summaryrefslogtreecommitdiffstats
path: root/lass/1systems/hilum
diff options
context:
space:
mode:
Diffstat (limited to 'lass/1systems/hilum')
-rw-r--r--lass/1systems/hilum/disk.nix53
-rwxr-xr-xlass/1systems/hilum/flash-stick.sh37
-rw-r--r--lass/1systems/hilum/physical.nix43
3 files changed, 119 insertions, 14 deletions
diff --git a/lass/1systems/hilum/disk.nix b/lass/1systems/hilum/disk.nix
new file mode 100644
index 000000000..926401648
--- /dev/null
+++ b/lass/1systems/hilum/disk.nix
@@ -0,0 +1,53 @@
+{ lib, disk, keyFile, ... }:
+{
+ disk = {
+ main = {
+ type = "disk";
+ device = disk;
+ content = {
+ type = "table";
+ format = "gpt";
+ partitions = [
+ {
+ name = "boot";
+ type = "partition";
+ start = "0";
+ end = "1M";
+ part-type = "primary";
+ flags = ["bios_grub"];
+ }
+ {
+ type = "partition";
+ name = "ESP";
+ start = "1MiB";
+ end = "50%";
+ fs-type = "fat32";
+ bootable = true;
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ };
+ }
+ {
+ name = "root";
+ type = "partition";
+ start = "50%";
+ end = "100%";
+ content = {
+ type = "luks";
+ name = "hilum_luks";
+ keyFile = keyFile;
+ content = {
+ type = "filesystem";
+ format = "xfs";
+ mountpoint = "/";
+ };
+ };
+ }
+ ];
+ };
+ };
+ };
+}
+
diff --git a/lass/1systems/hilum/flash-stick.sh b/lass/1systems/hilum/flash-stick.sh
new file mode 100755
index 000000000..17a5fc580
--- /dev/null
+++ b/lass/1systems/hilum/flash-stick.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+set -efux
+
+disk=$1
+
+export NIXPKGS_ALLOW_UNFREE=1
+(umask 077; pass show admin/hilum/luks > /tmp/hilum.luks)
+trap 'rm -f /tmp/hilum.luks' EXIT
+stockholm_root=$(git rev-parse --show-toplevel)
+ssh root@localhost -t -- $(nix-build \
+ --no-out-link \
+ -I nixpkgs=/var/src/nixpkgs \
+ -I stockholm="$stockholm_root" \
+ -I secrets="$stockholm_root"/lass/2configs/tests/dummy-secrets \
+ -E "with import <nixpkgs> {}; (pkgs.nixos [
+ {
+ luksPassFile = \"/tmp/hilum.luks\";
+ mainDisk = \"$disk\";
+ disko.rootMountPoint = \"/mnt/hilum\";
+ }
+ ./physical.nix
+ ]).disko"
+)
+rm -f /tmp/hilum.luks
+$(nix-build \
+ --no-out-link \
+ -I nixpkgs=/var/src/nixpkgs \
+ "$stockholm_root"/lass/krops.nix -A populate \
+ --argstr name hilum \
+ --argstr target "root@localhost/mnt/hilum/var/src" \
+ --arg force true
+)
+ssh root@localhost << SSH
+NIXOS_CONFIG=/mnt/hilum/var/src/nixos-config nixos-install --no-root-password --root /mnt/hilum -I /var/src
+nixos-enter --root /mnt/hilum -- nixos-rebuild -I /var/src switch --install-bootloader
+umount -Rv /mnt/hilum
+SSH
diff --git a/lass/1systems/hilum/physical.nix b/lass/1systems/hilum/physical.nix
index f8bab57d6..6f160062d 100644
--- a/lass/1systems/hilum/physical.nix
+++ b/lass/1systems/hilum/physical.nix
@@ -1,11 +1,38 @@
-{ lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:
{
imports = [
./config.nix
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ {
+ # nice hack to carry around state passed impurely at the beginning
+ options.mainDisk = let
+ tryFile = path: default:
+ if lib.elem (builtins.baseNameOf path) (lib.attrNames (builtins.readDir (builtins.dirOf path))) then
+ builtins.readFile path
+ else
+ default
+ ;
+ in lib.mkOption {
+ type = lib.types.str;
+ default = tryFile "/etc/hilum-disk" "/dev/sdz";
+ };
+ config.environment.etc.hilum-disk.text = config.mainDisk;
+ }
+ {
+ options.luksPassFile = lib.mkOption {
+ type = lib.types.nullOr lib.types.str;
+ default = null;
+ };
+ }
];
+ disko.devices = import ./disk.nix {
+ inherit lib;
+ disk = config.mainDisk;
+ keyFile = config.luksPassFile;
+ };
+
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
@@ -13,21 +40,9 @@
boot.loader.grub.enable = true;
boot.loader.grub.efiSupport = true;
- boot.loader.grub.device = "/dev/disk/by-id/usb-General_USB_Flash_Disk_0374116060006128-0:0";
+ boot.loader.grub.device = config.mainDisk;
boot.loader.grub.efiInstallAsRemovable = true;
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/6db29cdd-ff64-496d-b541-5f1616665dc2";
- fsType = "ext4";
- };
-
- boot.initrd.luks.devices."usb_nix".device = "/dev/disk/by-uuid/3c8ab3af-57fb-4564-9e27-b2766404f5d4";
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/2B9E-5131";
- fsType = "vfat";
- };
-
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 4;