Last active
February 12, 2024 00:00
-
-
Save pshirshov/42fd9904a53b60903571c56fe5ddae26 to your computer and use it in GitHub Desktop.
nix-quick-install
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -e | |
| function prepare_layout() { | |
| wipefs -a -f "$DISK1" | |
| dd if=/dev/zero of="$DISK1" bs=50M count=1 | |
| partprobe | |
| udevadm settle | |
| parted --script "${DISK1}" -- \ | |
| mklabel gpt \ | |
| mkpart primary 1024MiB 100% \ | |
| mkpart esp fat32 1MiB 1024MiB \ | |
| set 2 boot on | |
| partprobe | |
| udevadm settle | |
| # sgdisk -n3:1M:+2048M -t3:EF00 -c 3:boot "$DISK1" | |
| # sgdisk "-n2:0:+${SWPSIZE}" -t2:8200 -c 2:swap "$DISK1" | |
| # sgdisk -n1:0:0 -t1:BF01 -c 1:root "$DISK1" | |
| SCHEME=-part | |
| TGT_ROOT=${DISK1}${SCHEME}1 | |
| if [[ ! (-L "$TGT_ROOT") && ! (-b "$TGT_ROOT") ]]; then | |
| SCHEME=p | |
| fi | |
| TGT_ROOT=${DISK1}${SCHEME}1 | |
| if [[ ! (-L "$TGT_ROOT") && ! (-b "$TGT_ROOT") ]]; then | |
| SCHEME="" | |
| fi | |
| TGT_ROOT=${DISK1}${SCHEME}1 | |
| TGT_BOOT=${DISK1}${SCHEME}2 | |
| if [[ ! (-L "$TGT_ROOT") && ! (-b "$TGT_ROOT") ]]; then | |
| echo "Missing root partition: ${TGT_ROOT}" | |
| exit 1 | |
| fi | |
| if [[ ! (-L "$TGT_BOOT") && ! (-b "$TGT_BOOT") ]]; then | |
| echo "Missing boot partition: ${TGT_BOOT}" | |
| exit 1 | |
| fi | |
| } | |
| function create_filesystems() { | |
| zfs_args=("$@") | |
| zpool create -f \ | |
| -O mountpoint=none \ | |
| -O atime=off \ | |
| -o ashift=12 \ | |
| -O acltype=posixacl \ | |
| -O xattr=sa \ | |
| "${zfs_args[@]}" \ | |
| zroot \ | |
| "${TGT_ROOT}" | |
| zfs create \ | |
| -V "${SWPSIZE}" \ | |
| -b "$(getconf PAGESIZE)" \ | |
| -o compression=zle \ | |
| -o logbias=throughput \ | |
| -o sync=always \ | |
| -o primarycache=metadata \ | |
| -o secondarycache=none \ | |
| -o com.sun:auto-snapshot=false \ | |
| zroot/swap | |
| zfs create -o mountpoint=legacy zroot/root # For / | |
| zfs create -o mountpoint=legacy zroot/root/home # For /home | |
| zfs create -o mountpoint=legacy zroot/root/nix # For /nix | |
| mkfs.vfat "${TGT_BOOT}" | |
| mkswap -f "${TGT_SWAP}" | |
| } | |
| function mount_filesystems() { | |
| mkdir -p /mnt | |
| mount -t zfs zroot/root /mnt | |
| mkdir -p /mnt/{nix,home,boot} | |
| mount -t zfs zroot/root/nix /mnt/nix | |
| mount -t zfs zroot/root/home /mnt/home | |
| swapon "${TGT_SWAP}" | |
| mount "${TGT_BOOT}" /mnt/boot | |
| } | |
| function install_nixos() { | |
| nixos-generate-config --root /mnt | |
| sed -i '/\}\s*$/d' /mnt/etc/nixos/configuration.nix | |
| sed -i '/canTouchEfiVariables/d' /mnt/etc/nixos/configuration.nix | |
| sed -i '/systemd-boot/d' /mnt/etc/nixos/configuration.nix | |
| ZFSID="$(cat /dev/urandom | hexdump --no-squeezing -e '/1 "%x"' | head -c 8)" | |
| cat >>/mnt/etc/nixos/configuration.nix <<EOF | |
| nixpkgs.config.allowUnfree = true; | |
| boot.supportedFilesystems = [ "zfs" ]; | |
| networking.hostId = "$ZFSID"; | |
| networking.hostName = "freshnix"; | |
| boot.loader.efi.canTouchEfiVariables = false; | |
| boot.loader.grub = { | |
| enable = true; | |
| #version = 2; | |
| useOSProber = true; | |
| memtest86.enable = true; | |
| device = "nodev"; | |
| efiSupport = true; | |
| efiInstallAsRemovable = true; | |
| extraEntries = '' | |
| menuentry "Firmware setup" { | |
| fwsetup | |
| } | |
| ''; | |
| }; | |
| networking.networkmanager.enable = true; | |
| services.openssh = { | |
| enable = true; | |
| settings = { | |
| PermitRootLogin = "yes"; | |
| }; | |
| openFirewall = true; | |
| }; | |
| users = { | |
| users.root.password = "nixos"; | |
| }; | |
| boot.kernelParams = ["boot.shell_on_fail" "boot.trace"]; | |
