steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

nix/devices: implement disk-prepare

Browse source
This commit is contained in:
steveej 2018-11-10 19:24:24 +01:00
parent 1f14b36557
commit afd4bb95f9
5 changed files with 136 additions and 83 deletions
Download patch file Download diff file Expand all files Collapse all files

116
nix/os/devices/default.nix
View file

@ -1,21 +1,22 @@
{ pkgs ? import <nixpkgs> {}
, ownLib ? import ../lib/default.nix { }
, dir
, rebuildarg
, moreargs ? ""
, diskId ? (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.encryptedDisk.diskId
, gitRoot ? "$(git rev-parse --show-toplevel)"
}:
let
diskId = (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.encryptedDisk.diskId;
GIT_ROOT=''''$(git rev-parse --show-toplevel)'';
mntRootVol="/mnt/${diskId}-root";
in {
in rec {
rebuild = pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -xe
pushd ${GIT_ROOT}/${dir}
pushd ${gitRoot}/${dir}
export NIXOS_CONFIG="$PWD"/configuration.nix
export INSTALL_ROOT="/mnt/$ID-root"
[[ -e "''${NIXOS_CONFIG}" ]]
@ -28,39 +29,106 @@ in {
diskMount = pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -xe
ID=${diskId}
echo Mounting $ID
set -xe
cryptsetup luksOpen /dev/disk/by-id/$ID-part3 $ID-part3
vgchange -ay $ID
mkdir -p /mnt/$ID-root
mount /dev/$ID/root /mnt/$ID-root -o subvol=nixos
mount /dev/$ID/root /mnt/$ID-root/home -o subvol=home
mount /dev/disk/by-id/$ID-part2 /mnt/$ID-root/boot
echo Mounting ${diskId}
cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
vgchange -ay ${ownLib.disk.volumeGroup diskId}
mkdir -p /mnt
mkdir ${mntRootVol}
mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}
mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}/nixos/home -o subvol=home
mount ${ownLib.disk.bootFsDevice diskId} ${mntRootVol}/nixos/boot
'';
diskUmount = pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -xe
ID=${diskId}
umount -R /mnt/$ID-root
rmdir /mnt/$ID-root
vgchange -an $ID
cryptsetup luksClose $ID-part3
umount -R ${mntRootVol}
rmdir ${mntRootVol}
vgchange -an ${ownLib.disk.volumeGroup diskId}
cryptsetup luksClose ${ownLib.disk.luksName diskId}
sync
'';
diskInstall = pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -xe
ID=${diskId}
pushd ${GIT_ROOT}/${dir}
pushd ${gitRoot}/${dir}
export NIXOS_CONFIG="$PWD"/configuration.nix
export INSTALL_ROOT="/mnt/$ID-root"
[[ -e "''${NIXOS_CONFIG}" ]]
[[ -e "''${INSTALL_ROOT}" ]]
[[ -e "${mntRootVol}/nixos" ]]
nixos-install --max-jobs 5 --cores 4 --no-channel-copy --no-root-passwd --root "''${INSTALL_ROOT}"
nixos-install --max-jobs 5 --cores 4 --no-channel-copy --no-root-passwd --root ${mntRootVol}/nixos
'';
diskPrepare = pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -xe
read -p "Continue to format ${ownLib.disk.bootGrubDevice diskId} (YES/n)?" choice
case "$choice" in
YES ) echo "Continuing in 3 seconds..."; sleep 3;;
n|N ) echo "Exiting..."; exit 0;;
* ) echo "Exiting..."; exit 1;;
esac
# Partition
sync
{
fdisk -w always -W always ${ownLib.disk.bootGrubDevice diskId} <<EOF
g
n
1
+1M
n
2
+512M
n
3
t
1
4
x
n
2
2-${diskId}
n
3
3-${diskId}
r
w
EOF
} || {
sync
partprobe ${ownLib.disk.bootGrubDevice diskId}
}
# Encrypt
cryptsetup luksFormat ${ownLib.disk.bootLuksDevice diskId} -
cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
# LVM
vgcreate ${ownLib.disk.volumeGroup diskId} ${ownLib.disk.luksPhysicalVolume diskId}
lvcreate ${ownLib.disk.volumeGroup diskId} -L 2G -n swap
lvcreate ${ownLib.disk.volumeGroup diskId} -l 100%FREE -n root
# Filesystem
mkfs.vfat -F32 ${ownLib.disk.bootFsDevice diskId}
mkfs.btrfs ${ownLib.disk.rootFsDevice diskId}
mkswap ${ownLib.disk.swapFsDevice diskId}
# Subvolume and FS hierharchy
mkdir -p /mnt
mkdir ${mntRootVol}
mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}
btrfs subvolume create ${mntRootVol}/nixos
btrfs subvolume create ${mntRootVol}/home
mkdir ${mntRootVol}/nixos/{boot,home}
${diskUmount}
'';
}