swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: improve install ISO

Browse source
This commit is contained in:
Swarsel 2024-12-24 14:00:37 +01:00
parent 43e13334c0
commit 5637ab54fc
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
5 changed files with 84 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

53
SwarselSystems.org
View file

@ -1747,7 +1747,7 @@ This is a slim setup for developing base configuration.
swapSize = "8"; swapSize = "8";
rootDisk = "/dev/vda"; rootDisk = "/dev/vda";
withImpermanence = true; withImpermanence = true;
withEncryption = false; withEncryption = true;
}; };
} }
./hardware-configuration.nix ./hardware-configuration.nix
@ -1814,7 +1814,7 @@ This is a slim setup for developing base configuration.
wallpaper = self + /wallpaper/lenovowp.png; wallpaper = self + /wallpaper/lenovowp.png;
impermanence = true; impermanence = true;
isBtrfs = true; isBtrfs = true;
isCrypted = false; isCrypted = true;
initialSetup = true; initialSetup = true;
}; };
@ -1837,8 +1837,26 @@ This is a slim setup for developing base configuration.
This is a live environment ISO that I use to bootstrap new systems. It only loads a minimal configuration and no graphical interface. After booting this image on a host, find out its IP and bootstrap the system using the =bootstrap= utility. This is a live environment ISO that I use to bootstrap new systems. It only loads a minimal configuration and no graphical interface. After booting this image on a host, find out its IP and bootstrap the system using the =bootstrap= utility.
For added convenience, the live environment displays a helpful text on login, we define it here (will be put into =/etc/issue=):
#+begin_src bash :tangle programs/etc/issue
~SwarselSystems~
IP of primary interface: \4
The Password for all users & root is 'setup'.
Install the system remotely by running 'bootstrap -n <HOSTNAME> -d <IP_FROM_ABOVE> [--impermanence] [--encryption]' on a machine with deployed secrets.
Alternatively, run 'swarsel-install -d <DISK> -f <flake>' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access).
#+end_src
Also, an initial bash history is provided to allow for a very quick local deployment:
#+begin_src shell :tangle programs/bash/.bash_history
swarsel-install -f chaostheatre -d /dev/vda
#+end_src
#+begin_src nix :tangle hosts/nixos/iso/default.nix #+begin_src nix :tangle hosts/nixos/iso/default.nix
{ self, pkgs, inputs, config, lib, modulesPath, ... }: { self, pkgs, inputs, outputs, config, lib, modulesPath, ... }:
let let
pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh"; pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh";
in in
@ -1855,9 +1873,32 @@ This is a live environment ISO that I use to bootstrap new systems. It only load
"${self}/profiles/iso/minimal.nix" "${self}/profiles/iso/minimal.nix"
inputs.home-manager.nixosModules.home-manager
{
home-manager.users.swarsel.imports = [
"${self}/profiles/common/home/settings.nix"
] ++ (builtins.attrValues outputs.homeManagerModules);
}
]; ];
environment.etc."issue".text = "\\4\n"; home-manager.users.swarsel.home = {
file = {
".bash_history" = {
source = self + /programs/bash/.bash_history;
};
};
};
home-manager.users.root.home = {
stateVersion = "23.05";
file = {
".bash_history" = {
source = self + /programs/bash/.bash_history;
};
};
};
# environment.etc."issue".text = "\x1B[32m~SwarselSystems~\x1B[0m\nIP of primary interface: \x1B[31m\\4\x1B[0m\nThe Password for all users & root is '\x1B[31msetup\x1B[0m'.\nInstall the system remotely by running '\x1B[33mbootstrap -n <HOSTNAME> -d <IP_FROM_ABOVE> [--impermanence] [--encryption]\x1B[0m' on a machine with deployed secrets.\nAlternatively, run '\x1B[33mswarsel-install -d <DISK> -f <flake>\x1B[0m' for a local install.\n";
environment.etc."issue".source = "${self}/programs/etc/issue";
networking.dhcpcd.runHook = "${pkgs.utillinux}/bin/agetty --reload"; networking.dhcpcd.runHook = "${pkgs.utillinux}/bin/agetty --reload";
isoImage = { isoImage = {
@ -1903,7 +1944,9 @@ This is a live environment ISO that I use to bootstrap new systems. It only load
system.activationScripts.cache = { system.activationScripts.cache = {
text = '' text = ''
mkdir -p /home/swarsel/.local/share/nix/ mkdir -p -m=0777 /home/swarsel/.local/state/nix/profiles
mkdir -p -m=0777 /home/swarsel/.local/state/home-manager/gcroots
mkdir -p -m=0777 /home/swarsel/.local/share/nix/
printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /home/swarsel/.local/share/nix/trusted-settings.json > /dev/null printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /home/swarsel/.local/share/nix/trusted-settings.json > /dev/null
mkdir -p /root/.local/share/nix/ mkdir -p /root/.local/share/nix/
printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /root/.local/share/nix/trusted-settings.json > /dev/null printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /root/.local/share/nix/trusted-settings.json > /dev/null

