greg/nix-config
1
0
Fork 0
mirror of https://github.com/gburd/nix-config.git synced 2024-07-12 03:57:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
nix-config/android/_mixins/users/nixos/default.nix
Gregory Burd 6a8f6e2cb6
sync with tcarrio (#7) 
sync with tcarrio
2024-05-23 15:02:20 -04:00

124 lines
3.8 KiB
Nix
Raw Permalink Blame History

{ config, desktop, lib, pkgs, username, ... }:
let
ifExists = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
install-system = pkgs.writeScriptBin "install-system" ''
#!${pkgs.stdenv.shell}
#set -euo pipefail
TARGET_HOST="''${1:-}"
TARGET_USER="''${2:-gburd}"
TARGET_TYPE="''${3:-}"
if [ "$(id -u)" -eq 0 ]; then
echo "ERROR! $(basename "$0") should be run as a regular user"
exit 1
fi
if [ ! -d "$HOME/ws/nix-config/.git" ]; then
git clone https://github.com/gburd/nix-config.git "$HOME/ws/nix-config"
fi
pushd "$HOME/ws/nix-config"
if [[ -z "$TARGET_HOST" ]]; then
echo "ERROR! $(basename "$0") requires a hostname as the first argument"
echo " The following hosts are available"
ls -1 nixos/*/default.nix | cut -d'/' -f2 | grep -v iso
exit 1
fi
if [[ -z "$TARGET_USER" ]]; then
echo "ERROR! $(basename "$0") requires a username as the second argument"
echo " The following users are available"
ls -1 nixos/_mixins/users/ | grep -v -E "nixos|root"
exit 1
fi
if [[ -z "$TARGET_TYPE" ]]; then
echo "ERROR! $(basename "$0") requires a type as the third argument"
echo " The following types are available"
ls -1 nixos/ | grep -v -E "nixos|root|_mixins"
exit 1
fi
TARGET_HOST_ROOT="nixos/$TARGET_TYPE/$TARGET_HOST"
if [ ! -e "$TARGET_HOST_ROOT/disks.nix" ]; then
echo "ERROR! $(basename "$0") could not find the required $TARGET_HOST_ROOT/disks.nix"
exit 1
fi
# Check if the machine we're provisioning expects a keyfile to unlock a disk.
# If it does, generate a new key, and write to a known location.
if grep -q "data.keyfile" "$TARGET_HOST_ROOT/disks.nix"; then
echo -n "$(head -c32 /dev/random | base64)" > /tmp/data.keyfile
fi
echo "WARNING! The disks in $TARGET_HOST are about to get wiped"
echo " NixOS will be re-installed"
echo " This is a destructive operation"
echo
read -p "Are you sure? [y/N]" -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
sudo true
sudo nix run github:nix-community/disko \
--extra-experimental-features "nix-command flakes" \
--no-write-lock-file \
-- \
--mode zap_create_mount \
"$TARGET_HOST_ROOT/disks.nix"
sudo nixos-install --no-root-password --flake ".#$TARGET_HOST"
if [[ "$TARGET_USER" == "root" ]]; then
TARGET_USER_HOME="/mnt/root"
else
TARGET_USER_HOME="/mnt/home/$TARGET_USER"
fi
# Rsync nix-config to the target install and set the remote origin to SSH.
rsync -a --delete "$HOME/ws/" "$TARGET_USER_HOME/ws/"
pushd "$TARGET_USER_HOME/ws/nix-config"
git remote set-url origin git@github.com:gburd/nix-config.git
popd
# If there is a keyfile for a data disk, put copy it to the root partition and
# ensure the permissions are set appropriately.
if [[ -f "/tmp/data.keyfile" ]]; then
sudo cp /tmp/data.keyfile /mnt/etc/data.keyfile
sudo chmod 0400 /mnt/etc/data.keyfile
fi
fi
'';
in
{
# Only include desktop components if one is supplied.
imports = lib.optional (builtins.isString desktop) ./desktop.nix;
config.users.users.nixos = {
description = "NixOS";
extraGroups = [
"audio"
"networkmanager"
"users"
"video"
"wheel"
]
++ ifExists [
"docker"
"podman"
];
homeMode = "0755";
openssh.authorizedKeys.keys = sshMatrix.groups.privileged_users;
packages = [ pkgs.home-manager ];
shell = pkgs.fish;
};
config.system.stateVersion = lib.mkForce lib.trivial.release;
config.environment.systemPackages = [ install-system ];
config.services.kmscon.autologinUser = "${username}";
}
Reference in a new issue View git blame Copy permalink