From 2b01c332826d2d59b7fdbf4a7924e827338920f9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 26 Jan 2023 16:14:47 +0100 Subject: l hilum.r: create with disko, add script --- lass/1systems/hilum/flash-stick.sh | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 lass/1systems/hilum/flash-stick.sh (limited to 'lass/1systems/hilum/flash-stick.sh') diff --git a/lass/1systems/hilum/flash-stick.sh b/lass/1systems/hilum/flash-stick.sh new file mode 100644 index 00000000..7b787f92 --- /dev/null +++ b/lass/1systems/hilum/flash-stick.sh @@ -0,0 +1,27 @@ +#!/bin/sh +set -efux + +disk=$1 + +export NIXPKGS_ALLOW_UNFREE=1 +stockholm_root=$(git rev-parse --show-toplevel) +ssh root@localhost -t -- $(nix-build \ + --no-out-link \ + -I nixpkgs=/var/src/nixpkgs \ + -I stockholm="$stockholm_root" \ + -I secrets="$stockholm_root"/lass/2configs/tests/dummy-secrets \ + -E "with import {}; (pkgs.nixos [ { mainDisk = \"$disk\"; disko.rootMountPoint = \"/mnt/hilum\"; } ./physical.nix ]).mountScript" +) +$(nix-build \ + --no-out-link \ + -I nixpkgs=/var/src/nixpkgs \ + "$stockholm_root"/lass/krops.nix -A populate \ + --argstr name hilum \ + --argstr target "root@localhost/mnt/hilum/var/src" \ + --arg force true +) +ssh root@localhost << SSH +nixos-install --no-root-password --root /mnt/hilum -I /var/src +nixos-enter --root /mnt/hilum -- nixos-rebuild -I /var/src switch --install-bootloader +umount -Rv /mnt/hilum +SSH -- cgit v1.2.3 From 34360eb931e89b09512091fe819fb59568852441 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 26 Jan 2023 23:46:51 +0100 Subject: l hilum.r: pass luks passphrase in flash script --- lass/1systems/hilum/flash-stick.sh | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) mode change 100644 => 100755 lass/1systems/hilum/flash-stick.sh (limited to 'lass/1systems/hilum/flash-stick.sh') diff --git a/lass/1systems/hilum/flash-stick.sh b/lass/1systems/hilum/flash-stick.sh old mode 100644 new mode 100755 index 7b787f92..17a5fc58 --- a/lass/1systems/hilum/flash-stick.sh +++ b/lass/1systems/hilum/flash-stick.sh @@ -4,14 +4,24 @@ set -efux disk=$1 export NIXPKGS_ALLOW_UNFREE=1 +(umask 077; pass show admin/hilum/luks > /tmp/hilum.luks) +trap 'rm -f /tmp/hilum.luks' EXIT stockholm_root=$(git rev-parse --show-toplevel) ssh root@localhost -t -- $(nix-build \ --no-out-link \ -I nixpkgs=/var/src/nixpkgs \ -I stockholm="$stockholm_root" \ -I secrets="$stockholm_root"/lass/2configs/tests/dummy-secrets \ - -E "with import {}; (pkgs.nixos [ { mainDisk = \"$disk\"; disko.rootMountPoint = \"/mnt/hilum\"; } ./physical.nix ]).mountScript" + -E "with import {}; (pkgs.nixos [ + { + luksPassFile = \"/tmp/hilum.luks\"; + mainDisk = \"$disk\"; + disko.rootMountPoint = \"/mnt/hilum\"; + } + ./physical.nix + ]).disko" ) +rm -f /tmp/hilum.luks $(nix-build \ --no-out-link \ -I nixpkgs=/var/src/nixpkgs \ @@ -21,7 +31,7 @@ $(nix-build \ --arg force true ) ssh root@localhost << SSH -nixos-install --no-root-password --root /mnt/hilum -I /var/src +NIXOS_CONFIG=/mnt/hilum/var/src/nixos-config nixos-install --no-root-password --root /mnt/hilum -I /var/src nixos-enter --root /mnt/hilum -- nixos-rebuild -I /var/src switch --install-bootloader umount -Rv /mnt/hilum SSH -- cgit v1.2.3