aynish-nixos #3
8 changed files with 212 additions and 0 deletions
27
nixos/22.05/capsul-init
Normal file
27
nixos/22.05/capsul-init
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
user=cyberian
|
||||||
|
homedir="/home/$user"
|
||||||
|
|
||||||
|
mkdir -p "$homedir/.ssh"
|
||||||
|
chmod 700 "$homedir/.ssh"
|
||||||
|
chown -R "$user:$user" "$homedir"
|
||||||
|
|
||||||
|
mount -t iso9660 -o ro /dev/sr0 /mnt
|
||||||
|
|
||||||
|
grep '\- ssh' /mnt/user-data | cut -d ' ' -f 8- > "$homedir/.ssh/authorized_keys"
|
||||||
|
|
||||||
|
chmod 600 "$homedir/.ssh/authorized_keys"
|
||||||
|
|
||||||
|
chown "$user" "$homedir/.ssh/authorized_keys"
|
||||||
|
|
||||||
|
# set random forgotten password for cyberian and root
|
||||||
|
pass="\$(head /dev/urandom | tr -dc a-z0-9 | head -c30)"
|
||||||
|
echo "cyberian:\$pass" | chpasswd
|
||||||
|
pass="\$(head /dev/urandom | tr -dc a-z0-9 | head -c30)"
|
||||||
|
echo "root:\$pass" | chpasswd
|
||||||
|
|
||||||
|
resize2fs /dev/vda2
|
||||||
|
|
||||||
|
umount /mnt
|
||||||
|
rm /root/capsul-init
|
32
nixos/22.05/configuration.nix
Normal file
32
nixos/22.05/configuration.nix
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
# this configuration is intended to give us ssh
|
||||||
|
# access to the build machine
|
||||||
|
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# we always want nano & vim
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
vim
|
||||||
|
nano
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
boot.loader.grub.version = 2;
|
||||||
|
boot.loader.grub.device = "/dev/vda";
|
||||||
|
system.stateVersion = "22.05";
|
||||||
|
|
||||||
|
users.users.cyberian = {
|
||||||
|
isNormalUser = true;
|
||||||
|
};
|
||||||
|
users.users.root.password = "password";
|
||||||
|
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
permitRootLogin = "yes";
|
||||||
|
passwordAuthentication = true;
|
||||||
|
};
|
||||||
|
}
|
47
nixos/22.05/final-configuration.nix
Normal file
47
nixos/22.05/final-configuration.nix
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
# this configuration is meant to be the final
|
||||||
|
# handed over to the user
|
||||||
|
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# we always want nano & vi
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
nano
|
||||||
|
vim
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
boot.loader.grub.version = 2;
|
||||||
|
boot.loader.grub.device = "/dev/vda";
|
||||||
|
system.stateVersion = "22.05";
|
||||||
|
|
||||||
|
users.users.cyberian = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "wheel" ];
|
||||||
|
};
|
||||||
|
security.sudo.wheelNeedsPassword = false; # We throw away the password but we still want root
|
||||||
|
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
passwordAuthentication = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Feel free to remove this after first boot
|
||||||
|
# /root/capsul-init gets deleted after first run
|
||||||
|
systemd.services.capsul-init = {
|
||||||
|
enable = true;
|
||||||
|
path = [ pkgs.coreutils pkgs.e2fsprogs pkgs.shadow pkgs.mount pkgs.umount ];
|
||||||
|
unitConfig = {
|
||||||
|
ConditionPathExists = "/root/capsul-init";
|
||||||
|
};
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
ExecStart = "/root/capsul-init";
|
||||||
|
};
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
};
|
||||||
|
}
|
91
nixos/22.05/packer.json
Normal file
91
nixos/22.05/packer.json
Normal file
|
@ -0,0 +1,91 @@
|
||||||
|
{
|
||||||
|
"variables": {
|
||||||
|
"iso_url": "https://releases.nixos.org/nixos/22.05/nixos-22.05.1700.365e1b3a859/nixos-minimal-22.05.1700.365e1b3a859-x86_64-linux.iso",
