From 22b87fd13b724dec193181fe10c005e4d0dfdf9f Mon Sep 17 00:00:00 2001 From: Anish Lakhwara Date: Fri, 15 Jul 2022 03:17:54 +1000 Subject: [PATCH 01/29] init nixos build --- nixos/22.05/capsul-init | 21 +++++++++ nixos/22.05/configuration.nix | 18 ++++++++ nixos/22.05/packer.json | 82 +++++++++++++++++++++++++++++++++++ nixos/22.05/post-install.sh | 6 +++ nixos/TODO | 4 ++ nixos/build | 4 ++ 6 files changed, 135 insertions(+) create mode 100644 nixos/22.05/capsul-init create mode 100644 nixos/22.05/configuration.nix create mode 100644 nixos/22.05/packer.json create mode 100755 nixos/22.05/post-install.sh create mode 100644 nixos/TODO create mode 100755 nixos/build diff --git a/nixos/22.05/capsul-init b/nixos/22.05/capsul-init new file mode 100644 index 0000000..38fa422 --- /dev/null +++ b/nixos/22.05/capsul-init @@ -0,0 +1,21 @@ +#!/bin/sh + +user=cyberian +homedir="/home/$user" + +mkdir -p "$homedir/.ssh" +chmod 700 "$homedir/.ssh" +chown "$user" "$homedir/.ssh" + +mount -t iso9660 -o ro /dev/sr0 /mnt + +grep '\- ssh' /mnt/user-data | cut -d ' ' -f 8- > "$homedir/.ssh/authorized_keys" + +chmod 600 "$homedir/.ssh/authorized_keys" + +chown "$user" "$homedir/.ssh/authorized_keys" + +/run/current-system/profile/sbin/resize2fs /dev/vda2 + +umount /mnt +rm /root/capsul-init diff --git a/nixos/22.05/configuration.nix b/nixos/22.05/configuration.nix new file mode 100644 index 0000000..9ef691e --- /dev/null +++ b/nixos/22.05/configuration.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./guest.nix + ./users.nix + ./vagrant.nix + ]; + + # we always want git and vim + environment.systemPackages = with pkgs; [ + git + vim + ]; + + +} diff --git a/nixos/22.05/packer.json b/nixos/22.05/packer.json new file mode 100644 index 0000000..b723c8d --- /dev/null +++ b/nixos/22.05/packer.json @@ -0,0 +1,82 @@ +{ + "variables": { + "iso_url": "https://releases.nixos.org/nixos/22.05/nixos-22.05.1700.365e1b3a859/nixos-minimal-22.05.1700.365e1b3a859-x86_64-linux.iso", + "iso_checksum": "aa9eeb04a491a84036368a93545400d79d16d281d4b7a29979bbb4f8476f9b81", + "qcow2_image": "nixos-minimal-22.05-x86_64" + }, + "provisioners": [ + { + "type": "shell", + "script": "post-install.sh" + }, + { + "type": "file", + "source": "configuration.nix", + "destination": "/mnt/etc/nixos/configuration.nix" + }, + { + "type": "shell", + "inline": [ + "nixos-install" + ] + }, + { + "type": "shell", + "inline": ["reboot"], + "expect_disconnect": true + }, + { + "type": "file", + "source": "capsul-init", + "destination": "/tmp/capsul-init" + }, + { + "type": "file", + "source": "config-2.scm", + "destination": "/etc/config.scm" + }, + { + "type": "shell", + "inline": [ + "mkdir -p ~/.config/guix", + "guix pull", + "guix system reconfigure /etc/config.scm", + "mv /tmp/capsul-init /root/capsul-init", + "chmod +x /root/capsul-init", + "guix system delete-generations", + "guix gc", + "rm /etc/ssh/* || :", + "rm /var/db/dhclient.leases", + "dd if=/dev/zero of=/EMPTY bs=1M || :", + "rm -f /EMPTY", + "sync" + ] + } + ], + "builders": [ + { + "type": "qemu", + "headless": true, + "iso_url": "{{user `iso_url`}}", + "iso_checksum": "{{user `iso_checksum`}}", + "vm_name": "{{user `qcow2_image`}}.qcow2", + "cpus": 2, + "memory": 2048, + "disk_interface": "virtio", + "disk_size": 25600, + "disk_compression": true, + "disk_cache": "unsafe", + "http_directory": ".", + "boot_wait": "70s", + "boot_command": [ + "", + "passwd rootpasswordpassword", + "herd start ssh-daemon" + ], + "ssh_username": "root", + "ssh_password": "password", + "ssh_wait_timeout": "20m", + "shutdown_command": "shutdown" + } + ] +} diff --git a/nixos/22.05/post-install.sh b/nixos/22.05/post-install.sh new file mode 100755 index 0000000..10c9843 --- /dev/null +++ b/nixos/22.05/post-install.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +parted -s --align=none /dev/vda mktable gpt mkpart primary ext2 0 2MB mkpart primary ext2 2MB 100% set 1 bios_grub on +mkfs.ext4 -L root /dev/vda2 +mount LABEL=root /mnt +nixos-generate-config --root /mnt diff --git a/nixos/TODO b/nixos/TODO new file mode 100644 index 0000000..c302544 --- /dev/null +++ b/nixos/TODO @@ -0,0 +1,4 @@ +- configuration-2.nix + - flakes support (maybe?) + - cyberian user + - capsul systemd module diff --git a/nixos/build b/nixos/build new file mode 100755 index 0000000..f9f6d87 --- /dev/null +++ b/nixos/build @@ -0,0 +1,4 @@ +#!