = "app";
program = "${self.packages.${system}.swarsel-rebuild}/bin/swarsel-rebuild";
Expand Down
1 change: 1 addition & 0 deletions pkgs/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ let
"bootstrap"
"swarsel-rebuild"
"swarsel-install"
"swarsel-postinstall"
"t2ts"
"ts2t"
"vershell"
Expand Down
7 changes: 7 additions & 0 deletions pkgs/swarsel-postinstall/default.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{ writeShellApplication, git }:

writeShellApplication {
name = "swarsel-postinstall";
runtimeInputs = [ git ];
text = builtins.readFile ../../scripts/swarsel-postinstall.sh;
}
3 changes: 2 additions & 1 deletion profiles/common/home/sway.nix
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,8 @@ in
"${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\"";
"${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\"";
"${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\"";
"${modifier}+m" = "exec swarselcheck -s";
"${modifier}+m" = "exec swaymsg workspace back_and_forth";
"${modifier}+a" = "exec swarselcheck -s";
"${modifier}+x" = "exec swarselcheck -k";
"${modifier}+d" = "exec swarselcheck -d";
"${modifier}+w" = "exec swarselcheck -e";
Expand Down
1 change: 1 addition & 0 deletions profiles/common/nixos/impermanence.nix
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@ in
"/etc/nix"
"/etc/NetworkManager/system-connections"
# "/etc/secureboot"
"/home/swarsel/.dotfiles"
"/var/db/sudo"
"/var/cache"
"/var/lib"
Expand Down
2 changes: 1 addition & 1 deletion programs/bash/.bash_history
Original file line number Diff line number Diff line change
@@ -1 +1 @@
swarsel-install -f chaostheatre -d /dev/vda
swarsel-install -n chaostheatr
2 changes: 1 addition & 1 deletion programs/etc/issue
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@
IP of primary interface: \4
The Password for all users & root is 'setup'.
Install the system remotely by running 'bootstrap -n <CONFIGURATION_NAME> -d <IP_FROM_ABOVE> ' on a machine with deployed secrets.
Alternatively, run 'swarsel-install -d <DISK> -n <CONFIGURATION_NAME>' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access).
Alternatively, run 'swarsel-install -n <CONFIGURATION_NAME>' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access).
Loading

0 comments on commit 1f9adaa

Please sign in to comment.