feat: improve install ISO

2025-12-06 09:07:21 +01:00 · 2024-12-24 14:00:37 +01:00 · 2024-12-24 14:00:37 +01:00 · 5637ab54fc
commit 5637ab54fc
parent 43e13334c0
5 changed files with 84 additions and 10 deletions
--- a/SwarselSystems.org
+++ b/SwarselSystems.org
@ -1747,7 +1747,7 @@ This is a slim setup for developing base configuration.
          swapSize = "8";
          rootDisk = "/dev/vda";
          withImpermanence = true;
-          withEncryption = false;
+          withEncryption = true;
        };
      }
      ./hardware-configuration.nix
@ -1814,7 +1814,7 @@ This is a slim setup for developing base configuration.
      wallpaper = self + /wallpaper/lenovowp.png;
      impermanence = true;
      isBtrfs = true;
-      isCrypted = false;
+      isCrypted = true;
      initialSetup = true;
    };

@ -1837,8 +1837,26 @@ This is a slim setup for developing base configuration.

 This is a live environment ISO that I use to bootstrap new systems. It only loads a minimal configuration and no graphical interface. After booting this image on a host, find out its IP and bootstrap the system using the =bootstrap= utility.

+For added convenience, the live environment displays a helpful text on login, we define it here (will be put into =/etc/issue=):
+
+#+begin_src bash :tangle programs/etc/issue
+  [32m~SwarselSystems~[0m
+  IP of primary interface: [31m\4[0m
+  The Password for all users & root is '[31msetup[0m'.
+  Install the system remotely by running '[33mbootstrap -n <HOSTNAME> -d <IP_FROM_ABOVE> [--impermanence] [--encryption][0m' on a machine with deployed secrets.
+  Alternatively, run '[33mswarsel-install -d <DISK> -f <flake>[0m' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access).
+
+#+end_src
+
+Also, an initial bash history is provided to allow for a very quick local deployment:
+
+#+begin_src shell :tangle programs/bash/.bash_history
+swarsel-install -f chaostheatre -d /dev/vda
+#+end_src
+
+
 #+begin_src nix :tangle hosts/nixos/iso/default.nix
-  { self, pkgs, inputs, config, lib, modulesPath, ... }:
+  { self, pkgs, inputs, outputs, config, lib, modulesPath, ... }:
  let
    pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh";
  in
@ -1855,9 +1873,32 @@ This is a live environment ISO that I use to bootstrap new systems. It only load

      "${self}/profiles/iso/minimal.nix"

+      inputs.home-manager.nixosModules.home-manager
+      {
+        home-manager.users.swarsel.imports = [
+          "${self}/profiles/common/home/settings.nix"
+        ] ++ (builtins.attrValues outputs.homeManagerModules);
+      }
    ];

-    environment.etc."issue".text = "\\4\n";
+    home-manager.users.swarsel.home = {
+      file = {
+        ".bash_history" = {
+          source = self + /programs/bash/.bash_history;
+        };
+      };
+    };
+    home-manager.users.root.home = {
+      stateVersion = "23.05";
+      file = {
+        ".bash_history" = {
+          source = self + /programs/bash/.bash_history;
+        };
+      };
+    };
+
+    # environment.etc."issue".text = "\x1B[32m~SwarselSystems~\x1B[0m\nIP of primary interface: \x1B[31m\\4\x1B[0m\nThe Password for all users & root is '\x1B[31msetup\x1B[0m'.\nInstall the system remotely by running '\x1B[33mbootstrap -n <HOSTNAME> -d <IP_FROM_ABOVE> [--impermanence] [--encryption]\x1B[0m' on a machine with deployed secrets.\nAlternatively, run '\x1B[33mswarsel-install -d <DISK> -f <flake>\x1B[0m' for a local install.\n";
+    environment.etc."issue".source = "${self}/programs/etc/issue";
    networking.dhcpcd.runHook = "${pkgs.utillinux}/bin/agetty --reload";

    isoImage = {
@ -1903,7 +1944,9 @@ This is a live environment ISO that I use to bootstrap new systems. It only load

    system.activationScripts.cache = {
      text = ''
-        mkdir -p /home/swarsel/.local/share/nix/
+        mkdir -p -m=0777 /home/swarsel/.local/state/nix/profiles
+        mkdir -p -m=0777 /home/swarsel/.local/state/home-manager/gcroots
+        mkdir -p -m=0777 /home/swarsel/.local/share/nix/
        printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /home/swarsel/.local/share/nix/trusted-settings.json > /dev/null
        mkdir -p /root/.local/share/nix/
        printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /root/.local/share/nix/trusted-settings.json > /dev/null