1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
|
# build unstable installer
{
description = "installation media";
inputs.nixos.url = "nixpkgs/nixos-unstable";
outputs = { self, nixos }: {
nixosConfigurations = {
exampleIso = nixos.lib.nixosSystem {
system = "x86_64-linux";
modules = [
"${nixos}/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel-no-zfs.nix"
];
};
};
};
}
git init
git add flake.nix
nix --extra-experimental-features flakes --extra-experimental-features nix-command build .#nixosConfigurations.exampleIso.config.system.build.isoImage
sudo dd if=result/iso/nixos-24.05.20240108.317484b-x86_64-linux.iso of=/dev/sda bs=4M conv=fsync
#
# enable ssh for root
#
sudo bash
passwd
#
# kill old efi boot stuff
#
efibootmgr
efibootmgr -b 0 -B
efibootmgr -b 1 -B
efibootmgr -b 2 -B
efibootmgr -b 3 -B
efibootmgr -b 4 -B
efibootmgr
#
# install script below
#
# Defining some helper variables (these will be used in later code
# blocks as well, so make sure to use the same terminal session or
# redefine them later)
DISK=/dev/disk/by-id/nvme-Seagate_FireCuda_530_ZP4000GM30013_7VS01VBM
HOST=neko
# ensure 4k sector size
nvme format --lbaf=1 --force $DISK
nvme id-ns -H $DISK
sleep 5
# kill old data
sgdisk --zap-all $DISK
blkdiscard -v $DISK
wipefs -a $DISK
gdisk -l $DISK
# create partitions
parted $DISK -- mklabel gpt
sgdisk -n 1:0:+1024M -c 1:"EFI System Partition" -t 1:EF00 $DISK
sgdisk -n 2:0:0 -c 2:"Linux" -t 2:8e00 $DISK
parted $DISK -- set 1 boot on
sleep 5
# take a look
cat /proc/partitions
# boot partition
mkfs.fat -F 32 -n EFIBOOT $DISK-part1
# create the crypto containers
cryptsetup luksFormat --sector-size 4096 --batch-mode --verify-passphrase $DISK-part2
sleep 5
# open them, set right options persistently
cryptsetup luksOpen --allow-discards --perf-no_read_workqueue --perf-no_write_workqueue --persistent $DISK-part2 crypt-system
sleep 5
lsblk --fs
# create btrfs with fast & strong checksumming and fast mounting
mkfs.btrfs -f --csum xxhash --features block-group-tree /dev/mapper/crypt-system
sleep 5
btrfs filesystem show
# create all the volumes
mount /dev/mapper/crypt-system /mnt
btrfs subvolume create /mnt/data
btrfs subvolume create /mnt/nix
btrfs subvolume create /mnt/root
sleep 5
btrfs subvolume list /mnt
# umount again, we will only use explicit subvolumes
umount /mnt
# prepare install
mount -o subvol=root,noatime,nodiratime /dev/mapper/crypt-system /mnt
# Create directories to mount file systems on
mkdir -p /mnt/{data,nix,home,boot,root,etc/nixos}
# mount the ESP
mount $DISK-part1 /mnt/boot
# mount volumes
mount -o subvol=data,noatime,nodiratime /dev/mapper/crypt-system /mnt/data
mount -o subvol=nix,noatime,nodiratime /dev/mapper/crypt-system /mnt/nix
# bind mount persistent stuff to data
mkdir -p /mnt/{data/home,data/root,data/nixos/$HOST}
mount --bind /mnt/data/home /mnt/home
mount --bind /mnt/data/root /mnt/root
mount --bind /mnt/data/nixos/$HOST /mnt/etc/nixos
# create fake /data to have the right paths
mkdir -p /data
mount --bind /mnt/data /data
# take a look
mount
# configure
nixos-generate-config --root /mnt
# save /mnt/etc/nixos/hardware-configuration.nix /mnt/etc/nixos/configuration.nix
cp /mnt/etc/nixos/hardware-configuration.nix /tmp
cp /mnt/etc/nixos/configuration.nix /tmp
# copy config data
sudo scp -r /data/nixos root@192.168.13.171:/mnt/data
# install
nixos-install --option experimental-features 'nix-command flakes' --no-root-passwd --root /mnt
# unmount all stuff
umount -Rl /data /mnt
cryptsetup luksClose crypt-system
# sync all /data after the install
sudo -E rsync -va --delete --one-file-system /data root@192.168.13.171:/
# get back the vms
sudo -E rsync -va --delete --one-file-system /home/cullmann/vms/ root@192.168.13.171:/home/cullmann/vms/
#
# after install tasks for extra file systems
#
# create vms disk
DD=/dev/disk/by-id/nvme-CT2000P5PSSD8_213330E4ED05
sgdisk --zap-all $DD
blkdiscard -v $DD
wipefs -a $DD
sleep 5
# create the crypto containers
cryptsetup luksFormat --batch-mode --verify-passphrase $DD
sleep 5
# open them, set right options persistently
cryptsetup luksOpen --allow-discards --perf-no_read_workqueue --perf-no_write_workqueue --persistent $DD crypt-vms
sleep 5
lsblk --fs
# create btrfs with fast & strong checksumming and fast mounting
mkfs.btrfs -f --csum xxhash --features block-group-tree /dev/mapper/crypt-vms
sleep 5
btrfs filesystem show
# create projects disk
DD=/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S69ENF0R846614L
sgdisk --zap-all $DD
blkdiscard -v $DD
wipefs -a $DD
sleep 5
# create the crypto containers
cryptsetup luksFormat --batch-mode --verify-passphrase $DD
sleep 5
# open them, set right options persistently
cryptsetup luksOpen --allow-discards --perf-no_read_workqueue --perf-no_write_workqueue --persistent $DD crypt-projects
sleep 5
lsblk --fs
# create btrfs with fast & strong checksumming and fast mounting
mkfs.btrfs -f --csum xxhash --features block-group-tree /dev/mapper/crypt-projects
sleep 5
btrfs filesystem show
|
