ma shack-autoinstall: add WIP

This commit is contained in:
makefu 2018-09-17 00:36:33 +02:00
parent 443b88738a
commit ff97cafacf
No known key found for this signature in database
GPG key ID: 36F7711F3FC0F225
4 changed files with 309 additions and 0 deletions

View file

@ -0,0 +1,49 @@
{ config, pkgs, lib, ... }:
with import <stockholm/lib>;
let
disk = "/dev/sda";
in {
imports = [
<stockholm/makefu>
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
<stockholm/makefu/2configs/tools/core.nix>
];
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
# cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
krebs.build.host = config.krebs.hosts.iso;
krebs.hidden-ssh.enable = true;
environment.extraInit = ''
EDITOR=vim
'';
# iso-specific
boot.kernelParams = [ "copytoram" ];
environment.systemPackages = [
pkgs.parted
( pkgs.writeScriptBin "shack-install" ''
#! /bin/sh
echo "go ahead and try NIX_PATH=/root/.nix-defexpr/channels/ nixos-install"
'')
];
systemd.services.wpa_supplicant.wantedBy = lib.mkForce [ "multi-user.target" ];
networking.wireless = {
enable = true;
networks.shack.psk = "welcome2shack";
};
services.openssh = {
enable = true;
hostKeys = [
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
# enable ssh in the iso boot process
systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
}

View file

@ -0,0 +1,5 @@
#!/bin/sh
set -euf
parted -s ${disk} mklabel msdos
parted -s ${disk} -- mkpart primary linux-swap 1M 4096M
parted -s ${disk} -- mkpart primary ext2 4096M 100%

