nix/squirtle.satstack.dev/install.sh

#!/usr/bin/env bash
set -e
set -x

# Requires ssh access to target machine: ssh root@${TARGET} 
TARGET=nixos

function FORMAT_DISK ()
{
    # Clear the beginning of the disk
    dd if=/dev/zero of=/dev/nvme0n1 bs=1M count=8

    # Create a new GPT partition table
    parted /dev/nvme0n1 -- mklabel gpt

    # Create boot partition (ESP)
    parted /dev/nvme0n1 -- mkpart primary fat32 1MiB 512MiB
    parted /dev/nvme0n1 -- set 1 esp on
    parted /dev/nvme0n1 -- name 1 squirtle_boot

    # Create crypt partition (256GB)
    parted /dev/nvme0n1 -- mkpart primary 512MiB 256.5GiB
    parted /dev/nvme0n1 -- name 2 squirtle_crypt

    # Create root partition (fills the rest of the drive)
    parted /dev/nvme0n1 -- mkpart primary 256.5GiB 100%
    parted /dev/nvme0n1 -- name 3 squirtle_root

    # Format the boot partition
    mkfs.fat -F 32 -n boot /dev/nvme0n1p1

    # Format the root partition
    mkfs.ext4 -L nixos /dev/nvme0n1p3

    # Mount the partitions
    mount /dev/nvme0n1p3 /mnt
    mkdir -p /mnt/boot
    mount /dev/nvme0n1p1 /mnt/boot

    # Generate NixOS configuration
    nixos-generate-config --root /mnt
}
# TODO: This part must be done manually, after the installation is complete
function ENCRYPT_DISK ()
{
    # Set up LUKS encryption
    cryptsetup luksFormat /dev/nvme0n1p2
    cryptsetup open /dev/nvme0n1p2 encrypted_squirtle

    # Format the encrypted partition
    mkfs.ext4 -L crypted /dev/mapper/encrypted_squirtle
    mkdir -p /mnt/squirtle
}

echo "Install NixOS on $TARGET? Press enter to continue or ctrl+c to quit."
read

ssh root@$TARGET "$(typeset -f FORMAT_DISK); FORMAT_DISK"

scp configuration.nix secrets.nix flake.nix root@$TARGET:/mnt/etc/nixos/

# setup ssh access
ssh root@$TARGET mkdir -p /mnt/etc/nixos/ssh /etc/nixos/ssh
scp ~/.ssh/authorized_keys root@$TARGET:/mnt/etc/nixos/ssh/authorized_keys
scp ~/.ssh/authorized_keys root@$TARGET:/etc/nixos/ssh/authorized_keys

# satstack.dev acme via namecheap api
#ssh root@$TARGET "mkdir -p /mnt/var/src/secrets && chmod 700 /mnt/var/src/secrets"
#echo "Prompting elevation for reckless satstack.dev acme secrets"
#file_content=$(doas cat /var/src/secrets/namecheap-satstack.dev)
#echo "$file_content" | ssh root@$TARGET "cat > /mnt/var/src/secrets/namecheap"

ssh root@$TARGET "mkdir -p /var/src/secrets && chmod 700 /var/src/secrets"
#echo "$file_content" | ssh root@$TARGET "cat > /var/src/secrets/namecheap"

ssh root@$TARGET nixos-install --flake /mnt/etc/nixos#squirtle

## REMINDERS
# Don't forget to set your passwd
# To chroot:
#nixos-enter --root /mnt

# Copy over ~/.config/fish from another host