support unencrypted disk provisioning

2020-12-31 02:12:29 +01:00 · 2020-12-31 02:12:29 +01:00 · 2a2715d447
commit 2a2715d447
parent 2a5495f9bb
11 changed files with 69 additions and 39 deletions
--- a/nix/os/devices/disk.nix
+++ b/nix/os/devices/disk.nix
@ -1,11 +1,12 @@
 { pkgs
 , ownLib
 , dir
-, rebuildarg
-, moreargs
-, diskId
 , gitRoot
+, diskId ? (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.opinionatedDisk.diskId
+, encrypted ? (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.opinionatedDisk.encrypted
 , previousDiskId ? ""
+
+, ...
 }:

 let
@ -16,7 +17,9 @@ in rec {
    #!/usr/bin/env bash
    set -xe
    echo Mounting ${diskId}
-    sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
+    ${pkgs.lib.strings.optionalString encrypted ''
+      sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
+    ''}
    sleep 1
    sudo vgchange -ay ${ownLib.disk.volumeGroup diskId}
    sudo mkdir -p /mnt
@ -32,7 +35,9 @@ in rec {
    sudo umount -Rl ${mntRootVol}
    sudo rmdir ${mntRootVol}
    sudo vgchange -an ${ownLib.disk.volumeGroup diskId}
-    sudo cryptsetup close ${ownLib.disk.luksName diskId}
+    ${pkgs.lib.strings.optionalString encrypted ''
+      sudo cryptsetup close ${ownLib.disk.luksName diskId}
+    ''}
    sync
  '';

@ -56,7 +61,7 @@ in rec {
    #!/usr/bin/env bash
    set -xe

-    read -p "Continue to format ${ownLib.disk.bootGrubDevice diskId} (YES/n)?" choice
+    read -p "Continue to format ${ownLib.disk.bootGrubDevice diskId} (YES/n)? " choice
    case "$choice" in
      YES ) echo "Continuing in 3 seconds..."; sleep 3;;
      n|N ) echo "Exiting..."; exit 0;;
@ -100,12 +105,14 @@ in rec {

    sleep 1

-    # Encrypt
-    sudo cryptsetup luksFormat ${ownLib.disk.bootLuksDevice diskId} -
-    sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
+    ${pkgs.lib.strings.optionalString encrypted ''
+      # Encrypt
+      sudo cryptsetup luksFormat ${ownLib.disk.bootLuksDevice diskId} -
+      sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
+    ''}

    # LVM
-    sudo vgcreate ${ownLib.disk.volumeGroup diskId} ${ownLib.disk.luksPhysicalVolume diskId}
+    sudo vgcreate ${ownLib.disk.volumeGroup diskId} ${ownLib.disk.lvmPv diskId encrypted}
    sudo lvcreate ${ownLib.disk.volumeGroup diskId} -L 2G -n swap
    sudo lvcreate ${ownLib.disk.volumeGroup diskId} -l 100%FREE -n root

@ -160,7 +167,9 @@ in rec {


    if test "${previousDiskId}"; then
-      sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
+      ${pkgs.lib.strings.optionalString encrypted ''
+        sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
+      ''}
      sync
      sleep 1
      if sudo vgs ${previousDiskId}; then
@ -168,6 +177,8 @@ in rec {
        sudo vgscan
      fi
    fi
-    sudo cryptsetup close ${ownLib.disk.luksName diskId}
+    ${pkgs.lib.strings.optionalString encrypted ''
+      sudo cryptsetup close ${ownLib.disk.luksName diskId}
+    ''}
  '';
 }