238 lines
7.4 KiB
Bash
238 lines
7.4 KiB
Bash
#! /usr/bin/env nix-shell
|
|
#! nix-shell -i bash -p perl -p gptfdisk -p parted -p git
|
|
|
|
set -e
|
|
|
|
CONFIG_FOLDER="$(dirname "$(pwd)")"
|
|
DEVICE_NAME=Packard-Server
|
|
MAX_JOBS=4
|
|
SWAP_SIZE=12GiB
|
|
#NIXOS_COMMIT="364b5555ee04bf61ee0075a3adab4c9351a8d38c"
|
|
USE_ECNRYPTION=true
|
|
|
|
clean_stdin() {
|
|
while read -r -t 0; do read -r; done
|
|
}
|
|
|
|
pprint () {
|
|
local cyan="\e[96m"
|
|
local default="\e[39m"
|
|
local timestamp
|
|
timestamp=$(date +%FT%T.%3NZ)
|
|
echo -e "${cyan}${timestamp} $1${default}" 1>&2
|
|
}
|
|
|
|
# Create new partitions
|
|
create_new_part_table() {
|
|
select ENTRY in $(ls /dev/disk/by-id/);
|
|
do
|
|
DISK="/dev/disk/by-id/$ENTRY"
|
|
echo "Installing system on $ENTRY"
|
|
break
|
|
done
|
|
|
|
read -p "> Do you want to wipe all data on $ENTRY ?" -n 1 -r
|
|
echo
|
|
if [[ "$REPLY" =~ ^[Yy]$ ]]
|
|
then
|
|
wipefs -af "$DISK"
|
|
sgdisk -Zo "$DISK"
|
|
fi
|
|
|
|
pprint "Creating boot (EFI) partition"
|
|
sgdisk -n 1:1MiB:+256MiB -t 1:EF00 "$DISK"
|
|
BOOT="$DISK-part1"
|
|
|
|
pprint "Creating SWAP partition"
|
|
sgdisk -n 2::+$SWAP_SIZE -t 2:8200 "$DISK"
|
|
SWAP="$DISK-part2"
|
|
|
|
if [[ "$USE_ECNRYPTION" = true ]]
|
|
then
|
|
pprint "Creating LUKS partition"
|
|
sgdisk -n 3 -t 3:8309 "$DISK"
|
|
else
|
|
pprint "Creating ROOT partition"
|
|
sgdisk -n 3 -t 3:8300 "$DISK"
|
|
fi
|
|
LINUX="$DISK-part3"
|
|
|
|
partprobe "$DISK"
|
|
sleep 1
|
|
|
|
pprint "Format BOOT partition $BOOT"
|
|
mkfs.vfat "$BOOT"
|
|
}
|
|
|
|
# Using existed partitions
|
|
use_old_part_table() {
|
|
lsblk -o name,type,size,mountpoint | grep part
|
|
|
|
pprint "Select BOOT partition (must already be formatted in vfat!)"