| hardware = { | |
| enableRedistributableFirmware = true; | |
| cpu.intel.updateMicrocode = true; | |
| cpu.amd.updateMicrocode = true; | |
| }; | |
| environment.systemPackages = with pkgs; [ | |
| mc | |
| nano | |
| gptfdisk | |
| parted | |
| nvme-cli | |
| efibootmgr | |
| kitty.terminfo | |
| ]; | |
| } | |
| EOF | |
| set +x | |
| echo "Going to run 'nixos-install --no-root-password' in 3 seconds..." | |
| sleep 3 | |
| nixos-install --no-root-password | |
| echo "Don't forget about 'zpool export zroot' in the end" | |
| umount /mnt/nix | |
| umount /mnt/home | |
| umount /mnt/boot | |
| umount /mnt | |
| # swapoff "${TGT_SWAP}" | |
| # zpool export zroot | |
| swapoff -a | |
| zpool export -a | |
| reboot | |
| } | |
| DISK1=$1 | |
| if [[ ! (-L "$DISK1") && ! (-b "$DISK1") ]]; then | |
| echo "Missing disk: ${DISK1}" | |
| ls -la /dev/disk/by-id/ | |
| exit 1 | |
| fi | |
| SWPSIZE=${SWPSIZE:-16GiB} | |
| ENCRYPTED=${ENCRYPTED:-0} | |
| COMPRESSED=${COMPRESSED:-1} | |
| TGT_SWAP=/dev/zvol/zroot/swap | |
| echo "Will use ${DISK1}" | |
| echo "Swap size: SWPSIZE=${SWPSIZE}" | |
| echo "Encrypted: ENCRYPTED=${ENCRYPTED}" | |
| echo "Compressed: COMPRESSED=${COMPRESSED}" | |
| ZFS_ARGS=() | |
| if [[ "$COMPRESSED" == "1" ]]; then | |
| ZFS_ARGS+=("-O") | |
| ZFS_ARGS+=("compression=lz4") | |
| fi | |
| if [[ "$ENCRYPTED" == "1" ]]; then | |
| ZFS_ARGS+=("-O") | |
| ZFS_ARGS+=("encryption=on") | |
| ZFS_ARGS+=("-O") | |
| ZFS_ARGS+=("keyformat=passphrase") | |
| fi | |
| read -n 1 -s -r -p "Press any key to continue" | |
| set -x | |
| prepare_layout | |
| create_filesystems "${ZFS_ARGS[@]}" | |
| mount_filesystems | |
| install_nixos |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { lib, pkgs, config, modulesPath, paths, ... }: | |
| { | |
| services.getty.autologinUser = lib.mkForce "root"; | |
| users.users.root.openssh.authorizedKeys.keys = config.sshkeys.pavel-all; | |
| users.users.root.password = "nixos"; | |
| boot.supportedFilesystems = [ "zfs" ]; | |
| boot.kernelPackages = config.currentKernel; | |
| imports = [ | |
| (modulesPath + "/installer/netboot/netboot.nix") | |
| (modulesPath + "/installer/cd-dvd/channel.nix") | |
| "${paths.shared}/auto/consts.nix" | |
| "${paths.shared}/auto/any.nix" | |
| "${paths.shared}/auto/any-nixos.nix" | |
| # "${paths.shared}/roles/network.nix" | |
| ]; | |
| networking = { | |
| hostName = "nix-pxe-ephemeral"; | |
| hostId = "00000000"; | |
| }; | |
| nixpkgs = { | |
| overlays = [ | |
| (self: super: { | |
| nix-quick-install = pkgs.callPackage | |
| "${paths.pkg}/nix-quick-install/nix-quick-install.nix" { }; | |
| }) | |
| ]; | |
| }; | |
| hardware = { | |
| cpu.intel.updateMicrocode = true; | |
| cpu.amd.updateMicrocode = true; | |
| }; | |
| environment.systemPackages = with pkgs; [ nix-quick-install ]; | |
| networking.networkmanager.enable = true; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { config, pkgs, lib, inputs, flake, paths, buildHome, ... }: | |
| { | |
| services.pixiecore = | |
| let | |
| nixos = inputs.nixpkgs.lib.nixosSystem { | |
| system = "x86_64-linux"; | |
| modules = [ ./pxe.nix ]; | |
| specialArgs = { paths = paths; }; | |
| }; | |
| pxeSystemConfig = nixos.config; | |
| build = pxeSystemConfig.system.build; | |
| params = lib.concatStringsSep " " pxeSystemConfig.boot.kernelParams; | |
| in | |
| { | |
| enable = true; | |
| openFirewall = true; | |
| kernel = "${build.kernel}/bzImage"; | |
| initrd = "${build.netbootRamdisk}/initrd"; | |
| cmdLine = "init=.${build.toplevel}/init ${params} boot.shell_on_fail"; | |
| dhcpNoBind = true; | |
| }; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment