blob: 4af5a56ad28a1d3423603de4c6cc11fa367b5fa2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
#
# enable ssh for root
#
sudo bash
systemctl start sshd
passwd
#
# install script below
#
#
# kill old efi boot stuff
#
efibootmgr
efibootmgr -b 0 -B
efibootmgr -b 1 -B
efibootmgr -b 2 -B
efibootmgr -b 3 -B
efibootmgr -b 4 -B
efibootmgr
# Defining some helper variables (these will be used in later code
# blocks as well, so make sure to use the same terminal session or
# redefine them later)
DISK=/dev/disk/by-id/nvme-Seagate_FireCuda_530_ZP4000GM30013_7VS01VBM
DISK2=/dev/disk/by-id/nvme-CT2000P5PSSD8_213330E4ED05
DISK3=/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S69ENF0R846614L
HOST=neko
# ensure 4k sector size
nvme format --lbaf=1 --force $DISK
nvme id-ns -H $DISK
sleep 5
# kill old data
sgdisk --zap-all $DISK
blkdiscard -v $DISK
wipefs -a $DISK
gdisk -l $DISK
# wipe second disk
sgdisk --zap-all $DISK2
blkdiscard -v $DISK2
wipefs -a $DISK2
# wipe third disk
sgdisk --zap-all $DISK3
blkdiscard -v $DISK3
wipefs -a $DISK3
sleep 5
# create partitions
parted $DISK -- mklabel gpt
sgdisk -n 1:0:+1024M -c 1:"EFI System Partition" -t 1:EF00 $DISK
sgdisk -n 2:0:0 -c 2:"Linux" -t 2:8e00 $DISK
parted $DISK -- set 1 boot on
sleep 5
# take a look
cat /proc/partitions
# boot partition
mkfs.fat -F 32 -n EFIBOOT $DISK-part1
sleep 5
# create the crypto containers with proper 4k sectors
cryptsetup luksFormat --sector-size 4096 --batch-mode --verify-passphrase $DISK-part2
cryptsetup luksFormat --sector-size 4096 --batch-mode --verify-passphrase $DISK2
cryptsetup luksFormat --sector-size 4096 --batch-mode --verify-passphrase $DISK3
# open the containers
cryptsetup luksOpen $DISK-part2 crypt0
cryptsetup luksOpen $DISK2 crypt1
cryptsetup luksOpen $DISK3 crypt2
# create one large btrfs on them, RAID0 with strong checksum
mkfs.btrfs -f -d raid0 -m raid0 --checksum blake2 --features block-group-tree --label nix /dev/mapper/crypt0 /dev/mapper/crypt1 /dev/mapper/crypt2
sleep 5
# prepare install, tmpfs root
mount -t tmpfs none /mnt
# Create directories to mount file systems on
mkdir -p /mnt/{nix,home,boot,root,etc/nixos}
# mount the ESP
mount $DISK-part1 /mnt/boot
# mount large btrfs
mount -t btrfs /dev/mapper/crypt0 -o device=/dev/mapper/crypt1 -o device=/dev/mapper/crypt2 /mnt/nix
# ensure tmp fills not the RAM
mkdir -p /mnt/tmp /mnt/nix/tmp
mount --bind /mnt/nix/tmp /mnt/tmp
# bind mount persistent stuff to data
mkdir -p /mnt/nix/data/{home,root,nixos/$HOST}
mount --bind /mnt/nix/data/home /mnt/home
mount --bind /mnt/nix/data/root /mnt/root
mount --bind /mnt/nix/data/nixos/$HOST /mnt/etc/nixos
# create fake /nix/data to have the right paths
mkdir -p /nix/data
mount --bind /mnt/nix/data /nix/data
# take a look
mount
# configure
nixos-generate-config --root /mnt
# check /mnt/etc/nixos/hardware-configuration.nix /mnt/etc/nixos/configuration.nix
# copy config data from another machine including secrets
sudo scp -r /nix/data/nixos root@192.168.13.171:/mnt/nix/data
# install
nixos-install --option experimental-features 'nix-command flakes' --no-root-passwd --root /mnt
# unmount all stuff and sync
umount -Rl /nix/data /mnt
cryptsetup luksClose crypt0
cryptsetup luksClose crypt1
cryptsetup luksClose crypt2
sync
# shutdown once
shutdown -h now
# sync all /data after the install
sudo -E rsync -va --delete --one-file-system /nix/data/ root@192.168.13.171:/nix/data/
|
