From ce416956c65c8ff0c4c8d389b0b52b247a7a40d0 Mon Sep 17 00:00:00 2001 From: Christoph Cullmann Date: Tue, 20 Aug 2024 20:31:58 +0200 Subject: beta install synced --- beta/configuration.nix | 2 +- beta/hardware-configuration.nix | 11 +++- beta/install.sh | 3 - beta/install.txt | 122 ++++++++++++++++++++++++++++++++++++++++ beta/post-install.sh | 4 -- beta/pre-install.sh | 103 --------------------------------- 6 files changed, 133 insertions(+), 112 deletions(-) delete mode 100755 beta/install.sh create mode 100644 beta/install.txt delete mode 100755 beta/post-install.sh delete mode 100755 beta/pre-install.sh diff --git a/beta/configuration.nix b/beta/configuration.nix index 2742ceb..9214bdc 100644 --- a/beta/configuration.nix +++ b/beta/configuration.nix @@ -11,7 +11,7 @@ ./hardware-configuration.nix # Shared config of all machines - /data/nixos/share/common.nix + /nix/data/nixos/share/common.nix ]; # our hostname and an ID for ZFS diff --git a/beta/hardware-configuration.nix b/beta/hardware-configuration.nix index 5a93531..4f4155d 100644 --- a/beta/hardware-configuration.nix +++ b/beta/hardware-configuration.nix @@ -10,10 +10,19 @@ boot.initrd.kernelModules = [ "amdgpu" ]; boot.kernelModules = [ "kvm-amd" ]; - # efi partition + # /boot efi partition to boot in UEFI mode fileSystems."/boot" = { device = "/dev/disk/by-id/nvme-SAMSUNG_MZVLB1T0HBLR-000L2_S4DZNX0R362286-part1"; fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + neededForBoot = true; + }; + + # /nix encrypted btrfs for the remaining space + boot.initrd.luks.devices."crypt0".device = "/dev/disk/by-id/nvme-SAMSUNG_MZVLB1T0HBLR-000L2_S4DZNX0R362286-part2"; + fileSystems."/nix" = + { device = "/dev/mapper/crypt0"; + fsType = "btrfs"; neededForBoot = true; }; diff --git a/beta/install.sh b/beta/install.sh deleted file mode 100755 index 058aeb8..0000000 --- a/beta/install.sh +++ /dev/null @@ -1,3 +0,0 @@ -# install - -nixos-install --option experimental-features 'nix-command flakes' --no-root-passwd --root /mnt diff --git a/beta/install.txt b/beta/install.txt new file mode 100644 index 0000000..f121ad3 --- /dev/null +++ b/beta/install.txt @@ -0,0 +1,122 @@ +# +# enable ssh for root +# + +sudo bash +systemctl start sshd +passwd + +# +# install script below +# + +# +# kill old efi boot stuff +# + +efibootmgr +efibootmgr -b 0 -B +efibootmgr -b 1 -B +efibootmgr -b 2 -B +efibootmgr -b 3 -B +efibootmgr -b 4 -B +efibootmgr + +# Defining some helper variables (these will be used in later code +# blocks as well, so make sure to use the same terminal session or +# redefine them later) +DISK=/dev/disk/by-id/nvme-SAMSUNG_MZVLB1T0HBLR-000L2_S4DZNX0R362286 +HOST=beta + +# ensure 4k sector size +nvme format --lbaf=1 --force $DISK +nvme id-ns -H $DISK + +sleep 5 + +# kill old data +sgdisk --zap-all $DISK +blkdiscard -v $DISK +wipefs -a $DISK +gdisk -l $DISK + +sleep 5 + +# create partitions +parted $DISK -- mklabel gpt +sgdisk -n 1:0:+1024M -c 1:"EFI System Partition" -t 1:EF00 $DISK +sgdisk -n 2:0:0 -c 2:"Linux" -t 2:8e00 $DISK +parted $DISK -- set 1 boot on + +sleep 5 + +# take a look +cat /proc/partitions + +# boot partition +mkfs.fat -F 32 -n EFIBOOT $DISK-part1 + +sleep 5 + +# create the crypto containers with proper 4k sectors +cryptsetup luksFormat --sector-size 4096 --batch-mode --verify-passphrase $DISK-part2 + +# open the containers +cryptsetup luksOpen $DISK-part2 crypt0 + +# create one large btrfs on them, RAID0 with strong checksum +mkfs.btrfs -f -d raid0 -m raid0 --checksum blake2 --features block-group-tree --label nix /dev/mapper/crypt0 + +sleep 5 + +# prepare install, tmpfs root +mount -t tmpfs none /mnt + +# Create directories to mount