|
|
|
|
select ENTRY in $(lsblk -o path,size,type | grep part | awk '{print $1}');
|
|
do
|
|
BOOT="$ENTRY"
|
|
echo "You select $BOOT as BOOT"
|
|
break
|
|
done
|
|
|
|
if [[ "$USE_ECNRYPTION" = true ]]
|
|
then
|
|
pprint "Select the partition on which LUKS will be created"
|
|
else
|
|
pprint "Select the partition on which ROOT will be created"
|
|
fi
|
|
|
|
select ENTRY in $(lsblk -o path,size,type | grep part | awk '{print $1}');
|
|
do
|
|
LINUX="$ENTRY"
|
|
echo "Installing system on $LINUX"
|
|
break
|
|
done
|
|
|
|
pprint "Select the partition on which SWAP will be created"
|
|
|
|
select ENTRY in $(lsblk -o path,size,type | grep part | awk '{print $1}' && echo NONE);
|
|
do
|
|
SWAP="$ENTRY"
|
|
echo "You select $SWAP as SWAP"
|
|
break
|
|
done
|
|
|
|
clean_stdin
|
|
read -p "> Do you want to format BOOT partition in $BOOT?" -n 1 -r
|
|
echo
|
|
if [[ "$REPLY" =~ ^[Yy]$ ]]
|
|
then
|
|
mkfs.vfat "$BOOT"
|
|
fi
|
|
}
|
|
|
|
### INSTALLATION BEGIN ###
|
|
|
|
read -p "> Do you want to encrypt your disk with LUKS?" -n 1 -r
|
|
echo
|
|
if [[ "$REPLY" =~ ^[Yy]$ ]]
|
|
then
|
|
USE_ECNRYPTION=true
|
|
else
|
|
USE_ECNRYPTION=false
|
|
fi
|
|
|
|
read -p "> Do you want to partition the disk (new gpt table)?" -n 1 -r
|
|
echo
|
|
if [[ "$REPLY" =~ ^[Yy]$ ]]
|
|
then
|
|
create_new_part_table
|
|
else
|
|
use_old_part_table
|
|
fi
|
|
|
|
if [[ "$USE_ECNRYPTION" = true ]]
|
|
then
|
|
pprint "Creating LUKS container on $LINUX"
|
|
clean_stdin
|
|
cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat "$LINUX"
|
|
|
|
pprint "Open LUKS container on $LINUX"
|
|
LUKS_DEVICE_NAME=cryptroot
|
|
clean_stdin
|
|
cryptsetup luksOpen "$LINUX" "$LUKS_DEVICE_NAME"
|
|
|
|
LUKS_DISK="/dev/mapper/$LUKS_DEVICE_NAME"
|
|
|
|
pprint "Create BTRFS partition on $LUKS_DISK"
|
|
BTRFS="${LUKS_DISK}"
|
|
else
|
|
LINUX_PARTUUID=$(blkid --match-tag PARTUUID --output value "$LINUX")
|
|
BTRFS="/dev/disk/by-partuuid/$LINUX_PARTUUID"
|
|
fi
|
|
|
|
if [[ "$SWAP" != "NONE" ]]; then
|
|
pprint "Create SWAP partition on $SWAP"
|
|
mkswap $SWAP
|
|
fi
|
|
|
|
pprint "Create BTRFS partition on $BTRFS"
|
|
mkfs.btrfs -L root -f "$BTRFS"
|
|
|
|
pprint "Mount BTRFS partition"
|
|
mkdir -p /mnt
|
|
mount -t btrfs "$BTRFS" /mnt
|
|
|
|
pprint "Create and mount BTRFS subvolumes"is forbidden in restricted mode
|
|
btrfs subvolume create /mnt/nixos
|
|
btrfs subvolume create /mnt/nix
|
|
btrfs subvolume create /mnt/home
|
|
btrfs subvolume create /mnt/var
|
|
btrfs subvolume create /mnt/bittorrent
|
|
btrfs subvolume create /mnt/libvirt
|
|
|
|
umount /mnt
|
|
|
|
mount -t btrfs -o subvol=nixos,compress-force=zstd,noatime,autodefrag,ssd "$BTRFS" /mnt
|
|
mkdir -p /mnt/nix
|
|
mount -t btrfs -o subvol=nix,compress-force=zstd,noatime,autodefrag,ssd "$BTRFS" /mnt/nix
|
|
mkdir -p /mnt/home
|
|
mount -t btrfs -o subvol=home,compress-force=zstd,noatime,autodefrag,ssd "$BTRFS" /mnt/home
|
|
mkdir -p /mnt/var
|
|
mount -t btrfs -o subvol=var,compress-force=zstd,noatime,autodefrag,ssd "$BTRFS" /mnt/var
|
|
mkdir -p /mnt/media/bittorrent
|
|
chown 1000:100 /mnt/media/bittorrent
