refactor: use flakes with deploy-rs & nixos-hardware

2025-05-24 09:54:40 +02:00 · 2022-06-03 17:47:16 +02:00 · 2022-06-03 17:47:16 +02:00 · d17c2b69a0
commit d17c2b69a0
parent b1ef65594a
81 changed files with 1179 additions and 317 deletions
--- a/legacy/helpers.sh
+++ b/legacy/helpers.sh
@ -0,0 +1,136 @@
+#!/bin/sh
+
+ask_if_sure(){
+	while true; do
+		read -p "reinstall & ERASE ALL DATA? [y/n] " yn
+		case $yn in
+			[Yy]* ) break;;
+			[Nn]* ) exit 1;;
+			* ) echo "Please answer yes or no.";;
+		esac
+	done
+}
+
+blk_wait(){
+	local dev="${1?}"
+
+	while ! [ -b "${dev}" ]; do
+		sleep 0.1
+	done
+}
+
+blk_info_partuuid(){
+	local dev="${1?}"
+
+	printf '/dev/disk/by-partuuid/%s' "$(blkid -o value -s PARTUUID "${dev}")"
+}
+
+blk_info_uuid(){
+	local dev="${1?}"
+
+	printf '/dev/disk/by-uuid/%s' "$(blkid -o value -s UUID "${dev}")"
+}
+
+# Write into /tmp/password your password (without a trailing newline!)
+# So you won't get asked for a password during installation
+#
+# If you want to get asked for every password, just remove this function
+cryptsetup(){
+	command cryptsetup $* --key-file /tmp/passwd -q
+}
+
+install_os(){
+	local folder="${1?}"
+	nixos-install --cores 0 --max-jobs auto --root "${folder}"
+}
+
+luks_close(){
+	local drive="${1?}"
+
+	if cryptsetup status "${drive}" &>/dev/null; then
+		cryptsetup close "${drive}"
+	fi
+}
+
+lvm_remove_lv(){
+	local lv="${1?}"
+
+	if lvs "${lv}"; then
+		lvremove -f "${lv}"
+	fi
+}
+
+lvm_remove_vg(){
+	local vg="${1?}"
+
+	if vgs "${vg}"; then
+		vgremove "${vg}"
+	fi
+}
+
+lvm_remove_pv(){
+	local pv="${1?}"
+
+	if pvs "${pv}"; then
+		pvremove "${pv}"
+	fi
+}
+
+macro_replace(){
+	local macro="${1?}"
+	local value="${2?}"
+	local file="${3?}"
+
+	sed -i "s%${macro}%${value}%g" "${file}"
+}
+
+mp_mount(){
+	local src="${1?}"
+	local dst="${2?}"
+	local fstype="${3:-}"
+
+	mkdir -p "${CHROOT_BASE?}${dst}"
+	mount ${fstype:+-t} ${fstype:+"${fstype}"} "${src}" "${CHROOT_BASE?}${dst}"
+}
+
+mp_umount(){
+	local mountpoint="${1?}"
+
+	if mountpoint "${CHROOT_BASE}${mountpoint}" &>/dev/null; then
+		umount -R "${CHROOT_BASE}${mountpoint}"
+	fi
+
+	if [ -d "${CHROOT_BASE}${mountpoint}" ]; then
+		rmdir "${CHROOT_BASE}${mountpoint}"
+	fi
+	! [ -e "${CHROOT_BASE}${mountpoint}" ]
+}
+
+parttable_clear(){
+	local drive="${1?}"
+
+	while ! sgdisk -Z "${drive}" &>/dev/null; do
+		sleep 0.1
+	done
+}
+
+zero_blockdev(){
+	local dev="${1?}"
+
+	blkdiscard "${dev}"
+}
+
+zero_overwrite(){
+	local fsdev="${1?}"
+	local MBs="${2:-10}"
+
+	dd if=/dev/zero of="${fsdev}" bs=1M count="${MBs}" conv=sync
+}
+
+# Helper.sh
+zfs_pool_destroy(){
+	local pool="${1?}"
+	if zpool status "${pool}" &>/dev/null; then
+		zpool destroy "${pool}"
+	fi
+}
--- a/legacy/install-desktop.nix
+++ b/legacy/install-desktop.nix
@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+
+set -eux -o pipefail
+
+BASE="$(dirname "$(readlink -f "$0")")"
+. "${BASE}/helpers.sh"
+
+export HOST=thinkman
+export DRIVE_ROOT=/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_1TB_S5H9NS0NB16097P
+
+export NIXOS_FILES="${NIXOS_FILES?}"
+export CHROOT_BASE="/mnt/newroot-${HOST}"
+
+export DRIVE_ROOT_LUKS=/dev/mapper/luks-root
+PARTSEP="-part"
+
+ask_if_sure
+
+mp_umount /
+
+################################################################################################
+
+lvm_remove_lv /dev/vg_root/lv_root
+lvm_remove_lv /dev/vg_root/lv_home
+lvm_remove_vg vg_root
+lvm_remove_pv "${DRIVE_ROOT_LUKS}"
+
+luks_close "$(basename "${DRIVE_ROOT_LUKS}")"
+zero_blockdev "${DRIVE_ROOT}"
+