/bin/sh + +cd $1 +packer build packer.json -- 2.45.2 From 667dc72304c7adea641fcd314dedd054e08d7d19 Mon Sep 17 00:00:00 2001 From: Anish Lakhwara Date: Fri, 15 Jul 2022 03:20:18 +1000 Subject: [PATCH 02/29] add a bit to todo --- nixos/{TODO => TODO.md} | 2 ++ 1 file changed, 2 insertions(+) rename nixos/{TODO => TODO.md} (54%) diff --git a/nixos/TODO b/nixos/TODO.md similarity index 54% rename from nixos/TODO rename to nixos/TODO.md index c302544..9cc4a5c 100644 --- a/nixos/TODO +++ b/nixos/TODO.md @@ -2,3 +2,5 @@ - flakes support (maybe?) - cyberian user - capsul systemd module + - `nixos-delete-generations` + - other post install things that guix does? -- 2.45.2 From 5716138258e9e44221465618f3f7131576075143 Mon Sep 17 00:00:00 2001 From: Anish Lakhwara Date: Sat, 16 Jul 2022 00:29:03 +1000 Subject: [PATCH 03/29] fix up nix file --- nixos/22.05/configuration.nix | 12 ++++++------ nixos/22.05/packer.json | 22 ---------------------- 2 files changed, 6 insertions(+), 28 deletions(-) diff --git a/nixos/22.05/configuration.nix b/nixos/22.05/configuration.nix index 9ef691e..76ee653 100644 --- a/nixos/22.05/configuration.nix +++ b/nixos/22.05/configuration.nix @@ -1,18 +1,18 @@ { config, pkgs, ... }: { - imports = [ - ./hardware-configuration.nix - ./guest.nix - ./users.nix - ./vagrant.nix + imports = [ + ./hardware-configuration.nix ]; # we always want git and vim - environment.systemPackages = with pkgs; [ + environment.systemPackages = with pkgs; [ git vim ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/vda"; } diff --git a/nixos/22.05/packer.json b/nixos/22.05/packer.json index b723c8d..0a841db 100644 --- a/nixos/22.05/packer.json +++ b/nixos/22.05/packer.json @@ -29,28 +29,6 @@ "type": "file", "source": "capsul-init", "destination": "/tmp/capsul-init" - }, - { - "type": "file", - "source": "config-2.scm", - "destination": "/etc/config.scm" - }, - { - "type": "shell", - "inline": [ - "mkdir -p ~/.config/guix", - "guix pull", - "guix system reconfigure /etc/config.scm", - "mv /tmp/capsul-init /root/capsul-init", - "chmod +x /root/capsul-init", - "guix system delete-generations", - "guix gc", - "rm /etc/ssh/* || :", - "rm /var/db/dhclient.leases", - "dd if=/dev/zero of=/EMPTY bs=1M || :", - "rm -f /EMPTY", - "sync" - ] } ], "builders": [ -- 2.45.2 From dce53efe37e8f5298671ab0c9aa99f7ade57c6ef Mon Sep 17 00:00:00 2001 From: Anish Lakhwara Date: Sat, 16 Jul 2022 04:23:09 +1000 Subject: [PATCH 04/29] stuck again --- nixos/22.05/configuration.nix | 7 +++++++ nixos/22.05/packer.json | 19 +++++++++++++++---- nixos/22.05/post-install.sh | 1 + 3 files changed, 23 insertions(+), 4 deletions(-) diff --git a/nixos/22.05/configuration.nix b/nixos/22.05/configuration.nix index 76ee653..b46cbe2 100644 --- a/nixos/22.05/configuration.nix +++ b/nixos/22.05/configuration.nix @@ -15,4 +15,11 @@ boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/vda"; + users.users.cyberian = { + isNormalUser = true; + password = "password"; + }; + users.users.root.password = "password"; + + services.openssh.enable = true; } diff --git a/nixos/22.05/packer.json b/nixos/22.05/packer.json index 0a841db..23f334a 100644 --- a/nixos/22.05/packer.json +++ b/nixos/22.05/packer.json @@ -25,10 +25,22 @@ "inline": ["reboot"], "expect_disconnect": true }, + { + "type": "shell", + "inline": ["echo"], + "start_retry_timeout": "40s" + }, { "type": "file", "source": "capsul-init", "destination": "/tmp/capsul-init" + }, + { + "type": "shell", + "inline": [ + "mv /tmp/capsul-init /root/capsul-init", + "chmod +x /root/capsul-init" + ] } ], "builders": [ @@ -45,11 +57,10 @@ "disk_compression": true, "disk_cache": "unsafe", "http_directory": ".", - "boot_wait": "70s", + "boot_wait": "40s", "boot_command": [ - "", - "passwd rootpasswordpassword", - "herd start ssh-daemon" + "sudo su", + "passwdpasswordpassword" ], "ssh_username": "root", "ssh_password": "password", diff --git a/nixos/22.05/post-install.sh b/nixos/22.05/post-install.sh index 10c9843..7ff7fef 100755 --- a/nixos/22.05/post-install.sh +++ b/nixos/22.05/post-install.sh @@ -1,5 +1,6 @@ #!