summaryrefslogtreecommitdiffstats
path: root/lass/4lib/default.nix
blob: 0dc7fa8d7bab1414ec2192863eb5c3500d35e828 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

{ lib, ... }:

with lib;

rec {

  getDefaultGateway = ip:
    concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);

  initscript = { pubkey ? config.krebs.users.lass.pubkey, disk ? "/dev/sda", vgname ? "vga", luksmap ? "ca" }: ''
    #! /bin/sh
    # usage: curl xu/~tv/init | sh
    set -efu
    # TODO nix-env -f '<nixpkgs>' -iA jq # if not exists (also version)
    #       install at tmp location


    case $(cat /proc/cmdline) in
       *' root=LABEL=NIXOS_ISO '*) :;;
       *) echo Error: unknown operating system >&2; exit 1;;
    esac

    disk=${disk}

    bootdev=${disk}1

    luksdev=${disk}2
    luksmap=/dev/mapper/${luksmap}

    vgname=${vgname}

    rootdev=/dev/mapper/${vgname}-root
    homedev=/dev/mapper/${vgname}-home
    bkudev=/dev/mapper/${vgname}-bku

    #
    # partitioning
    #

    # http://en.wikipedia.org/wiki/GUID_Partition_Table
    # undo:
    #   dd if=/dev/zero bs=512 count=34 of=/dev/sda
    # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda)
    if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then
      parted "$disk" \
          mklabel gpt \
          mkpart ESP fat32 1MiB 1024MiB  set 1 boot on \
          mkpart primary 1024MiB 100%
    fi

    if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ESP; then
      echo zonk
      exit 23
    fi

    if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then
      echo zonk2
      exit 23
    fi

    if ! cryptsetup isLuks "$luksdev"; then
      # aes xts-plain64
      cryptsetup luksFormat "$luksdev" \
          -h sha512 \
          --iter-time 5000
    fi

    if ! test -e "$luksmap"; then
      cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")"
    fi
    # cryptsetup close

    if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then
      pvcreate "$luksmap"
    fi

    if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi

    lvchange -a y /dev/mapper/"$vgname"

    if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi
    if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi
    if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi

    # lvchange -a n "$vgname"


    #
    # formatting
    #

    if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then
      mkfs.vfat "$bootdev"
    fi

    if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then
      mkfs.btrfs "$rootdev"
    fi

    if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then
      mkfs.btrfs "$homedev"
    fi

    if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then
      mkfs.btrfs "$bkudev"
    fi


    if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then
      mount "$rootdev" /mnt
    fi
    if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then
      mkdir -m 0000 -p /mnt/boot
      mount "$bootdev" /mnt/boot
    fi
    if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then
      mkdir -m 0000 -p /mnt/home
      mount "$homedev" /mnt/home
    fi
    if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then
      mkdir -m 0000 -p /mnt/bku
      mount "$bkudev" /mnt/bku
    fi

    # umount -R /mnt


    parted "$disk" print
    lsblk "$disk"

    key='${pubkey}'
    if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then
      mkdir -p /root/.ssh
      echo "$key" > /root/.ssh/authorized_keys
    fi
    systemctl start sshd
    ip route
    echo READY.
  '';
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-02 04:52:37 +0000