79 lines
2.6 KiB
Bash
79 lines
2.6 KiB
Bash
|
#!/usr/bin/env bash
|
||
|
set -e
|
||
|
set -x
|
||
|
|
||
|
TARGET=192.168.1.19
|
||
|
TARGET_MAC=d8:5e:d3:82:9c:35
|
||
|
|
||
|
function FORMAT_DISK ()
|
||
|
{
|
||
|
dd if=/dev/zero count=1 bs=21M of=/dev/nvme0n1
|
||
|
parted /dev/nvme0n1 -- mklabel gpt
|
||
|
parted /dev/nvme0n1 -- mkpart primary 512MB 100%
|
||
|
mkfs.ext4 -L nixos /dev/nvme0n1p1
|
||
|
sync # wait for device to be ready
|
||
|
mount /dev/disk/by-label/nixos /mnt
|
||
|
|
||
|
# Create a new ESP
|
||
|
parted /dev/nvme0n1 -- mkpart ESP fat32 1MB 512MB
|
||
|
parted /dev/nvme0n1 -- set 2 esp on
|
||
|
mkfs.fat -F 32 -n boot /dev/nvme0n1p2
|
||
|
sync # wait for device to be ready
|
||
|
mkdir -p /mnt/boot
|
||
|
sleep 3 # wait for device to be ready
|
||
|
mount /dev/disk/by-label/boot /mnt/boot
|
||
|
|
||
|
# Or use an existing ESP (must have same boot loader type, ie. grub or systemd-boot)
|
||
|
#mkdir -p /mnt/boot
|
||
|
#mount /dev/nvme0n1p1 /mnt/boot
|
||
|
|
||
|
nixos-generate-config --root /mnt
|
||
|
}
|
||
|
ping -c1 ${TARGET} 2>&1 > /dev/null || (echo "Target not found. Exiting." && exit 1)
|
||
|
if ! arp -n | grep $TARGET_MAC; then
|
||
|
echo "Target not found in ARP table. Exiting."
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
echo "Install NixOS on ${TARGET}? You must set a password on the target before running this."
|
||
|
echo "Press enter to continue or ctrl+c to quit."
|
||
|
read
|
||
|
|
||
|
ssh-keygen -R ${TARGET}
|
||
|
ssh-copy-id nixos@${TARGET}
|
||
|
|
||
|
COMMANDS="
|
||
|
sudo cp -r /home/nixos/.ssh /root/.;
|
||
|
sudo chown -R root:root /root/.ssh;
|
||
|
"
|
||
|
ssh -t nixos@${TARGET} "${COMMANDS}"
|
||
|
|
||
|
ssh root@${TARGET} "$(typeset -f FORMAT_DISK); FORMAT_DISK"
|
||
|
|
||
|
scp configuration.nix root@${TARGET}:/mnt/etc/nixos/
|
||
|
|
||
|
# copy authorized keys to both the target and the target's chroot, because nixos-install runs outside the chroot
|
||
|
ssh root@${TARGET} mkdir -p /etc/nixos/ssh /mnt/etc/nixos/ssh
|
||
|
if [ -f ~/.ssh/ansible_root_keys ]; then
|
||
|
scp ~/.ssh/ansible_root_keys root@$TARGET:/mnt/etc/nixos/ssh/authorized_keys
|
||
|
scp ~/.ssh/ansible_root_keys root@$TARGET:/etc/nixos/ssh/authorized_keys
|
||
|
scp ~/.ssh/ansible_timburr_keys root@$TARGET:/mnt/etc/nixos/ssh/authorized_timburr_keys
|
||
|
scp ~/.ssh/ansible_timburr_keys root@$TARGET:/etc/nixos/ssh/authorized_timburr_keys
|
||
|
else
|
||
|
scp ~/.ssh/authorized_keys root@${TARGET}:/etc/nixos/ssh/authorized_keys
|
||
|
scp ~/.ssh/authorized_keys root@${TARGET}:/mnt/etc/nixos/ssh/authorized_keys
|
||
|
fi
|
||
|
|
||
|
echo "Press [Enter] to run nixos-install on the target, or press ctrl+c to stop and do it manually."
|
||
|
read
|
||
|
ssh root@${TARGET} nixos-install
|
||
|
#ssh root@${TARGET} openssl dhparam -out /etc/ssl/dhparams.pem 3072
|
||
|
|
||
|
ssh-keygen -R ${TARGET}
|
||
|
echo "Done."
|
||
|
echo
|
||
|
echo "You should set a password before restarting in case networking doesn't come up on first boot. To chroot run this:"
|
||
|
echo "nixos-enter --root /mnt"
|
||
|
echo "passwd"
|
||
|
|
||
|
ssh-keygen -R ${TARGET}
|