summaryrefslogtreecommitdiffstats
path: root/lass/5pkgs/init/default.nix
blob: d0339f811486842c3094b017128b79a9348950b9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
{ pkgs, lib, pubkey ? "", disk ? "/dev/sda", vgname ? "pool", luksmap ? "luksmap", keyfile ? "/root/keyfile", ... }:

with lib;

pkgs.writeText "init" ''
  #! /bin/sh
  # usage: curl xu/~tv/init | sh
  set -efu
  # TODO nix-env -f '<nixpkgs>' -iA jq # if not exists (also version)
  #       install at tmp location


  case $(cat /proc/cmdline) in
     *' root=LABEL=NIXOS_ISO '*) :;;
     *) echo Error: unknown operating system >&2; exit 1;;
  esac

  keyfile=${keyfile}

  disk=${disk}

  bootdev=${disk}2

  luksdev=${disk}3
  luksmap=/dev/mapper/${luksmap}

  vgname=${vgname}

  rootdev=/dev/mapper/${vgname}-root
  homedev=/dev/mapper/${vgname}-home
  bkudev=/dev/mapper/${vgname}-bku

  #
  #generate keyfile
  #

  if ! test -e "$keyfile"; then
    dd if=/dev/urandom bs=512 count=2048 of=$keyfile
  fi

  #
  # partitioning
  #

  # http://en.wikipedia.org/wiki/GUID_Partition_Table
  # undo:
  #   dd if=/dev/zero bs=512 count=34 of=/dev/sda
  # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda)
  if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then
    parted -a optimal "$disk" \
        mklabel gpt \
        mkpart no-fs 0 1024KiB \
        set 1 bios_grub on \
        mkpart ext2 1025KiB 1024MiB \
        mkpart primary 1024MiB 100%
  fi

  if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ext2; then
    echo zonk
    exit 23
  fi

  if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then
    echo zonk2
    exit 23
  fi

  if ! cryptsetup isLuks "$luksdev"; then
    # aes xts-plain64
    cryptsetup luksFormat "$luksdev" "$keyfile" \
        -h sha512 \
        --iter-time 5000
  fi

  if ! test -e "$luksmap"; then
    cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" \
        --key-file "$keyfile"
  fi
  # cryptsetup close

  if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then
    pvcreate "$luksmap"
  fi

  if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi

  lvchange -a y /dev/mapper/"$vgname"

  if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi
  if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi
  if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi

  # lvchange -a n "$vgname"


  #
  # formatting
  #

  if ! test "$(blkid -o value -s TYPE "$bootdev")" = ext2; then
    mkfs.ext2 "$bootdev"
  fi

  if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then
    mkfs.btrfs "$rootdev"
  fi

  if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then
    mkfs.btrfs "$homedev"
  fi

  if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then
    mkfs.btrfs "$bkudev"
  fi


  if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then
    mount "$rootdev" /mnt
  fi
  if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then
    mkdir -m 0000 -p /mnt/boot
    mount "$bootdev" /mnt/boot
  fi
  if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then
    mkdir -m 0000 -p /mnt/home
    mount "$homedev" /mnt/home
  fi
  if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then
    mkdir -m 0000 -p /mnt/bku
    mount "$bkudev" /mnt/bku
  fi

  # umount -R /mnt

  #
  # dependencies for stockholm
  #

  nix-env -iA nixos.git

  mkdir -p /mnt/var/src
  touch /mnt/var/src/.populate

  #
  # print all the infos
  #

  parted "$disk" print
  lsblk "$disk"

  key='${pubkey}'
  if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then
    mkdir -p /root/.ssh
    echo "$key" > /root/.ssh/authorized_keys
  fi
  systemctl start sshd
  ip route
  echo READY.
''