{ config, desktop, lib, pkgs, username, ... }: let ifExists = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; install-system = pkgs.writeScriptBin "install-system" '' #!${pkgs.stdenv.shell} #set -euo pipefail TARGET_HOST="''${1:-}" TARGET_USER="''${2:-albert}" if [ "$(id -u)" -eq 0 ]; then echo "ERROR! $(basename "$0") should be run as a regular user" exit 1 fi if [ ! -d "/tmp/nixos/git/.git" ]; then git clone https://git.sysctl.io/albert/nix "/tmp/nixos/git" fi pushd "/tmp/nixos/git" if [[ -z "$TARGET_HOST" ]]; then echo "ERROR! $(basename "$0") requires a hostname as the first argument" echo " The following hosts are available" ls -1 nixos/hosts/*/default.nix | cut -d'/' -f2 | grep -v iso exit 1 fi if [[ -z "$TARGET_USER" ]]; then echo "ERROR! $(basename "$0") requires a username as the second argument" echo " The following users are available" ls -1 nixos/users/ | grep -v -E "nixos|root" exit 1 fi if [ ! -e "nixos/hosts/$TARGET_HOST/disks.nix" ]; then echo "ERROR! $(basename "$0") could not find the required nixos/$TARGET_HOST/disks.nix" exit 1 fi # Check if the machine we're provisioning expects a keyfile to unlock a disk. # If it does, generate a new key, and write to a known location. if grep -q "secret.key" "nixos/$TARGET_HOST/disks.nix"; then echo -n "$(head -c32 /dev/random | base64)" > /tmp/secret.key fi echo "WARNING! The disks in $TARGET_HOST are about to get wiped" echo " NixOS will be re-installed" echo " This is a destructive operation" echo read -p "Are you sure? [y/N]" -n 1 -r echo if [[ $REPLY =~ ^[Yy]$ ]]; then sudo true sudo nix run github:nix-community/disko \ --extra-experimental-features "nix-command flakes" \ --no-write-lock-file \ -- \ --mode zap_create_mount \ "nixos/hosts/$TARGET_HOST/disks.nix" sudo nixos-install --no-root-password --flake ".#$TARGET_HOST" # Rsync nix-config to the target install. rsync -a --delete "/tmp/nixos/git/" "/mnt/etc/nixos/git/" pushd "/mnt/etc/nixos/git/" popd # If there is a keyfile for a data disk, put copy it to the root partition and # ensure the permissions are set appropriately. if [[ -f "/tmp/secret.key" ]]; then sudo cp /tmp/secret.key /mnt/etc/secret.key sudo chmod 0400 /mnt/etc/secret.key fi fi ''; in { config.environment.systemPackages = [ install-system ]; config.services.kmscon.autologinUser = "${username}"; }