steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions
infra/nix/os/devices/disk.nix

185 lines
4.4 KiB
Nix
Raw Permalink Blame History

{
pkgs,
ownLib,
dir,
gitRoot,
diskId ? (import ((builtins.getEnv "PWD") + "/${dir}/hw.nix") { }).hardware.opinionatedDisk.diskId,
encrypted ?
(import ((builtins.getEnv "PWD") + "/${dir}/hw.nix") { }).hardware.opinionatedDisk.encrypted,
previousDiskId ? "",
...
}:
let
mntRootVol = "/mnt/${diskId}-root";
in
rec {
diskMount = pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -xe
echo Mounting ${diskId}
${pkgs.lib.strings.optionalString encrypted ''
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
''}
sleep 1
sudo vgchange -ay ${ownLib.disk.volumeGroup diskId}
sudo mkdir -p /mnt
sudo mkdir ${mntRootVol}
sudo mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}
sudo mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}/nixos/home -o subvol=home
sudo mount ${ownLib.disk.bootFsDevice diskId} ${mntRootVol}/nixos/boot
'';
diskUmount = pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -x
sudo umount -Rl ${mntRootVol}
sudo rmdir ${mntRootVol}
sudo vgchange -an ${ownLib.disk.volumeGroup diskId}
${pkgs.lib.strings.optionalString encrypted ''
sudo cryptsetup close ${ownLib.disk.luksName diskId}
''}
sync
'';
diskInstall = pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -xe
pushd ${gitRoot}/${dir}
export NIXOS_CONFIG="$PWD"/configuration.nix
[[ -e "''${NIXOS_CONFIG}" ]]
[[ -e "${mntRootVol}/nixos" ]]
sudo --preserve-env=PATH -E $SHELL <<EOF
# 'having $system set breaks nixos-install'
unset system
echo $NIX_PATH
nixos-install --max-jobs 5 --cores 4 --no-root-passwd --root ${mntRootVol}/nixos
EOF
'';
diskPrepare = pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -xe
read -p "Continue to format ${ownLib.disk.bootGrubDevice diskId} (YES/n)? " choice
case "$choice" in
YES ) echo "Continuing in 3 seconds..."; sleep 3;;
n|N ) echo "Exiting..."; exit 0;;
* ) echo "Exiting..."; exit 1;;
esac
# Partition
sync
{
sudo fdisk -w always -W always ${ownLib.disk.bootGrubDevice diskId} <<EOF
g
n
1
+1M
n
2
+512M
n
3
t
1
4
x
n
2
2-${diskId}
n
3
3-${diskId}
r
w
EOF
} || {
sync
sudo partprobe ${ownLib.disk.bootGrubDevice diskId}
}
sleep 1
${pkgs.lib.strings.optionalString encrypted ''
# Encrypt
sudo cryptsetup luksFormat ${ownLib.disk.bootLuksDevice diskId} -
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
''}
# LVM
sudo vgcreate ${ownLib.disk.volumeGroup diskId} ${ownLib.disk.lvmPv diskId encrypted}
sudo lvcreate ${ownLib.disk.volumeGroup diskId} -L 2G -n swap
sudo lvcreate ${ownLib.disk.volumeGroup diskId} -l 100%FREE -n root
# Filesystem
sudo mkfs.vfat -F32 ${ownLib.disk.bootFsDevice diskId}
sudo mkfs.btrfs ${ownLib.disk.rootFsDevice diskId}
sudo mkswap ${ownLib.disk.swapFsDevice diskId}
# Subvolume and FS hierharchy
sudo mkdir -p /mnt
sudo mkdir ${mntRootVol}
sudo mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}
sudo btrfs subvolume create ${mntRootVol}/nixos
sudo btrfs subvolume create ${mntRootVol}/home
sudo mkdir ${mntRootVol}/nixos/{boot,home,tmp}
${diskUmount}
'';
diskRelabel = pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -xe
read -p "Continue to relabel ${ownLib.disk.bootGrubDevice diskId} (YES/n)?" choice
case "$choice" in
YES ) echo "Continuing in 3 seconds..."; sleep 3;;
n|N ) echo "Exiting..."; exit 0;;
* ) echo "Exiting..."; exit 1;;
esac
sync
{
sudo fdisk ${ownLib.disk.bootGrubDevice diskId} <<EOF
x
n
2
2-${diskId}
n
3
3-${diskId}
r
i
2
i
3
w
EOF
} || {
sync
sudo partprobe ${ownLib.disk.bootGrubDevice diskId}
}
if test "${previousDiskId}"; then
${pkgs.lib.strings.optionalString encrypted ''
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
''}
sync
sleep 1
if sudo vgs ${previousDiskId}; then
sudo vgrename ${previousDiskId} ${diskId}
sudo vgscan
fi
fi
${pkgs.lib.strings.optionalString encrypted ''
sudo cryptsetup close ${ownLib.disk.luksName diskId}
''}
'';
}
Reference in a new issue View git blame Copy permalink