|
||||||
|
"iso_checksum": "aa9eeb04a491a84036368a93545400d79d16d281d4b7a29979bbb4f8476f9b81",
|
||||||
|
"qcow2_image": "nixos-minimal-22.05-x86_64"
|
||||||
|
},
|
||||||
|
"provisioners": [
|
||||||
|
{
|
||||||
|
"type": "shell",
|
||||||
|
"script": "post-install.sh"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "file",
|
||||||
|
"source": "configuration.nix",
|
||||||
|
"destination": "/mnt/etc/nixos/configuration.nix"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "shell",
|
||||||
|
"inline": [
|
||||||
|
"nixos-install"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "file",
|
||||||
|
"source": "trigger-reboot",
|
||||||
|
"destination": "/tmp/trigger-reboot"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "shell",
|
||||||
|
"inline": ["echo 'executing trigger-reboot...' && /tmp/trigger-reboot & exit 0"],
|
||||||
|
"expect_disconnect": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "shell",
|
||||||
|
"inline": ["echo 'reconnected after rebooting'"],
|
||||||
|
"pause_before": "30s"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "file",
|
||||||
|
"source": "final-configuration.nix",
|
||||||
|
"destination": "/etc/nixos/configuration.nix"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "shell",
|
||||||
|
"inline": [
|
||||||
|
"nixos-rebuild switch",
|
||||||
|
"rm -f /etc/ssh/*key*",
|
||||||
|
"printf '' > /etc/machine-id"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "file",
|
||||||
|
"source": "capsul-init",
|
||||||
|
"destination": "/tmp/capsul-init"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "shell",
|
||||||
|
"inline": [
|
||||||
|
"mv /tmp/capsul-init /root/capsul-init",
|
||||||
|
"chmod +x /root/capsul-init"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"builders": [
|
||||||
|
{
|
||||||
|
"type": "qemu",
|
||||||
|
"headless": true,
|
||||||
|
"iso_url": "{{user `iso_url`}}",
|
||||||
|
"iso_checksum": "{{user `iso_checksum`}}",
|
||||||
|
"vm_name": "{{user `qcow2_image`}}.qcow2",
|
||||||
|
"cpus": 2,
|
||||||
|
"memory": 2048,
|
||||||
|
"disk_interface": "virtio",
|
||||||
|
"disk_size": 25600,
|
||||||
|
"disk_compression": true,
|
||||||
|
"disk_cache": "unsafe",
|
||||||
|
"http_directory": ".",
|
||||||
|
"boot_wait": "110s",
|
||||||
|
"boot_command": [
|
||||||
|
"sudo su<enter><wait1s>",
|
||||||
|
"passwd root<enter><wait1s>",
|
||||||
|
"password<enter><wait1s>",
|
||||||
|
"password<enter>"
|
||||||
|
],
|
||||||
|
"ssh_username": "root",
|
||||||
|
"ssh_password": "password",
|
||||||
|
"ssh_wait_timeout": "20m",
|
||||||
|
"shutdown_command": "shutdown"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
6
nixos/22.05/post-install.sh
Executable file
6
nixos/22.05/post-install.sh
Executable file
|
@ -0,0 +1,6 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
parted -s --align=none /dev/vda mktable gpt mkpart primary ext2 0 2MB mkpart primary ext2 2MB 100% set 1 bios_grub on
|
||||||
|
mkfs.ext4 -L root /dev/vda2
|
||||||
|
mount LABEL=root /mnt
|
||||||
|
nixos-generate-config --root /mnt
|
4
nixos/22.05/trigger-reboot
Executable file
4
nixos/22.05/trigger-reboot
Executable file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
sleep 4
|
||||||
|
reboot
|
1
nixos/OWNERS
Normal file
1
nixos/OWNERS
Normal file
|
@ -0,0 +1 @@
|
||||||
|
@aynish:sealight.xyz
|
4
nixos/build
Executable file
4
nixos/build
Executable file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
|||||||
|
cd $1
|
||||||
|
packer build packer.json
|
Loading…
Reference in a new issue
probably want
set -u
since this script won't work without arg1