/bin/sh +sudo su parted -s --align=none /dev/vda mktable gpt mkpart primary ext2 0 2MB mkpart primary ext2 2MB 100% set 1 bios_grub on mkfs.ext4 -L root /dev/vda2 mount LABEL=root /mnt -- 2.45.2 From 233cbc57458dfb7cad73013f57e909878bd3f86a Mon Sep 17 00:00:00 2001 From: forest Date: Sat, 16 Jul 2022 12:09:09 -0500 Subject: [PATCH 05/29] try `trigger-reboot` script which returns exit 0 before rebooting --- nixos/22.05/configuration.nix | 1 + nixos/22.05/packer.json | 19 +++++++++++++------ nixos/22.05/trigger-reboot | 4 ++++ 3 files changed, 18 insertions(+), 6 deletions(-) create mode 100755 nixos/22.05/trigger-reboot diff --git a/nixos/22.05/configuration.nix b/nixos/22.05/configuration.nix index b46cbe2..de80a3a 100644 --- a/nixos/22.05/configuration.nix +++ b/nixos/22.05/configuration.nix @@ -14,6 +14,7 @@ boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/vda"; + system.stateVersion = "22.05"; users.users.cyberian = { isNormalUser = true; diff --git a/nixos/22.05/packer.json b/nixos/22.05/packer.json index 23f334a..4a4f577 100644 --- a/nixos/22.05/packer.json +++ b/nixos/22.05/packer.json @@ -20,15 +20,20 @@ "nixos-install" ] }, + { + "type": "file", + "source": "trigger-reboot", + "destination": "/tmp/trigger-reboot" + }, { "type": "shell", - "inline": ["reboot"], + "inline": ["/tmp/trigger-reboot & exit 0"], "expect_disconnect": true }, { "type": "shell", - "inline": ["echo"], - "start_retry_timeout": "40s" + "inline": ["echo foooooo"], + "pause_before": "30s" }, { "type": "file", @@ -57,10 +62,12 @@ "disk_compression": true, "disk_cache": "unsafe", "http_directory": ".", - "boot_wait": "40s", + "boot_wait": "90s", "boot_command": [ - "sudo su", - "passwdpasswordpassword" + "sudo su", + "passwd root", + "password", + "password" ], "ssh_username": "root", "ssh_password": "password", diff --git a/nixos/22.05/trigger-reboot b/nixos/22.05/trigger-reboot new file mode 100755 index 0000000..29f7cf2 --- /dev/null +++ b/nixos/22.05/trigger-reboot @@ -0,0 +1,4 @@ +#!/bin/sh + +sleep 1 +systemctl stop sshd.service && sleep 4 && reboot -- 2.45.2 From 8013b8c9534ddfd83ec188a93d1d519c5bc570f2 Mon Sep 17 00:00:00 2001 From: forest Date: Sat, 16 Jul 2022 12:49:21 -0500 Subject: [PATCH 06/29] fix nixos SSH settings for packer to be able to reconnect --- nixos/22.05/configuration.nix | 6 +++++- nixos/22.05/packer.json | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/nixos/22.05/configuration.nix b/nixos/22.05/configuration.nix index de80a3a..91df63e 100644 --- a/nixos/22.05/configuration.nix +++ b/nixos/22.05/configuration.nix @@ -22,5 +22,9 @@ }; users.users.root.password = "password"; - services.openssh.enable = true; + services.openssh = { + enable = true; + permitRootLogin = "yes"; + passwordAuthentication = true; + }; } diff --git a/nixos/22.05/packer.json b/nixos/22.05/packer.json index 4a4f577..f75fa52 100644 --- a/nixos/22.05/packer.json +++ b/nixos/22.05/packer.json @@ -27,12 +27,12 @@ }, { "type": "shell", - "inline": ["/tmp/trigger-reboot & exit 0"], + "inline": ["echo 'executing trigger-reboot...' && /tmp/trigger-reboot & exit 0"], "expect_disconnect": true }, { "type": "shell", - "inline": ["echo foooooo"], + "inline": ["echo 'reconnected after rebooting'"], "pause_before": "30s" }, { @@ -62,7 +62,7 @@ "disk_compression": true, "disk_cache": "unsafe", "http_directory": ".", - "boot_wait": "90s", + "boot_wait": "110s", "boot_command": [ "sudo su", "passwd root", -- 2.45.2 From 2e13b7c20a2ea9d20a5938577026c62b435708b7 Mon Sep 17 00:00:00 2001 From: forest Date: Sat, 16 Jul 2022 12:52:20 -0500 Subject: [PATCH 07/29] remove cruft --- nixos/22.05/trigger-reboot | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/22.05/trigger-reboot b/nixos/22.05/trigger-reboot index 29f7cf2..3c64e7b 100755 --- a/nixos/22.05/trigger-reboot +++ b/nixos/22.05/trigger-reboot @@ -1,4 +1,4 @@ #!