blob: a8afea14b5e0e175aae38111ecb8c5ae4cf12608 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
#! /bin/sh
set -euf
server=$1
hostname=$2
address=$(echo $server | jq -r .ip)
RSYNC_RSH='sshpass -e ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'
SSHPASS=$(echo $server | jq -r .rootpass)
export SSHPASS
export RSYNC_RSH
main="modules/$hostname/default.nix"
target="root@$address"
cacnixos-networking "$server" $hostname \
> modules/$hostname/networking.nix
echo '(
set -xeuf
type bzip2 || yum install -y bzip2
type rsync || yum install -y rsync
)' \
| sshpass -e ssh \
-o StrictHostKeyChecking=no \
-o UserKnownHostsFile=/dev/null \
"root@$address" \
/bin/sh
make-rsync-filter "$main" \
| rsync -f '. -' -zvrlptD --delete-excluded ./ "$target":/etc/nixos/
#
#
#
echo '(
set -xeuf
groupadd -g 30000 nixbld || :
for i in `seq 1 10`; do
useradd -c "foolsgarden Nix build user $i" \
-d /var/empty \
-s /sbin/nologin \
-g 30000 \
-G 30000 \
-l -u $(expr 30000 + $i) \
nixbld$i || :
rm -f /var/spool/mail/nixbld$i
done
#curl https://nixos.org/nix/install | sh
nix_tar=$nix_basename.tar.bz2
if ! echo $nix_sha256 $nix_tar | sha256sum -c; then
curl -O -C - $nix_url || :
if ! echo $nix_sha256 $nix_tar | sha256sum -c; then
curl -O $nix_url || :
if ! echo $nix_sha256 $nix_tar | sha256sum -c; then
echo $0: cannot download $nix_url >&2
exit 5
fi
fi
fi
if ! test -d $nix_basename; then
tar jxf $nix_basename.tar.bz2
fi
nix_find=$nix_basename.find.txt
if ! echo $nix_find_sha1sum $nix_find | sha1sum -c; then
find $nix_basename | sort > $nix_find
if ! echo $nix_find_sha1sum $nix_find | sha1sum -c; then
echo $0: cannot unpack $nix_basename.tar.bz2 >&2
# TODO we could retry
exit 6
fi
fi
mkdir -p bin
PATH=$HOME/bin:$PATH
export PATH
# generate fake sudo because
# sudo: sorry, you must have a tty to run sudo
{
echo "#! /bin/sh"
echo "exec env \"\$@\""
} > bin/sudo
chmod +x bin/sudo
./$nix_basename/install
. /root/.nix-profile/etc/profile.d/nix.sh
nixpkgs_expr="import <nixpkgs> { system = builtins.currentSystem; }"
nixpkgs_path=$(
find /nix/store -mindepth 1 -maxdepth 1 -name *-nixpkgs-* -type d
)
for i in nixos-generate-config nixos-install; do
nix-env \
--arg config "{ nix.package = ($nixpkgs_expr).nix; }" \
--arg pkgs "$nixpkgs_expr" \
--arg modulesPath "throw \"no modulesPath\"" \
-f $nixpkgs_path/nixpkgs/nixos/modules/installer/tools/tools.nix \
-iA config.system.build.$i
done
# TODO following fail when aborted in-between
if ! test -d /int; then
mkdir -p /int
mount --bind /int /mnt
fi
if ! test -d /mnt/boot; then
mkdir -p /mnt/boot
mount /dev/sda1 /mnt/boot
fi
mkdir -p /mnt/etc/nixos
rsync -zvrlptD --delete-excluded /etc/nixos/ /mnt/etc/nixos/
mkdir -m 0444 -p /mnt/var/empty
ln -s $main /mnt/etc/nixos/configuration.nix
nixos-install \
-I secrets=/etc/nixos/secrets
find / \
1> /root/pre-rsync-find.out \
2> /root/pre-rsync-find.err
rsync -va --force /int/ /
# find / -type f -mtime +1 -exec rm -v {} \; 2>&1 > rm.log
# ^ too aggressive, kills journal which is bad
# shutdown -r now
# nix-channel --add https://nixos.org/channels/nixos-unstable nixos
# nix-channel --remove nixpkgs
# nix-channel --update
)' \
| sshpass -e ssh \
-o StrictHostKeyChecking=no \
-o UserKnownHostsFile=/dev/null \
"root@$address" \
-T /usr/bin/env \
nix_url="$nix_url" \
nix_basename="$(basename $nix_url .tar.bz2)" \
nix_sha256="$nix_sha256" \
nix_find_sha1sum="$nix_find_sha1sum" \
main="$main" \
/bin/sh
|