+parttable_clear "${DRIVE_ROOT}"
+
+# ROOT SSD SETUP
+sgdisk \
+	-o "${DRIVE_ROOT}" \
+	-n 1:2048:4095   -c 1:"BIOS Boot Partition"  -t 1:ef02 \
+	-n 2:4096:823295 -c 2:"EFI System Partition" -t 2:ef00 \
+	--largest-new=3  -c 3:"Crypt"                -t 3:8309 \
+	-p
+
+sleep 3
+
+cryptsetup luksFormat "${DRIVE_ROOT}${PARTSEP}3"
+cryptsetup luksOpen --allow-discards "${DRIVE_ROOT}${PARTSEP}3" "$(basename "${DRIVE_ROOT_LUKS}")"
+
+pvcreate         "${DRIVE_ROOT_LUKS}"
+vgcreate vg_root "${DRIVE_ROOT_LUKS}"
+
+lvcreate -L 50GiB -n lv_root vg_root
+mkfs.ext4 -L "${HOST}-root" /dev/vg_root/lv_root
+
+lvcreate -L 100GiB -n lv_home vg_root
+mkfs.ext4 -L "${HOST}-home" /dev/vg_root/lv_home
+
+lvcreate -L 10GiB -n lv_swap vg_root
+mkswap -L "${HOST}-swap" /dev/vg_root/lv_swap
+
+zero_overwrite "${DRIVE_ROOT}${PARTSEP}2"
+mkfs.vfat -n "${HOST}-boot" "${DRIVE_ROOT}${PARTSEP}2"
+
+mp_mount /dev/vg_root/lv_root /
+mp_mount /dev/vg_root/lv_home /home
+mp_mount "${DRIVE_ROOT}${PARTSEP}2" /boot
+
+mkdir -p ${CHROOT_BASE}/etc/secrets/initrd
+ssh-keygen -t ed25519 -N "" -f "${CHROOT_BASE}/etc/secrets/initrd/ssh_host_ed25519_key"
+ssh-keygen -t rsa     -N "" -f "${CHROOT_BASE}/etc/secrets/initrd/ssh_host_rsa_key"
+
+mkdir -p "${CHROOT_BASE}/etc/nixos/"
+rsync -avH "${NIXOS_FILES}/" "${CHROOT_BASE}/etc/nixos/"
+
+install_os "${CHROOT_BASE}"
--- a/legacy/install-server.sh
+++ b/legacy/install-server.sh
@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+
+set -eux -o pipefail
+
+BASE="$(dirname "$(readlink -f "$0")")"
+. "${BASE}/helpers.sh"
+
+export HOST=serverle
+export DRIVE_ROOT=/dev/disk/by-id/usb-Seagate_Expansion_2HC015KJ-0\:0
+
+export NIXOS_FILES="${NIXOS_FILES:-$PWD}"
+export CHROOT_BASE="/mnt/newroot-${HOST}"
+
+export DRIVE_ROOT_LUKS=/dev/mapper/luks-root
+PARTSEP="-part"
+
+ask_if_sure
+
+mp_umount /
+
+################################################################################################
+echo "Starting Root SSD"
+
+lvm_remove_lv /dev/vg_root/lv_root
+lvm_remove_lv /dev/vg_root/lv_srv
+lvm_remove_vg vg_root
+lvm_remove_pv "${DRIVE_ROOT_LUKS}"
+
+luks_close "$(basename "${DRIVE_ROOT_LUKS}")"
+#zero_blockdev "${DRIVE_ROOT}" # trim support is not available on external drives
+
+parttable_clear "${DRIVE_ROOT}"
+
+# ROOT SSD SETUP
+sgdisk \
+	-o "${DRIVE_ROOT}" \
+	-n 1:2048:4095   -c 1:"BIOS Boot Partition"  -t 1:ef02 \
+	-n 2:4096:823295 -c 2:"EFI System Partition" -t 2:ef00 \
+	--largest-new=3  -c 3:"Crypt"                -t 3:8309 \
+	-p
+
+sleep 3
+
+cryptsetup luksFormat "${DRIVE_ROOT}${PARTSEP}3"
+cryptsetup luksOpen --allow-discards "${DRIVE_ROOT}${PARTSEP}3" "$(basename "${DRIVE_ROOT_LUKS}")"
+
+pvcreate         "${DRIVE_ROOT_LUKS}"
+vgcreate vg_root "${DRIVE_ROOT_LUKS}"
+
+lvcreate -L 50GiB -n lv_root vg_root
+mkfs.ext4 -L "${HOST}-root" /dev/vg_root/lv_root
+
+lvcreate -L 100GiB -n lv_srv vg_root
+mkfs.ext4 -L "${HOST}-srv" /dev/vg_root/lv_srv
+
+lvcreate -L 4GiB -n lv_swap vg_root
+mkswap -L "${HOST}-swap" /dev/vg_root/lv_swap
+
+zero_overwrite "${DRIVE_ROOT}${PARTSEP}2"
+mkfs.vfat -n "${HOST}-boot" "${DRIVE_ROOT}${PARTSEP}2"
+
+mp_mount /dev/vg_root/lv_root /
+mp_mount /dev/vg_root/lv_srv /srv
+mp_mount "${DRIVE_ROOT}${PARTSEP}2" /boot
+
+mkdir -p /etc/secrets/initrd
+ssh-keygen -t ed25519 -N "" -f "/etc/secrets/initrd/ssh_host_ed25519_key"
+
+mkdir -p "${CHROOT_BASE}/etc/nixos/"
+rsync -avH "${NIXOS_FILES}/" "${CHROOT_BASE}/etc/nixos/"
+
+mkdir -p "${CHROOT_BASE}/etc/secrets/initrd"
+rsync -avH "/etc/secrets/" "${CHROOT_BASE}/etc/secrets/"
+
+install_os "${CHROOT_BASE}"