/bin/sh -sleep 1 -systemctl stop sshd.service && sleep 4 && reboot +sleep 4 +reboot -- 2.45.2 From 2529875bb12a76620fcbe04419551f58071f2b77 Mon Sep 17 00:00:00 2001 From: Anish Lakhwara Date: Sun, 17 Jul 2022 14:35:27 +1000 Subject: [PATCH 08/29] add systemd unit that only runs once --- nixos/22.05/configuration.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/nixos/22.05/configuration.nix b/nixos/22.05/configuration.nix index 91df63e..4f6fce7 100644 --- a/nixos/22.05/configuration.nix +++ b/nixos/22.05/configuration.nix @@ -27,4 +27,12 @@ permitRootLogin = "yes"; passwordAuthentication = true; }; + + systemd.services.capsul-init = { + serviceConfig.Type = "oneshot"; + serviceConfig = { + ExecStart = "/root/capsul-init"; + ConditionPathExists = "/root/capsul-init"; + }; + }; } -- 2.45.2 From d5f94420ee924240b3ac1df55a10b1fd88097ddf Mon Sep 17 00:00:00 2001 From: Anish Lakhwara Date: Sun, 17 Jul 2022 15:01:42 +1000 Subject: [PATCH 09/29] fix up configure script --- nixos/22.05/capsul-init | 29 +++++++++++++++++++++++++++++ nixos/22.05/configuration.nix | 2 ++ 2 files changed, 31 insertions(+) diff --git a/nixos/22.05/capsul-init b/nixos/22.05/capsul-init index 38fa422..2b29897 100644 --- a/nixos/22.05/capsul-init +++ b/nixos/22.05/capsul-init @@ -17,5 +17,34 @@ chown "$user" "$homedir/.ssh/authorized_keys" /run/current-system/profile/sbin/resize2fs /dev/vda2 +cat < /etc/configuration.nix +{ config, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ]; + + # we always want git and vim + environment.systemPackages = with pkgs; [ + git + vim + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/vda"; + system.stateVersion = "22.05"; + + users.users.cyberian = { + isNormalUser = true; + }; + + services.openssh = { + enable = true; + }; +EOF + umount /mnt rm /root/capsul-init +sudo nixos-rebuild switch diff --git a/nixos/22.05/configuration.nix b/nixos/22.05/configuration.nix index 4f6fce7..3f8c8f6 100644 --- a/nixos/22.05/configuration.nix +++ b/nixos/22.05/configuration.nix @@ -28,6 +28,8 @@ passwordAuthentication = true; }; + # Feel free to remove this after first boot + # /root/capsul-init gets deleted after first run systemd.services.capsul-init = { serviceConfig.Type = "oneshot"; serviceConfig = { -- 2.45.2 From f66d09b7eaaa60d0924a25ea94e0e97323f72b7b Mon Sep 17 00:00:00 2001 From: Anish Lakhwara Date: Mon, 18 Jul 2022 01:19:48 +1000 Subject: [PATCH 10/29] remove todo --- nixos/TODO.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/nixos/TODO.md b/nixos/TODO.md index 9cc4a5c..ff4e0d4 100644 --- a/nixos/TODO.md +++ b/nixos/TODO.md @@ -1,6 +1,2 @@ -- configuration-2.nix - - flakes support (maybe?) - - cyberian user - - capsul systemd module - - `nixos-delete-generations` - - other post install things that guix does? +- test that the systemd module works as intended +- `nixos-delete-generations` -- 2.45.2 From e755a971417e337776ff6cf7fc38e3b8182c39cd Mon Sep 17 00:00:00 2001 From: Anish Lakhwara Date: Mon, 18 Jul 2022 01:59:12 +1000 Subject: [PATCH 11/29] fix systemd module --- nixos/22.05/configuration.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nixos/22.05/configuration.nix b/nixos/22.05/configuration.nix index 3f8c8f6..d5c9120 100644 --- a/nixos/22.05/configuration.nix +++ b/nixos/22.05/configuration.nix @@ -32,9 +32,11 @@ # /root/capsul-init gets deleted after first run systemd.services.capsul-init = { serviceConfig.Type = "oneshot"; + unitConfig = { + ConditionPathExists = "/root/capsul-init"; + }; serviceConfig = { ExecStart = "/root/capsul-init"; - ConditionPathExists = "/root/capsul-init"; }; }; } -- 2.45.2 From 2bff5a091b17d0367b20d41121b4b1ccf7dbc93b Mon Sep 17 00:00:00 2001 From: Jes Olson Date: Sun, 17 Jul 2022 16:42:53 -0500 Subject: [PATCH 12/29] convert tabs -> spaces --- nixos/22.05/packer.