infra: add installer
This commit is contained in:
parent
d784867779
commit
a6ac329a69
6 changed files with 55 additions and 7 deletions
|
@ -126,6 +126,7 @@
|
|||
]
|
||||
))
|
||||
colmena
|
||||
just
|
||||
sops
|
||||
];
|
||||
};
|
||||
|
|
|
@ -2,15 +2,11 @@
|
|||
{
|
||||
nixpkgs.config = {
|
||||
allowNonSource = false;
|
||||
allowNonSourcePredicate =
|
||||
pkg:
|
||||
lib.elem (lib.getName pkg) [
|
||||
];
|
||||
allowNonSourcePredicate = pkg: lib.elem (lib.getName pkg) [ ];
|
||||
|
||||
allowUnfree = false;
|
||||
allowUnfreePredicate = pkg: lib.elem (lib.getName pkg) [ ];
|
||||
|
||||
permittedInsecurePackages = [
|
||||
];
|
||||
permittedInsecurePackages = [ ];
|
||||
};
|
||||
}
|
||||
|
|
1
infra/.gitignore
vendored
1
infra/.gitignore
vendored
|
@ -1,3 +1,4 @@
|
|||
/.terraform
|
||||
/terraform.tfstate.*
|
||||
/.terraform.lock.hcl
|
||||
/output
|
||||
|
|
45
infra/justfile
Normal file
45
infra/justfile
Normal file
|
@ -0,0 +1,45 @@
|
|||
[private]
|
||||
@default:
|
||||
just --list
|
||||
|
||||
[private]
|
||||
nix-build NAME ATTR:
|
||||
nix build ..#nixosConfigurations.{{ NAME }}.config.system.build.{{ ATTR }} --out-link ./output/{{ ATTR }}
|
||||
|
||||
[private]
|
||||
nix-copy HOST ATTR:
|
||||
nix copy --substitute-on-destination --no-check-sigs --to 'ssh-ng://{{ HOST }}' ./output/{{ ATTR }}
|
||||
|
||||
# partition disk using disko
|
||||
disko NAME HOST:
|
||||
@just nix-build {{ NAME }} diskoScript
|
||||
@just nix-copy {{ HOST }} diskoScript
|
||||
ssh {{ HOST }} $(realpath ./output/diskoScript)
|
||||
|
||||
# generate ssh keys
|
||||
ssh-keygen _NAME HOST:
|
||||
ssh {{ HOST }} mkdir -m 0755 -p /mnt/persist/etc/ssh
|
||||
ssh {{ HOST }} ssh-keygen -t "rsa" -b 4096 -f "/mnt/persist/etc/ssh/ssh_host_rsa_key" -N \"\"
|
||||
ssh {{ HOST }} ssh-keygen -t "ed25519" -f "/mnt/persist/etc/ssh/ssh_host_ed25519_key" -N \"\"
|
||||
ssh {{ HOST }} cat /mnt/persist/etc/ssh/ssh_host_ed25519_key.pub | nix run nixpkgs#ssh-to-age
|
||||
|
||||
# FIXME:
|
||||
# https://askubuntu.com/questions/1110828/ssh-failed-to-start-missing-privilege-separation-directory-var-run-sshd
|
||||
ssh {{ HOST }} mkdir -m 0755 -p /mnt/persist/var/run/sshd
|
||||
|
||||
# build system configuration
|
||||
build NAME HOST:
|
||||
@just nix-build {{ NAME }} toplevel
|
||||
@just nix-copy {{ HOST }}?remote-store=local?root=/mnt toplevel
|
||||
|
||||
# run nixos-install
|
||||
install _NAME HOST:
|
||||
ssh {{ HOST }} nixos-install --root /mnt --system $(realpath ./output/toplevel) --no-channel-copy --no-root-passwd
|
||||
|
||||
# reboot
|
||||
reboot _NAME HOST:
|
||||
ssh {{ HOST }} reboot
|
||||
|
||||
# cleanup files
|
||||
cleanup _NAME HOST:
|
||||
rm -r ./output
|
|
@ -8,13 +8,14 @@ locals {
|
|||
}
|
||||
}
|
||||
|
||||
# https://github.com/NickCao/netboot
|
||||
resource "vultr_startup_script" "script" {
|
||||
name = "nixos"
|
||||
type = "pxe"
|
||||
script = base64encode(<<EOT
|
||||
#!ipxe
|
||||
set cmdline sshkey="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMmd/uqiBahzKcKMJ+gT3dkUIdrWQgudspsDchDlx1E/"
|
||||
chain https://github.com/NickCao/netboot/releases/download/latest/ipxe
|
||||
chain http://nixos.icu
|
||||
EOT
|
||||
)
|
||||
}
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
|
||||
programs = {
|
||||
deadnix.enable = true;
|
||||
just.enable = true;
|
||||
nixfmt.enable = true;
|
||||
prettier.enable = true;
|
||||
statix.enable = true;
|
||||
|
@ -11,8 +12,11 @@
|
|||
|
||||
settings.formatter.nixfmt.options = [ "--strict" ];
|
||||
|
||||
settings.formatter.just.includes = [ "infra/justfile" ];
|
||||
|
||||
settings.formatter.prettier.excludes = [
|
||||
"**/secrets.yaml"
|
||||
"infra/data.json"
|
||||
"secrets.yaml"
|
||||
];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue