blob: 859a64712ee5839f6c4531d5e7c1c55526770369 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
#!/usr/bin/env nix-shell
#!nix-shell -i zsh --packages rsync zsh
setopt ERR_EXIT NO_UNSET PIPE_FAIL
DIR="${0:h}"
TARGET_HOST="${1:-}"
TARGET_USER="${2:-nipsy}"
if [[ "${USERNAME}" != "nixos" ]]; then
echo "ERROR! ${0:t} should be run as the nixos user from a NixOS installer." >&2
exit 1
fi
if [[ -z "$TARGET_HOST" ]]; then
echo "ERROR! ${0:t} requires a hostname as the first argument." >&2
exit 1
fi
if [[ ! -e "${DIR}/../hosts/${TARGET_HOST}/disks.nix" ]]; then
echo "ERROR! ${0:t} could not find the required ${DIR}/../hosts/${TARGET_HOST}/disks.nix." >&2
exit 1
fi
# Check if the machine we're provisioning is using an encrypted pool.
# If it does, prompt for the passphrase, and write to a known location.
if grep -q "data.keyfile" "${DIR}/../hosts/${TARGET_HOST}/disks.nix"; then
while true; do
echo -en "\n${TARGET_HOST} uses ZFS encryption. Enter a passphrase to encrypt your pool: "
read -s pass
echo -e '\n'
if [[ "${#pass}" -lt 8 ]]; then
echo 'ERROR! Passphrase must be at least 8 characters.' >&2
else
break
fi
done
echo -n "${pass}" > /tmp/data.keyfile && chmod 00600 /tmp/data.keyfile
fi
<<EOF
++++++++ The disk(s) in ${TARGET_HOST} are about to get wiped!
WARNING! NixOS will be re-installed on ${TARGET_HOST}.
++++++++ This is a destructive operation!!!
EOF
read -q '?Are you sure? [y/N] '
echo
if [[ "${REPLY}" == "y" ]]; then
sudo true
sudo nix run github:nix-community/disko \
--extra-experimental-features "nix-command flakes" \
--no-write-lock-file \
-- \
--mode zap_create_mount \
"${DIR}/../hosts/${TARGET_HOST}/disks.nix"
# rsync NixOS configuration to target host file system and install the system
sudo mkdir -p /mnt/etc/nixos
sudo rsync -a --delete --exclude .git "${DIR}/.." /mnt/etc/nixos
cd /mnt/etc/nixos
sudo nixos-install --flake ".#${TARGET_HOST}"
fi
|