file systems on +mkdir -p /mnt/{nix,home,boot,root,etc/nixos} + +# mount the ESP +mount $DISK-part1 /mnt/boot + +# mount large btrfs +mount -t btrfs /dev/mapper/crypt0 /mnt/nix + +# ensure tmp fills not the RAM +mkdir -p /mnt/tmp /mnt/nix/tmp +mount --bind /mnt/nix/tmp /mnt/tmp + +# bind mount persistent stuff to data +mkdir -p /mnt/nix/data/{home,root,nixos/$HOST} +mount --bind /mnt/nix/data/home /mnt/home +mount --bind /mnt/nix/data/root /mnt/root +mount --bind /mnt/nix/data/nixos/$HOST /mnt/etc/nixos + +# create fake /nix/data to have the right paths +mkdir -p /nix/data +mount --bind /mnt/nix/data /nix/data + +# take a look +mount + +# configure +nixos-generate-config --root /mnt + +# check /mnt/etc/nixos/hardware-configuration.nix /mnt/etc/nixos/configuration.nix + +# copy config data from another machine including secrets + +sudo scp -r /nix/data/nixos root@192.168.13.xxx:/mnt/nix/data + +# install + +nixos-install --option experimental-features 'nix-command flakes' --no-root-passwd --root /mnt + +# unmount all stuff and sync + +umount -Rl /nix/data /mnt +cryptsetup luksClose crypt0 +sync + +# shutdown once + +shutdown -h now diff --git a/beta/post-install.sh b/beta/post-install.sh deleted file mode 100755 index dd09a6d..0000000 --- a/beta/post-install.sh +++ /dev/null @@ -1,4 +0,0 @@ -# unmount all stuff - -umount -Rl /data /mnt -zpool export -a diff --git a/beta/pre-install.sh b/beta/pre-install.sh deleted file mode 100755 index 5e17659..0000000 --- a/beta/pre-install.sh +++ /dev/null @@ -1,103 +0,0 @@ -# -# kill old efi boot stuff -# - -efibootmgr -efibootmgr -b 0 -B -efibootmgr -b 1 -B -efibootmgr -b 2 -B -efibootmgr -b 3 -B -efibootmgr -b 4 -B -efibootmgr - -# -# install script below -# - -# Defining some helper variables (these will be used in later code -# blocks as well, so make sure to use the same terminal session or -# redefine them later) -DISK=/dev/disk/by-id/nvme-SAMSUNG_MZVLB1T0HBLR-000L2_S4DZNX0R362286 -HOST=beta - -# ensure 4k sector size -nvme format --lbaf=1 --force $DISK -nvme id-ns -H $DISK - -sleep 5 - -# kill old data -sgdisk --zap-all $DISK -blkdiscard -v $DISK -wipefs -a $DISK -gdisk -l $DISK - -# create partitions -parted $DISK -- mklabel gpt -sgdisk -n 1:0:+1024M -c 1:"EFI System Partition" -t 1:EF00 $DISK -sgdisk -n 2:0:0 -c 2:"Linux" -t 2:8e00 $DISK -parted $DISK -- set 1 boot on - -sleep 5 - -# take a look -cat /proc/partitions - -# boot partition -mkfs.fat -F 32 -n EFIBOOT $DISK-part1 - -sleep 5 - -# ZFS zpool creation with encryption -zpool create \ - -o ashift=12 \ - -o autotrim=on \ - -O acltype=posixacl \ - -O atime=off \ - -O canmount=off \ - -O compression=on \ - -O dnodesize=auto \ - -O normalization=formD \ - -O xattr=sa \ - -O mountpoint=none \ - -O encryption=on \ - -O keylocation=prompt \ - -O keyformat=passphrase \ - zpool $DISK-part2 - -sleep 5 - -# create all the volumes -zfs create -o mountpoint=legacy zpool/data -zfs create -o mountpoint=legacy zpool/nix - -sleep 5 - -# prepare install, tmpfs root -mount -t tmpfs none /mnt - -# Create directories to mount file systems on -mkdir -p /mnt/{data,nix,home,boot,root,etc/nixos} - -# mount the ESP -mount $DISK-part1 /mnt/boot - -# mount volumes -mount -t zfs zpool/data /mnt/data -mount -t zfs zpool/nix /mnt/nix - -# bind mount persistent stuff to data -mkdir -p /mnt/{data/home,data/root,data/nixos/$HOST} -mount --bind /mnt/data/home /mnt/home -mount --bind /mnt/data/root /mnt/root -mount --bind /mnt/data/nixos/$HOST /mnt/etc/nixos - -# create fake /data to have the right paths -mkdir -p /data -mount --bind /mnt/data /data - -# take a look -mount - -# configure -nixos-generate-config --root /mnt -- cgit v1.2.3