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/nixos/22.05/packer.json b/nixos/22.05/packer.json index f75fa52..85bee91 100644 --- a/nixos/22.05/packer.json +++ b/nixos/22.05/packer.json @@ -30,11 +30,11 @@ "inline": ["echo 'executing trigger-reboot...' && /tmp/trigger-reboot & exit 0"], "expect_disconnect": true }, - { - "type": "shell", - "inline": ["echo 'reconnected after rebooting'"], - "pause_before": "30s" - }, + { + "type": "shell", + "inline": ["echo 'reconnected after rebooting'"], + "pause_before": "30s" + }, { "type": "file", "source": "capsul-init", @@ -43,9 +43,9 @@ { "type": "shell", "inline": [ - "mv /tmp/capsul-init /root/capsul-init", - "chmod +x /root/capsul-init" - ] + "mv /tmp/capsul-init /root/capsul-init", + "chmod +x /root/capsul-init" + ] } ], "builders": [ -- 2.45.2 From e874ce9bea31f73c66d412da9c6e5be092940632 Mon Sep 17 00:00:00 2001 From: Jes Olson Date: Sun, 17 Jul 2022 16:43:19 -0500 Subject: [PATCH 13/29] chown homedir recursively --- nixos/22.05/capsul-init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/22.05/capsul-init b/nixos/22.05/capsul-init index 2b29897..58195ae 100644 --- a/nixos/22.05/capsul-init +++ b/nixos/22.05/capsul-init @@ -5,7 +5,7 @@ homedir="/home/$user" mkdir -p "$homedir/.ssh" chmod 700 "$homedir/.ssh" -chown "$user" "$homedir/.ssh" +chown -R "$user:$user" "$homedir" mount -t iso9660 -o ro /dev/sr0 /mnt -- 2.45.2 From 35546c5a698cc8718e668f2bddf91046a8a8d721 Mon Sep 17 00:00:00 2001 From: Jes Olson Date: Sun, 17 Jul 2022 16:44:53 -0500 Subject: [PATCH 14/29] Add group to chown --- nixos/22.05/capsul-init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/22.05/capsul-init b/nixos/22.05/capsul-init index 58195ae..8104bba 100644 --- a/nixos/22.05/capsul-init +++ b/nixos/22.05/capsul-init @@ -13,7 +13,7 @@ grep '\- ssh' /mnt/user-data | cut -d ' ' -f 8- > "$homedir/.ssh/authorized_key chmod 600 "$homedir/.ssh/authorized_keys" -chown "$user" "$homedir/.ssh/authorized_keys" +chown "$user:$user" "$homedir/.ssh/authorized_keys" /run/current-system/profile/sbin/resize2fs /dev/vda2 -- 2.45.2 From 47be961751dc40d667c243ecbbcd72204ab8f756 Mon Sep 17 00:00:00 2001 From: Jes Olson Date: Sun, 17 Jul 2022 16:46:56 -0500 Subject: [PATCH 15/29] Remove sudo su since we are root --- nixos/22.05/post-install.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos/22.05/post-install.sh b/nixos/22.05/post-install.sh index 7ff7fef..10c9843 100755 --- a/nixos/22.05/post-install.sh +++ b/nixos/22.05/post-install.sh @@ -1,6 +1,5 @@ #!/bin/sh -sudo su parted -s --align=none /dev/vda mktable gpt mkpart primary ext2 0 2MB mkpart primary ext2 2MB 100% set 1 bios_grub on mkfs.ext4 -L root /dev/vda2 mount LABEL=root /mnt -- 2.45.2 From 3cfed4c6a31208a398c1f3301c316f7f7b7a5696 Mon Sep 17 00:00:00 2001 From: Jes Olson Date: Sun, 17 Jul 2022 17:17:26 -0500 Subject: [PATCH 16/29] Move 2nd-stage configuration to packer, not capsul-init --- nixos/22.05/capsul-init | 29 -------------------- nixos/22.05/configuration.nix | 14 +++------- nixos/22.05/final-configuration.nix | 41 +++++++++++++++++++++++++++++ nixos/22.05/packer.json | 11 ++++++++ 4 files changed, 55 insertions(+), 40 deletions(-) create mode 100644 nixos/22.05/final-configuration.nix diff --git a/nixos/22.05/capsul-init b/nixos/22.05/capsul-init index 8104bba..fdef65d 100644 --- a/nixos/22.05/capsul-init +++ b/nixos/22.05/capsul-init @@ -17,34 +17,5 @@ chown "$user:$user" "$homedir/.ssh/authorized_keys" /run/current-system/profile/sbin/resize2fs /dev/vda2 -cat < /etc/configuration.nix -{ config, pkgs, ... }: - -{ - imports = [ - ./hardware-configuration.nix - ]; - - # we always want git and vim - environment.systemPackages = with pkgs; [ - git - vim - ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/vda"; - system.stateVersion = "22.05"; - - users.users.cyberian = { - isNormalUser = true; - }; - - services.openssh = { - enable = true; - }; -EOF - umount /mnt rm /root/capsul-init -sudo nixos-rebuild switch diff --git a/nixos/22.05/configuration.nix b/nixos/22.05/configuration.nix index d5c9120..8406b58 100644 --- a/nixos/22.05/configuration.nix +++ b/nixos/22.05/configuration.nix @@ -1,3 +1,6 @@ +# this configuration is intended to give us ssh +# access to the build machine + { config, pkgs, ... }: { @@ -28,15 +31,4 @@ passwordAuthentication = true; }; - # Feel free to remove this after first boot - # /root/capsul-init gets deleted after first run - systemd.services.capsul-init = { - serviceConfig.Type = "oneshot"; - unitConfig = { - ConditionPathExists = "/root/capsul-init"; - }; - serviceConfig = { - ExecStart = "/root/capsul-init"; - }; - }; } diff --git a/nixos/22.05/final-configuration.nix b/nixos/22.05/final-configuration.nix new file mode 100644 index 0000000..2d1f6ff --- /dev/null +++ b/nixos/22.05/final-configuration.nix @@ -0,0 +1,41 @@ +# this configuration is meant to be the final +# handed over to the user + +{ config, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ]; + + # we always want git and vim + environment.systemPackages = with pkgs; [ + git + vim + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/vda"; + system.stateVersion = "22.05"; + + users.users.cyberian = { + isNormalUser = true; + }; + + services.openssh = { + enable = true; + }; + + # Feel free to remove this after first boot + # /root/capsul-init gets deleted after first run + systemd.services.capsul-init = { + serviceConfig.Type = "oneshot"; + unitConfig = { + ConditionPathExists = "/root/capsul-init"; + }; + serviceConfig = { + ExecStart = "/root/capsul-init"; + }; + }; +} diff --git a/nixos/22.05/packer.json b/nixos/22.05/packer.json index 85bee91..d87abec 100644 --- a/nixos/22.05/packer.json +++ b/nixos/22.05/packer.json @@ -46,6 +46,17 @@ "mv /tmp/capsul-init /root/capsul-init", "chmod +x /root/capsul-init" ] + }, + { + "type": "file", + "source": "final-configuration.nix", + "destination": "/etc/nixos/configuration.nix" + }, + { + "type": "shell", + "inline": [ + "nixos-rebuild switch" + ] } ], "builders": [ -- 2.45.2 From be538698f3631ee7d20172a8449af5d40ead098a Mon Sep 17 00:00:00 2001 From: Jes Olson Date: Sun, 17 Jul 2022 17:17:44 -0500 Subject: [PATCH 17/29] Add aynish as an owner of this OS --- nixos/OWNERS | 1 + 1 file changed, 1 insertion(+) create mode 100644 nixos/OWNERS diff --git a/nixos/OWNERS b/nixos/OWNERS new file mode 100644 index 0000000..4f10b4f --- /dev/null +++ b/nixos/OWNERS @@ -0,0 +1 @@ +@aynish:sealight.xyz -- 2.45.2 From 3bf46d9ec7a7cf4561757a478b5348b5bcfce967 Mon Sep 17 00:00:00 2001 From: Jes Olson Date: Sun, 17 Jul 2022 17:20:08 -0500 Subject: [PATCH 18/29] Remove default password for cyberian --- nixos/22.05/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos/22.05/configuration.nix b/nixos/22.05/configuration.nix index 8406b58..bdc377a 100644 --- a/nixos/22.05/configuration.nix +++ b/nixos/22.05/configuration.nix @@ -21,7 +21,6 @@ users.users.cyberian = { isNormalUser = true; - password = "password"; }; users.users.root.password = "password"; -- 2.45.2 From 71c6fe10bd56da18f8a498c1542e89437fe871e5 Mon Sep 17 00:00:00 2001 From: Jes Olson Date: Sun, 17 Jul 2022 17:26:23 -0500 Subject: [PATCH 19/29] Add cleanup tasks, add nano & vi to image, remove git --- nixos/22.05/configuration.nix | 7 +++---- nixos/22.05/final-configuration.nix | 4 ++-- nixos/22.05/packer.json | 4 +++- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/nixos/22.05/configuration.nix b/nixos/22.05/configuration.nix index bdc377a..257ba17 100644 --- a/nixos/22.05/configuration.nix +++ b/nixos/22.05/configuration.nix @@ -8,10 +8,10 @@ ./hardware-configuration.nix ]; - # we always want git and vim + # we always want nano & vi environment.systemPackages = with pkgs; [ - git - vim + vi + nano ]; boot.loader.grub.enable = true; @@ -29,5 +29,4 @@ permitRootLogin = "yes"; passwordAuthentication = true; }; - } diff --git a/nixos/22.05/final-configuration.nix b/nixos/22.05/final-configuration.nix index 2d1f6ff..b7383e3 100644 --- a/nixos/22.05/final-configuration.nix +++ b/nixos/22.05/final-configuration.nix @@ -10,8 +10,8 @@ # we always want git and vim environment.systemPackages = with pkgs; [ - git - vim + nano + vi ]; boot.loader.grub.enable = true; diff --git a/nixos/22.05/packer.json b/nixos/22.05/packer.json index d87abec..d48ac78 100644 --- a/nixos/22.05/packer.json +++ b/nixos/22.05/packer.json @@ -55,7 +55,9 @@ { "type": "shell", "inline": [ - "nixos-rebuild switch" + "nixos-rebuild switch", + "rm -f /etc/ssh/*key*", + "printf '' > /etc/machine-id" ] } ], -- 2.45.2 From 3e0196f7d88122c61c12d39b8638d73972b4526a Mon Sep 17 00:00:00 2001 From: Jes Olson Date: Sun, 17 Jul 2022 17:27:10 -0500 Subject: [PATCH 20/29] Clarify comment --- nixos/22.05/final-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/22.05/final-configuration.nix b/nixos/22.05/final-configuration.nix index b7383e3..4563fe1 100644 --- a/nixos/22.05/final-configuration.nix +++ b/nixos/22.05/final-configuration.nix @@ -8,7 +8,7 @@ ./hardware-configuration.nix ]; - # we always want git and vim + # we always want nano & vi environment.systemPackages = with pkgs; [ nano vi -- 2.45.2 From da7a221ec31208c4360be6a0c6260951995fe225 Mon Sep 17 00:00:00 2001 From: Jes Olson Date: Sun, 17 Jul 2022 17:32:42 -0500 Subject: [PATCH 21/29] Correct systemd config --- nixos/22.05/final-configuration.