31
hosts/nixos/iso/default.nix
View file

@ -1,4 +1,4 @@
{ self, pkgs, inputs, config, lib, modulesPath, ... }: { self, pkgs, inputs, outputs, config, lib, modulesPath, ... }:
let let
pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh"; pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh";
in in
@ -15,9 +15,32 @@ in
"${self}/profiles/iso/minimal.nix" "${self}/profiles/iso/minimal.nix"
inputs.home-manager.nixosModules.home-manager
{
home-manager.users.swarsel.imports = [
"${self}/profiles/common/home/settings.nix"
] ++ (builtins.attrValues outputs.homeManagerModules);
}
]; ];
environment.etc."issue".text = "\\4\n"; home-manager.users.swarsel.home = {
file = {
".bash_history" = {
source = self + /programs/bash/.bash_history;
};
};
};
home-manager.users.root.home = {
stateVersion = "23.05";
file = {
".bash_history" = {
source = self + /programs/bash/.bash_history;
};
};
};
# environment.etc."issue".text = "\x1B[32m~SwarselSystems~\x1B[0m\nIP of primary interface: \x1B[31m\\4\x1B[0m\nThe Password for all users & root is '\x1B[31msetup\x1B[0m'.\nInstall the system remotely by running '\x1B[33mbootstrap -n <HOSTNAME> -d <IP_FROM_ABOVE> [--impermanence] [--encryption]\x1B[0m' on a machine with deployed secrets.\nAlternatively, run '\x1B[33mswarsel-install -d <DISK> -f <flake>\x1B[0m' for a local install.\n";
environment.etc."issue".source = "${self}/programs/etc/issue";
networking.dhcpcd.runHook = "${pkgs.utillinux}/bin/agetty --reload"; networking.dhcpcd.runHook = "${pkgs.utillinux}/bin/agetty --reload";
isoImage = { isoImage = {
@ -63,7 +86,9 @@ in
system.activationScripts.cache = { system.activationScripts.cache = {
text = '' text = ''
mkdir -p /home/swarsel/.local/share/nix/ mkdir -p -m=0777 /home/swarsel/.local/state/nix/profiles
mkdir -p -m=0777 /home/swarsel/.local/state/home-manager/gcroots
mkdir -p -m=0777 /home/swarsel/.local/share/nix/
printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /home/swarsel/.local/share/nix/trusted-settings.json > /dev/null printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /home/swarsel/.local/share/nix/trusted-settings.json > /dev/null
mkdir -p /root/.local/share/nix/ mkdir -p /root/.local/share/nix/
printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /root/.local/share/nix/trusted-settings.json > /dev/null printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /root/.local/share/nix/trusted-settings.json > /dev/null

4
hosts/nixos/toto/default.nix
View file

@ -13,7 +13,7 @@ in
swapSize = "8"; swapSize = "8";
rootDisk = "/dev/vda"; rootDisk = "/dev/vda";
withImpermanence = true; withImpermanence = true;
withEncryption = false; withEncryption = true;
}; };
} }
./hardware-configuration.nix ./hardware-configuration.nix
@ -80,7 +80,7 @@ in
wallpaper = self + /wallpaper/lenovowp.png; wallpaper = self + /wallpaper/lenovowp.png;
impermanence = true; impermanence = true;
isBtrfs = true; isBtrfs = true;
isCrypted = false; isCrypted = true;
initialSetup = true; initialSetup = true;
}; };

1
programs/bash/.bash_history Normal file
View file

@ -0,0 +1 @@
swarsel-install -f chaostheatre -d /dev/vda

5
programs/etc/issue Normal file
View file

@ -0,0 +1,5 @@
~SwarselSystems~
IP of primary interface: \4
The Password for all users & root is 'setup'.
Install the system remotely by running 'bootstrap -n <HOSTNAME> -d <IP_FROM_ABOVE> [--impermanence] [--encryption]' on a machine with deployed secrets.
Alternatively, run 'swarsel-install -d <DISK> -f <flake>' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access).