|
|
mount -t btrfs -o subvol=bittorrent,nodatacow,ssd,uid=1000,gid=100 "$BTRFS" /mnt/media/bittorrent
|
|
mkdir -p /mnt/media/libvirt
|
|
chown 1000:100 /mnt/media/libvirt
|
|
mount -t btrfs -o subvol=libvirt,nodatacow,ssd,uid=1000,gid=100 "$BTRFS" /mnt/media/libvirt
|
|
|
|
mkdir /mnt/boot
|
|
mount "$BOOT" /mnt/boot
|
|
|
|
pprint "Generate NixOS configuration"
|
|
nixos-generate-config --root /mnt
|
|
|
|
HOSTID=$(head -c8 /etc/machine-id)
|
|
LINUX_DISK_UUID=$(blkid --match-tag PARTUUID --output value "$LINUX")
|
|
if [[ "$SWAP" != "NONE" ]]; then
|
|
SWAP_UUID=$(blkid --match-tag PARTUUID --output value "$SWAP")
|
|
fi
|
|
|
|
HARDWARE_CONFIG=$(mktemp)
|
|
cat <<CONFIG > "$HARDWARE_CONFIG"
|
|
networking.hostId = "$HOSTID";
|
|
boot.initrd.supportedFilesystems = [ "btrfs" ];
|
|
boot.supportedFilesystems = [ "btrfs" ];
|
|
CONFIG
|
|
|
|
pprint "Append BTRFS configuration to hardware-configuration.nix"
|
|
sed -i "\$e cat $HARDWARE_CONFIG" /mnt/etc/nixos/hardware-configuration.nix
|
|
|
|
if [[ "$SWAP" != "NONE" ]]; then
|
|
perl -0777 -pi -e "s#swapDevices.+#swapDevices = [\n {\n device = \"/dev/disk/by-partuuid/$SWAP_UUID\";\n randomEncryption.enable = true;\n }\n ];#" /mnt/etc/nixos/hardware-configuration.nix
|
|
fi
|
|
|
|
sed -i "s#\"subvol=nixos\"#\"subvol=nixos\" \"compress-force=zstd\" \"noatime\" \"autodefrag\"#" /mnt/etc/nixos/hardware-configuration.nix
|
|
sed -i "s#\"subvol=home\"#\"subvol=home\" \"compress-force=zstd\" \"noatime\" \"autodefrag\"#" /mnt/etc/nixos/hardware-configuration.nix
|
|
sed -i "s#\"subvol=nix\"#\"subvol=nix\" \"compress-force=zstd\" \"noatime\" \"autodefrag\"#" /mnt/etc/nixos/hardware-configuration.nix
|
|
sed -i "s#\"subvol=var\"#\"subvol=var\" \"compress-force=zstd\" \"noatime\" \"autodefrag\"#" /mnt/etc/nixos/hardware-configuration.nix
|
|
sed -i "s# \"subvol=bittorrent\" #\n \"subvol=bittorrent\" \"nodatacow\"\n \"uid=\${toString config.users.users.alukard.uid}\"\n \"gid=\${toString config.users.groups.users.gid}\"\n #" /mnt/etc/nixos/hardware-configuration.nix
|
|
sed -i "s# \"subvol=libvirt\" #\n \"subvol=libvirt\" \"nodatacow\"\n \"uid=\${toString config.users.users.alukard.uid}\"\n \"gid=\${toString config.users.groups.users.gid}\"\n #" /mnt/etc/nixos/hardware-configuration.nix
|
|
|
|
cp /mnt/etc/nixos/hardware-configuration.nix $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
|
|
chown 1000:users ../machines/$DEVICE_NAME/hardware-configuration.nix
|
|
# Change <not-detected> for flakes
|
|
sed -i "s#<nixpkgs/nixos/modules/installer/scan/not-detected.nix>#\"\${inputs.nixpkgs}/nixos/modules/installer/scan/not-detected.nix\"#" $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
|
|
git add -A
|
|
|
|
clean_stdin
|
|
read -p "> Do you want to execute nixos-install command?" -n 1 -r
|
|
echo
|
|
if [[ "$REPLY" =~ ^[Yy]$ ]]
|
|
then
|
|
nixos-install --flake "../#$DEVICE_NAME" --max-jobs $MAX_JOBS --no-root-passwd --impure
|
|
fi
|
|
|
|
pprint "Copy config to destination system"
|
|
mkdir -p /mnt/home/alukard/nixos-config
|
|
cp -aT $CONFIG_FOLDER /mnt/home/alukard/nixos-config
|