diff options
author | tv <tv@krebsco.de> | 2020-01-14 21:35:10 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2020-01-14 21:35:10 +0100 |
commit | 67cda2940f1228063efd09e08d39fad12fe9a0ef (patch) | |
tree | ac639d44c2e6378265621988b19c345d891c4909 /lass/5pkgs/init/default.nix | |
parent | 525c955b5f955dd23ec4d060ebd1ef1e149760ce (diff) | |
parent | a01e3174e04fc946e7dfaf3569919aacf5a6763d (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/5pkgs/init/default.nix')
-rw-r--r-- | lass/5pkgs/init/default.nix | 49 |
1 files changed, 15 insertions, 34 deletions
diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix index b386fa94b..cbcfe2c00 100644 --- a/lass/5pkgs/init/default.nix +++ b/lass/5pkgs/init/default.nix @@ -1,25 +1,20 @@ -{ pkgs, lib, pubkey ? "", disk ? "/dev/sda", vgname ? "pool", luksmap ? "luksmap", keyfile ? "/root/keyfile", ... }: +{ pkgs, lib, vgname ? "vgname", luksmap ? "luksmap", ... }: with lib; -pkgs.writeText "init" '' - #! /bin/sh - # usage: curl xu/~tv/init | sh +pkgs.writeScript "init" '' + #!/usr/bin/env nix-shell + #! nix-shell -i bash -p jq parted libxfs set -efu - # TODO nix-env -f '<nixpkgs>' -iA jq # if not exists (also version) - # install at tmp location + disk=$1 - case $(cat /proc/cmdline) in - *' root=LABEL=NIXOS_ISO '*) :;; - *) echo Error: unknown operating system >&2; exit 1;; - esac - - keyfile=${keyfile} - - disk=${disk} + if mount | grep -q "$disk"; then + echo "target device is already mounted, bailout" + exit 2 + fi - luksdev=${disk}3 + luksdev="$disk"3 luksmap=/dev/mapper/${luksmap} vgname=${vgname} @@ -29,13 +24,7 @@ pkgs.writeText "init" '' rootdev=/dev/mapper/${vgname}-root homedev=/dev/mapper/${vgname}-home - # - #generate keyfile - # - - if ! test -e "$keyfile"; then - dd if=/dev/urandom bs=512 count=2048 of=$keyfile - fi + read -p "LUKS Password: " lukspw # # partitioning @@ -61,14 +50,13 @@ pkgs.writeText "init" '' if ! cryptsetup isLuks "$luksdev"; then # aes xts-plain64 - cryptsetup luksFormat "$luksdev" "$keyfile" \ + echo -n "$lukspw" | cryptsetup luksFormat "$luksdev" - \ -h sha512 \ --iter-time 5000 fi if ! test -e "$luksmap"; then - cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" \ - --key-file "$keyfile" + echo "$lukspw" | cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" - fi # cryptsetup close @@ -95,11 +83,11 @@ pkgs.writeText "init" '' fi if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then - mkfs.btrfs "$rootdev" + mkfs.xfs "$rootdev" fi if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then - mkfs.btrfs "$homedev" + mkfs.xfs "$homedev" fi @@ -134,12 +122,5 @@ pkgs.writeText "init" '' parted "$disk" print lsblk "$disk" - key='${pubkey}' - if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then - mkdir -p /root/.ssh - echo "$key" > /root/.ssh/authorized_keys - fi - systemctl start sshd - ip route echo READY. '' |