aynish-nixos #3
|
|
@ -0,0 +1,27 @@
|
|||
#!/bin/sh
|
||||
|
||||
user=cyberian
|
||||
homedir="/home/$user"
|
||||
|
||||
mkdir -p "$homedir/.ssh"
|
||||
chmod 700 "$homedir/.ssh"
|
||||
chown -R "$user:$user" "$homedir"
|
||||
|
||||
mount -t iso9660 -o ro /dev/sr0 /mnt
|
||||
|
||||
grep '\- ssh' /mnt/user-data | cut -d ' ' -f 8- > "$homedir/.ssh/authorized_keys"
|
||||
|
||||
chmod 600 "$homedir/.ssh/authorized_keys"
|
||||
|
||||
chown "$user" "$homedir/.ssh/authorized_keys"
|
||||
|
||||
# set random forgotten password for cyberian and root
|
||||
pass="\$(head /dev/urandom | tr -dc a-z0-9 | head -c30)"
|
||||
echo "cyberian:\$pass" | chpasswd
|
||||
pass="\$(head /dev/urandom | tr -dc a-z0-9 | head -c30)"
|
||||
echo "root:\$pass" | chpasswd
|
||||
|
||||
resize2fs /dev/vda2
|
||||
|
||||
umount /mnt
|
||||
rm /root/capsul-init
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
# this configuration is intended to give us ssh
|
||||
# access to the build machine
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
# we always want nano & vim
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim
|
||||
nano
|
||||
];
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
boot.loader.grub.device = "/dev/vda";
|
||||
system.stateVersion = "22.05";
|
||||
|
||||
users.users.cyberian = {
|
||||
isNormalUser = true;
|
||||
};
|
||||
users.users.root.password = "password";
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
permitRootLogin = "yes";
|
||||
passwordAuthentication = true;
|
||||
};
|
||||
}
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
# this configuration is meant to be the final
|
||||
# handed over to the user
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
# we always want nano & vi
|
||||
environment.systemPackages = with pkgs; [
|
||||
nano
|
||||
vim
|
||||
];
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
boot.loader.grub.device = "/dev/vda";
|
||||
system.stateVersion = "22.05";
|
||||
|
||||
users.users.cyberian = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
};
|
||||
security.sudo.wheelNeedsPassword = false; # We throw away the password but we still want root
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
passwordAuthentication = false;
|
||||
};
|
||||
|
||||
# Feel free to remove this after first boot
|
||||
# /root/capsul-init gets deleted after first run
|
||||
systemd.services.capsul-init = {
|
||||
enable = true;
|
||||
path = [ pkgs.coreutils pkgs.e2fsprogs pkgs.shadow pkgs.mount pkgs.umount ];
|
||||
unitConfig = {
|
||||
ConditionPathExists = "/root/capsul-init";
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "/root/capsul-init";
|
||||
};
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
}
|
||||
|
|
@ -0,0 +1,91 @@
|
|||
{
|
||||
"variables": {
|
||||
"iso_url": "https://releases.nixos.org/nixos/22.05/nixos-22.05.1700.365e1b3a859/nixos-minimal-22.05.1700.365e1b3a859-x86_64-linux.iso",
|
||||
"iso_checksum": "aa9eeb04a491a84036368a93545400d79d16d281d4b7a29979bbb4f8476f9b81",
|
||||
"qcow2_image": "nixos-minimal-22.05-x86_64"
|
||||
},
|
||||
"provisioners": [
|
||||
{
|
||||
"type": "shell",
|
||||
"script": "post-install.sh"
|
||||
},
|
||||
{
|
||||
"type": "file",
|
||||
"source": "configuration.nix",
|
||||
"destination": "/mnt/etc/nixos/configuration.nix"
|
||||
},
|
||||
{
|
||||
"type": "shell",
|
||||
"inline": [
|
||||
"nixos-install"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "file",
|
||||
"source": "trigger-reboot",
|
||||
"destination": "/tmp/trigger-reboot"
|
||||
},
|
||||
{
|
||||
"type": "shell",
|
||||
"inline": ["echo 'executing trigger-reboot...' && /tmp/trigger-reboot & exit 0"],
|
||||
"expect_disconnect": true
|
||||
},
|
||||
{
|
||||
"type": "shell",
|
||||
"inline": ["echo 'reconnected after rebooting'"],
|
||||
"pause_before": "30s"
|
||||
},
|
||||
{
|
||||
"type": "file",
|
||||
"source": "final-configuration.nix",
|
||||
"destination": "/etc/nixos/configuration.nix"
|
||||
},
|
||||
{
|
||||
"type": "shell",
|
||||
"inline": [
|
||||
"nixos-rebuild switch",
|
||||
"rm -f /etc/ssh/*key*",
|
||||
"printf '' > /etc/machine-id"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "file",
|
||||
"source": "capsul-init",
|
||||
"destination": "/tmp/capsul-init"
|
||||
},
|
||||
{
|
||||
"type": "shell",
|
||||
"inline": [
|
||||
"mv /tmp/capsul-init /root/capsul-init",
|
||||
"chmod +x /root/capsul-init"
|
||||
]
|
||||
}
|
||||
],
|
||||
"builders": [
|
||||
{
|
||||
"type": "qemu",
|
||||
"headless": true,
|
||||
"iso_url": "{{user `iso_url`}}",
|
||||
"iso_checksum": "{{user `iso_checksum`}}",
|
||||
"vm_name": "{{user `qcow2_image`}}.qcow2",
|
||||
"cpus": 2,
|
||||
"memory": 2048,
|
||||
"disk_interface": "virtio",
|
||||
"disk_size": 25600,
|
||||
"disk_compression": true,
|
||||
"disk_cache": "unsafe",
|
||||
"http_directory": ".",
|
||||
"boot_wait": "110s",
|
||||
"boot_command": [
|
||||
"sudo su<enter><wait1s>",
|
||||
"passwd root<enter><wait1s>",
|
||||
"password<enter><wait1s>",
|
||||
"password<enter>"
|
||||
],
|
||||
"ssh_username": "root",
|
||||
"ssh_password": "password",
|
||||
"ssh_wait_timeout": "20m",
|
||||
"shutdown_command": "shutdown"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
parted -s --align=none /dev/vda mktable gpt mkpart primary ext2 0 2MB mkpart primary ext2 2MB 100% set 1 bios_grub on
|
||||
mkfs.ext4 -L root /dev/vda2
|
||||
mount LABEL=root /mnt
|
||||
nixos-generate-config --root /mnt
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
#!/bin/sh
|
||||
|
||||
sleep 4
|
||||
reboot
|
||||
|
|
@ -0,0 +1 @@
|
|||
@aynish:sealight.xyz
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
#!/bin/sh
|
||||
|
||||
|
|
||||
cd $1
|
||||
packer build packer.json
|
||||
Loading…
Reference in New Issue
probably want
set -usince this script won't work without arg1