View file

@ -0,0 +1,231 @@
{ config, pkgs, lib, ... }:
{
imports = [
./hardware-configuration.nix
# TODO:
];
# shacks-specific
networking.wireless = {
enable = true;
networks.shack.psk = "181471eb97eb23f12c6871227bc4a7b13c8f6af56dcc0d0e8b71f4d7a510cb4e";
};
networking.hostName = "shackbook";
boot.tmpOnTmpfs = true;
users.users.shack = {
createHome = true;
useDefaultShell = true;
home = "/home/shack";
uid = 9001;
packages = with pkgs;[
chromium
firefox
];
extraGroups = [ "audio" "wheel" ];
hashedPassword = "$6$KIxlQTLEnKl7cwC$LrmbwZ64Mlm7zqUUZ0EObPJMES3C0mQ6Sw7ynTuXzUo7d9EWg/k5XCGkDHMFvL/Pz19Awcv0knHB1j3dHT6fh/" ;
};
environment.variables = let
ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
in {
EDITOR = lib.mkForce "vim";
CURL_CA_BUNDLE = ca-bundle;
GIT_SSL_CAINFO = ca-bundle;
SSL_CERT_FILE = ca-bundle;
};
services.printing = {
enable = true;
# TODO: shack-printer
};
environment.systemPackages = with pkgs;[
parted
ddrescue
tmux
jq git gnumake htop rxvt_unicode.terminfo
(pkgs.vim_configurable.customize {
name = "vim";
vimrcConfig.customRC = ''
set nocompatible
syntax on
set list
set listchars=tab:\
"set list listchars=tab:>-,trail:.,extends:>
filetype off
filetype plugin indent on
colorscheme darkblue
set background=dark
set number
set relativenumber
set mouse=a
set ignorecase
set incsearch
set wildignore=*.o,*.obj,*.bak,*.exe,*.os
set textwidth=79
set shiftwidth=2
set expandtab
set softtabstop=2
set shiftround
set smarttab
set tabstop=2
set et
set autoindent
set backspace=indent,eol,start
inoremap <F1> <ESC>
nnoremap <F1> <ESC>
vnoremap <F1> <ESC>
nnoremap <F5> :UndotreeToggle<CR>
set undodir =~/.vim/undo
set undofile
"maximum number of changes that can be undone
set undolevels=1000000
"maximum number lines to save for undo on a buffer reload
set undoreload=10000000
nnoremap <F2> :set invpaste paste?<CR>
set pastetoggle=<F2>
set showmode
set showmatch
set matchtime=3
set hlsearch
autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red
" save on focus lost
au FocusLost * :wa
autocmd BufRead *.json set filetype=json
au BufNewFile,BufRead *.mustache set syntax=mustache
cnoremap SudoWrite w !sudo tee > /dev/null %
" create Backup/tmp/undo dirs
set backupdir=~/.vim/backup
set directory=~/.vim/tmp
function! InitBackupDir()
let l:parent = $HOME . '/.vim/'
let l:backup = l:parent . 'backup/'
let l:tmpdir = l:parent . 'tmp/'
let l:undodir= l:parent . 'undo/'
if !isdirectory(l:parent)
call mkdir(l:parent)
endif
if !isdirectory(l:backup)
call mkdir(l:backup)
endif
if !isdirectory(l:tmpdir)
call mkdir(l:tmpdir)
endif
if !isdirectory(l:undodir)
call mkdir(l:undodir)
endif
endfunction
call InitBackupDir()
augroup Binary
" edit binaries in xxd-output, xxd is part of vim
au!
au BufReadPre *.bin let &bin=1
au BufReadPost *.bin if &bin | %!xxd
au BufReadPost *.bin set ft=xxd | endif
au BufWritePre *.bin if &bin | %!xxd -r
au BufWritePre *.bin endif
au BufWritePost *.bin if &bin | %!xxd
au BufWritePost *.bin set nomod | endif
augroup END
'';
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins;
vimrcConfig.vam.pluginDictionaries = [
{ names = [ "undotree" ]; }
# vim-nix handles indentation better but does not perform sanity
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
];
})
];
programs.bash = {
enableCompletion = true;
interactiveShellInit = ''
HISTCONTROL='erasedups:ignorespace'
HISTSIZE=900001
HISTFILESIZE=$HISTSIZE
shopt -s checkhash
shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion
PS1='\[\e[1;32m\]\w\[\e[0m\] '
'';
};
services.journald.extraConfig = ''
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
nix = {
package = pkgs.nixUnstable;
optimise.automatic = true;
useSandbox = true;
gc.automatic = true;
};
system.autoUpgrade.enable = true;
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
# gui and stuff
i18n = {
consoleFont = "Lat2-Terminus16";
consoleKeyMap = "us";
defaultLocale = "en_US.UTF-8";
};
fonts = {
enableFontDir = true;
enableGhostscriptFonts = true;
fonts = [ pkgs.terminus_font ];
};
time.timeZone = "Europe/Berlin";
services.timesyncd.enable = true;
# GUI
hardware.pulseaudio.enable = true;
services.xserver = {
enable = true;
displayManager.auto.enable = true;
displayManager.auto.user = "shack";
desktopManager.xfce.enable = true;
layout = "us";
xkbVariant = "altgr-intl";
xkbOptions = "ctrl:nocaps, eurosign:e";
};
services.openssh = {
enable = true;
hostKeys = [
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
}

View file

@ -0,0 +1,24 @@
#!/bin/sh
set -euf
p(){
parted -s ${disk} -- $@
}
p mklabel gpt
p mkpart primary fat32 1M 551M
p set 1 boot on
p mkpart primary linux-swap 51M 4647M
p mkpart primary ext2 4647M 100%
udevadm settle
mkfs.fat -nboot -F32 /dev/sda1
udevadm settle
mkswap ${disk}2 -L swap
swapon -L swap
mkfs.ext4 -L nixos ${disk}3
mount LABEL=nixos /mnt
mkdir /mnt/boot
mount LABEL=boot /mnt/boot
mkdir -p /mnt/etc/nixos
cp ${./shack-config.nix} /mnt/etc/nixos/configuration.nix
nixos-generate-config --root /mnt