From ac16b1b242fdb7c95a7e767457429211f1a6da05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jarno=20Sepp=C3=A4nen?= Date: Sun, 13 Feb 2022 18:42:23 +0200 Subject: [PATCH] Bootstrap VM in in one stage --- Makefile | 49 ++++++++----------------------------------- README.md | 12 ++--------- bootstrap/default.nix | 31 +++++++++++++++++++++++++++ 3 files changed, 42 insertions(+), 50 deletions(-) create mode 100644 bootstrap/default.nix diff --git a/Makefile b/Makefile index 51de8aca..a7ea4bb5 100644 --- a/Makefile +++ b/Makefile @@ -22,50 +22,16 @@ switch: test: sudo NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM=1 nixos-rebuild test --flake ".#$(NIXNAME)" -# bootstrap a brand new VM. The VM should have NixOS ISO on the CD drive -# and just set the password of the root user to "root". This will install -# NixOS. After installing NixOS, you must reboot and set the root password -# for the next step. -# -# NOTE(mitchellh): I'm sure there is a way to do this and bootstrap all -# in one step but when I tried to merge them I got errors. One day. -vm/bootstrap0: - ssh $(SSH_OPTIONS) -p$(NIXPORT) root@$(NIXADDR) " \ - parted /dev/$(NIXBLOCKDEVICE) -- mklabel gpt; \ - parted /dev/$(NIXBLOCKDEVICE) -- mkpart primary 512MiB -8GiB; \ - parted /dev/$(NIXBLOCKDEVICE) -- mkpart primary linux-swap -8GiB 100\%; \ - parted /dev/$(NIXBLOCKDEVICE) -- mkpart ESP fat32 1MiB 512MiB; \ - parted /dev/$(NIXBLOCKDEVICE) -- set 3 esp on; \ - mkfs.ext4 -L nixos /dev/$(NIXBLOCKDEVICE)1; \ - mkswap -L swap /dev/$(NIXBLOCKDEVICE)2; \ - mkfs.fat -F 32 -n boot /dev/$(NIXBLOCKDEVICE)3; \ - mount /dev/disk/by-label/nixos /mnt; \ - mkdir -p /mnt/boot; \ - mount /dev/disk/by-label/boot /mnt/boot; \ - nixos-generate-config --root /mnt; \ - sed --in-place '/system\.stateVersion = .*/a \ - nix.package = pkgs.nixUnstable;\n \ - nix.extraOptions = \"experimental-features = nix-command flakes\";\n \ - services.openssh.enable = true;\n \ - services.openssh.passwordAuthentication = true;\n \ - services.openssh.permitRootLogin = \"yes\";\n \ - users.users.root.initialPassword = \"root\";\n \ - ' /mnt/etc/nixos/configuration.nix; \ - nixos-install --no-root-passwd; \ - reboot; \ - " - -# after bootstrap0, run this to finalize. After this, do everything else -# in the VM unless secrets change. +# bootstrap a brand new VM. The VM should have NixOS ISO on the CD drive. +# After this, do everything else in the VM unless secrets change. vm/bootstrap: NIXUSER=root $(MAKE) vm/copy - NIXUSER=root $(MAKE) vm/switch + NIXUSER=root $(MAKE) vm/install $(MAKE) vm/secrets ssh $(SSH_OPTIONS) -p$(NIXPORT) $(NIXUSER)@$(NIXADDR) " \ sudo reboot; \ " - # copy our secrets into the VM vm/secrets: # GPG keyring @@ -89,11 +55,14 @@ vm/copy: --rsync-path="sudo rsync" \ $(MAKEFILE_DIR)/ $(NIXUSER)@$(NIXADDR):/nix-config -# run the nixos-rebuild switch command. This does NOT copy files so you +# run the nixos-install command. This does NOT copy files so you # have to run vm/copy before. -vm/switch: +vm/install: ssh $(SSH_OPTIONS) -p$(NIXPORT) $(NIXUSER)@$(NIXADDR) " \ - sudo NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM=1 nixos-rebuild switch --flake \"/nix-config#${NIXNAME}\" \ + sudo nix-shell \ + --argstr blockDevice $(NIXBLOCKDEVICE) \ + --argstr systemName $(NIXNAME) \ + /nix-config/bootstrap \ " # Build an ISO image diff --git a/README.md b/README.md index daadf0b3..90bc66e7 100644 --- a/README.md +++ b/README.md @@ -116,16 +116,8 @@ configuration is used: $ export NIXNAME=vm-aarch64 ``` -Perform the initial bootstrap. This will install NixOS on the VM disk image -but will not setup any other configurations yet. This prepares the VM for -any NixOS customization: - -``` -$ make vm/bootstrap0 -``` - -After the VM reboots, run the full bootstrap, this will finalize the -NixOS customization using this configuration: +Perform the bootstrap. This will install NixOS on the VM disk image together +with customizations using this configuration: ``` $ make vm/bootstrap diff --git a/bootstrap/default.nix b/bootstrap/default.nix new file mode 100644 index 00000000..7479e4b7 --- /dev/null +++ b/bootstrap/default.nix @@ -0,0 +1,31 @@ +{ pkgs ? import {} +, blockDevice ? "sda" +, systemName ? "vm-intel" +}: + +pkgs.mkShell { + buildInputs = [ + # needs at least Nix v2.4 for flake support + pkgs.nixUnstable + pkgs.parted + ]; + shellHook = '' + set -e -u -o pipefail + + # https://nixos.org/manual/nixos/stable/#sec-installation + echo "Installing NixOS system "${systemName}" on /dev/${blockDevice}" + parted /dev/${blockDevice} -- mklabel gpt + parted /dev/${blockDevice} -- mkpart primary 512MiB -8GiB + parted /dev/${blockDevice} -- mkpart primary linux-swap -8GiB 100% + parted /dev/${blockDevice} -- mkpart ESP fat32 1MiB 512MiB + parted /dev/${blockDevice} -- set 3 esp on + mkfs.ext4 -L nixos /dev/${blockDevice}1 + mkswap -L swap /dev/${blockDevice}2 + mkfs.fat -F 32 -n boot /dev/${blockDevice}3 + mount /dev/disk/by-label/nixos /mnt + mkdir -p /mnt/boot + mount /dev/disk/by-label/boot /mnt/boot + NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM=1 nixos-install --flake "/nix-config#${systemName}" --no-root-passwd -v + #reboot + ''; +}