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nixos/22.05/final-configuration.nix b/nixos/22.05/final-configuration.nix index 4563fe1..526eb18 100644 --- a/nixos/22.05/final-configuration.nix +++ b/nixos/22.05/final-configuration.nix @@ -30,12 +30,14 @@ # Feel free to remove this after first boot # /root/capsul-init gets deleted after first run systemd.services.capsul-init = { - serviceConfig.Type = "oneshot"; + enable = true; unitConfig = { + Type = "oneshot"; ConditionPathExists = "/root/capsul-init"; }; serviceConfig = { ExecStart = "/root/capsul-init"; }; + wantedBy = [ "multi-user.target" ]; }; } -- 2.45.2 From 963aaccd8ae1bfe585a94408c273298d30deab2e Mon Sep 17 00:00:00 2001 From: Jes Olson Date: Sun, 17 Jul 2022 17:39:03 -0500 Subject: [PATCH 22/29] move oneshot to correct location lmao --- nixos/22.05/final-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/22.05/final-configuration.nix b/nixos/22.05/final-configuration.nix index 526eb18..ddb46ce 100644 --- a/nixos/22.05/final-configuration.nix +++ b/nixos/22.05/final-configuration.nix @@ -32,10 +32,10 @@ systemd.services.capsul-init = { enable = true; unitConfig = { - Type = "oneshot"; ConditionPathExists = "/root/capsul-init"; }; serviceConfig = { + Type = "oneshot"; ExecStart = "/root/capsul-init"; }; wantedBy = [ "multi-user.target" ]; -- 2.45.2 From 67137f1ccd4235f973964e418dd2c8a51219ec1b Mon Sep 17 00:00:00 2001 From: Anish Lakhwara Date: Mon, 18 Jul 2022 17:28:56 +1000 Subject: [PATCH 23/29] wheel needs not password --- nixos/22.05/final-configuration.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nixos/22.05/final-configuration.nix b/nixos/22.05/final-configuration.nix index ddb46ce..a29e9fb 100644 --- a/nixos/22.05/final-configuration.nix +++ b/nixos/22.05/final-configuration.nix @@ -11,7 +11,7 @@ # we always want nano & vi environment.systemPackages = with pkgs; [ nano - vi + vim ]; boot.loader.grub.enable = true; @@ -21,7 +21,9 @@ users.users.cyberian = { isNormalUser = true; + extraGroups = [ "wheel" ]; }; + security.sudo.wheelNeedsPassword = false; # We through away the password but we still want root services.openssh = { enable = true; -- 2.45.2 From ce7c6dc0825c02c6c7efc13d43f58e9917757e1a Mon Sep 17 00:00:00 2001 From: Anish Lakhwara Date: Mon, 18 Jul 2022 17:29:08 +1000 Subject: [PATCH 24/29] vi doesn't exist --- nixos/22.05/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/22.05/configuration.nix b/nixos/22.05/configuration.nix index 257ba17..1f88205 100644 --- a/nixos/22.05/configuration.nix +++ b/nixos/22.05/configuration.nix @@ -8,9 +8,9 @@ ./hardware-configuration.nix ]; - # we always want nano & vi + # we always want nano & vim environment.systemPackages = with pkgs; [ - vi + vim nano ]; -- 2.45.2 From 8639493c9d87d63faa04045d5bdb7b41d7f49561 Mon Sep 17 00:00:00 2001 From: Anish Lakhwara Date: Mon, 18 Jul 2022 17:29:18 +1000 Subject: [PATCH 25/29] set random passwords for cyberian and root --- nixos/22.05/capsul-init | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nixos/22.05/capsul-init b/nixos/22.05/capsul-init index fdef65d..daf78f1 100644 --- a/nixos/22.05/capsul-init +++ b/nixos/22.05/capsul-init @@ -15,6 +15,12 @@ chmod 600 "$homedir/.ssh/authorized_keys" chown "$user:$user" "$homedir/.ssh/authorized_keys" +# set random forgotten password for cyberian and root +pass="\$(head /dev/urandom | tr -dc a-z0-9 | head -c30)" +echo "cyberian:\$pass" | chpasswd +pass="\$(head /dev/urandom | tr -dc a-z0-9 | head -c30)" +echo "root:\$pass" | chpasswd + /run/current-system/profile/sbin/resize2fs /dev/vda2 umount /mnt -- 2.45.2 From 07c2f632056983abbb225e2454fb5f6b41ff8a37 Mon Sep 17 00:00:00 2001 From: Anish Lakhwara Date: Mon, 18 Jul 2022 18:43:28 +1000 Subject: [PATCH 26/29] no more password based logins --- nixos/22.05/final-configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/22.05/final-configuration.nix b/nixos/22.05/final-configuration.nix index a29e9fb..93513e7 100644 --- a/nixos/22.05/final-configuration.nix +++ b/nixos/22.05/final-configuration.nix @@ -27,6 +27,7 @@ services.openssh = { enable = true; + passwordAuthentication = false; }; # Feel free to remove this after first boot -- 2.45.2 From 79d69f321722a7cef4b53ab157aa9913025dcc0a Mon Sep 17 00:00:00 2001 From: Anish Lakhwara Date: Mon, 18 Jul 2022 23:47:33 +1000 Subject: [PATCH 27/29] finally working systemd unit. we have to move the script after the generation is built so it doesn't run on rebuild and remove the script (the drive isn't mounted yet) --- nixos/22.05/capsul-init | 4 ++-- nixos/22.05/packer.json | 24 ++++++++++++------------ 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/nixos/22.05/capsul-init b/nixos/22.05/capsul-init index daf78f1..08595fd 100644 --- a/nixos/22.05/capsul-init +++ b/nixos/22.05/capsul-init @@ -13,7 +13,7 @@ grep '\- ssh' /mnt/user-data | cut -d ' ' -f 8- > "$homedir/.ssh/authorized_key chmod 600 "$homedir/.ssh/authorized_keys" -chown "$user:$user" "$homedir/.ssh/authorized_keys" +chown "$user" "$homedir/.ssh/authorized_keys" # set random forgotten password for cyberian and root pass="\$(head /dev/urandom | tr -dc a-z0-9 | head -c30)" @@ -21,7 +21,7 @@ echo "cyberian:\$pass" | chpasswd pass="\$(head /dev/urandom | tr -dc a-z0-9 | head -c30)" echo "root:\$pass" | chpasswd -/run/current-system/profile/sbin/resize2fs /dev/vda2 +resize2fs /dev/vda2 umount /mnt rm /root/capsul-init diff --git a/nixos/22.05/packer.json b/nixos/22.05/packer.json index d48ac78..e74b4f0 100644 --- a/nixos/22.05/packer.json +++ b/nixos/22.05/packer.json @@ -35,18 +35,6 @@ "inline": ["echo 'reconnected after rebooting'"], "pause_before": "30s" }, - { - "type": "file", - "source": "capsul-init", - "destination": "/tmp/capsul-init" - }, - { - "type": "shell", - "inline": [ - "mv /tmp/capsul-init /root/capsul-init", - "chmod +x /root/capsul-init" - ] - }, { "type": "file", "source": "final-configuration.nix", @@ -59,6 +47,18 @@ "rm -f /etc/ssh/*key*", "printf '' > /etc/machine-id" ] + }, + { + "type": "file", + "source": "capsul-init", + "destination": "/tmp/capsul-init" + }, + { + "type": "shell", + "inline": [ + "mv /tmp/capsul-init /root/capsul-init", + "chmod +x /root/capsul-init" + ] } ], "builders": [ -- 2.45.2 From e1a43c1588574b30cfdd10aef2ffd6575f69a0dd Mon Sep 17 00:00:00 2001 From: Anish Lakhwara Date: Mon, 18 Jul 2022 23:48:28 +1000 Subject: [PATCH 28/29] comment --- nixos/22.05/final-configuration.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/22.05/final-configuration.nix b/nixos/22.05/final-configuration.nix index 93513e7..e8c9aa6 100644 --- a/nixos/22.05/final-configuration.nix +++ b/nixos/22.05/final-configuration.nix @@ -23,7 +23,7 @@ isNormalUser = true; extraGroups = [ "wheel" ]; }; - security.sudo.wheelNeedsPassword = false; # We through away the password but we still want root + security.sudo.wheelNeedsPassword = false; # We throw away the password but we still want root services.openssh = { enable = true; @@ -34,6 +34,7 @@ # /root/capsul-init gets deleted after first run systemd.services.capsul-init = { enable = true; + path = [ pkgs.coreutils pkgs.e2fsprogs pkgs.shadow pkgs.mount pkgs.umount ]; unitConfig = { ConditionPathExists = "/root/capsul-init"; }; -- 2.45.2 From 523e92c10ee3c8f387e5299553188433258d2a48 Mon Sep 17 00:00:00 2001 From: Anish Lakhwara Date: Mon, 18 Jul 2022 23:52:49 +1000 Subject: [PATCH 29/29] remove todo --- nixos/TODO.md | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 nixos/TODO.md diff --git a/nixos/TODO.md b/nixos/TODO.md deleted file mode 100644 index ff4e0d4..0000000 --- a/nixos/TODO.md +++ /dev/null @@ -1,2 +0,0 @@ -- test that the systemd module works as intended -- `nixos-delete-generations` -- 2.45.2