diff --git a/nixos/users/albert/default.nix b/nixos/users/albert/default.nix index d6d8b47c..13677bfb 100644 --- a/nixos/users/albert/default.nix +++ b/nixos/users/albert/default.nix @@ -3,7 +3,7 @@ let ifExists = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; in { # Define a user account. - imports = [ ] ++ lib.optional (builtins.isString desktop) ./desktop.nix; + imports = [ ./installer.nix ] ++ lib.optional (builtins.isString desktop) ./desktop.nix; users.mutableUsers = false; users.users.albert = { isNormalUser = true; diff --git a/nixos/users/albert/installer.nix b/nixos/users/albert/installer.nix new file mode 100644 index 00000000..53490f75 --- /dev/null +++ b/nixos/users/albert/installer.nix @@ -0,0 +1,89 @@ +{ config, desktop, lib, pkgs, username, ... }: +let + ifExists = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; + install-system = pkgs.writeScriptBin "install-system" '' +#!${pkgs.stdenv.shell} + +#set -euo pipefail + +# check if we are running in a live CD environment. +if [ df -h | grep tmpfs | grep /$ ] ; then + echo "ERROR! Not in a live CD environment (/ is not tmpfs)." + exit 1 +fi + +TARGET_HOST="''${1:-}" +TARGET_USER="''${2:-albert}" + +if [ "$(id -u)" -eq 0 ]; then + echo "ERROR! $(basename "$0") should be run as a regular user" + exit 1 +fi + +if [ ! -d "/tmp/nixos/git/.git" ]; then + git clone https://git.sysctl.io/albert/nix "/tmp/nixos/git" +fi + +pushd "/tmp/nixos/git" + +if [[ -z "$TARGET_HOST" ]]; then + echo "ERROR! $(basename "$0") requires a hostname as the first argument" + echo " The following hosts are available" + ls -1 nixos/hosts/*/default.nix | cut -d'/' -f2 | grep -v iso + exit 1 +fi + +if [[ -z "$TARGET_USER" ]]; then + echo "ERROR! $(basename "$0") requires a username as the second argument" + echo " The following users are available" + ls -1 nixos/users/ | grep -v -E "nixos|root" + exit 1 +fi + +if [ ! -e "nixos/hosts/$TARGET_HOST/disks.nix" ]; then + echo "ERROR! $(basename "$0") could not find the required nixos/$TARGET_HOST/disks.nix" + exit 1 +fi + +# Check if the machine we're provisioning expects a keyfile to unlock a disk. +# If it does, generate a new key, and write to a known location. +if grep -q "secret.key" "nixos/$TARGET_HOST/disks.nix"; then + echo -n "$(head -c32 /dev/random | base64)" > /tmp/secret.key +fi + +echo "WARNING! The disks in $TARGET_HOST are about to get wiped" +echo " NixOS will be re-installed" +echo " This is a destructive operation" +echo +read -p "Are you sure? [y/N]" -n 1 -r +echo +if [[ $REPLY =~ ^[Yy]$ ]]; then + sudo true + + sudo nix run github:nix-community/disko \ + --extra-experimental-features "nix-command flakes" \ + --no-write-lock-file \ + -- \ + --mode zap_create_mount \ + "nixos/hosts/$TARGET_HOST/disks.nix" + + sudo nixos-install --no-root-password --flake ".#$TARGET_HOST" + + # Rsync nix-config to the target install. + rsync -a --delete "/tmp/nixos/git/" "/mnt/etc/nixos/git/" + pushd "/mnt/etc/nixos/git/" + popd + + # If there is a keyfile for a data disk, put copy it to the root partition and + # ensure the permissions are set appropriately. + if [[ -f "/tmp/secret.key" ]]; then + sudo cp /tmp/secret.key /mnt/etc/secret.key + sudo chmod 0400 /mnt/etc/secret.key + fi +fi +''; +in +{ + config.environment.systemPackages = [ install-system ]; + config.services.kmscon.autologinUser = "${username}"; +} \ No newline at end of file