blob: 4f7943e5d4e1f9943b7c00ecbb667a2394b8f033 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
{
description = "Minimal NixOS installation media";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
outputs =
{
self,
nixpkgs,
}:
{
packages.x86_64-linux.default = self.nixosConfigurations.chaos.config.system.build.isoImage;
nixosConfigurations.chaos = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
(
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ];
boot.kernelParams = [ "console=ttyS0,115200n8" ];
boot.loader.grub.extraConfig = ''
serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1
terminal_input serial
terminal_output serial
'';
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
programs.git = {
enable = true;
config.user = {
name = "Root user of ${config.networking.hostName}";
email = "root@${config.networking.hostName}";
};
};
networking = {
hostName = "chaos";
networkmanager.enable = lib.mkForce false;
wireless = {
enable = true;
networks.Quentinternational.pskRaw = "ext:hotspot";
networks.Quentintranet.pskRaw = "ext:home";
secretsFile = "/run/wpa_supplicant.secrets";
};
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4wGbl3++lqCjLUhoRyABBrVEeNhIXYO4371srkRoyq qaristote@latitude-7490"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEvPsKWQXX/QsFQjJU0CjG4LllvUVZme45d9JeS/yhLt qaristote@precision-3571"
];
time.timeZone = "Europe/Paris";
i18n = {
defaultLocale = "fr_FR.UTF-8";
extraLocaleSettings.LANG = "en_US.UTF-8";
};
console = {
"font" = "Lat2-Terminus32";
keyMap = "fr";
};
environment.systemPackages = with pkgs; [
vim
(pkgs.writeShellApplication {
name = "connect-wifi";
text = ''
vim ${config.networking.wireless.secretsFile}
systemctl restart wpa_supplicant.service
journalctl -xfeu wpa_supplicant.service
'';
})
(pkgs.writeShellApplication {
name = "format-disk";
text = ''
DISK=/dev/"$1"
# create crypt
cryptsetup luksFormat "$DISK"2
cryptsetup luksOpen "$DISK"2 crypt
until [ -e /dev/nixos ]
do
sleep 1
done
# split into logical volumes
pvcreate /dev/mapper/crypt
vgcreate nixos /dev/mapper/crypt
echo '==================================================================='
echo '==================================================================='
echo ' lsmem'
echo '==================================================================='
lsmem
echo '==================================================================='
echo 'Input swapsize:'
read -r SWAPSIZE
lvcreate -L "$SWAPSIZE" --name swap nixos
lvcreate -l 100%FREE --name root nixos
# mount
mkswap /dev/nixos/swap
mkfs.ext4 /dev/nixos/root
mount /dev/nixos/root /mnt
# create luks keys
mkdir --parents /mnt/etc/luks/keys && pushd "$_"
dd bs=1k count=4 if=/dev/random of=master
dd bs=1k count=4 if=/dev/random of=tmp
chmod 400 master tmp
cryptsetup luksAddKey "$DISK"2
popd
'';
})
(pkgs.writeShellApplication {
name = "mount-system";
text = ''
DISK=/dev/"$1"
cryptsetup open "$DISK"2 crypt
until [ -e /dev/nixos ]
do
sleep 1
done
mount /dev/nixos/root /mnt
swapon /dev/nixos/swap
mount "$DISK"1 /mnt/boot
'';
})
(pkgs.writeShellApplication {
name = "write-secrets";
text = ''
for SERVICE in wpa_supplicant msmtp
do
DIR=/mnt/etc/"$SERVICE"
mkdir --parents "$DIR"
vim "$DIR"/secrets
chmod 500 "$DIR"/secrets || true
rm --dir "$DIR" || true
done
'';
})
];
}
)
];
};
};
}
|
