Bootstrap VM in in one stage

Makefile

@@ -22,50 +22,16 @@ switch:
 test:
 	sudo NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM=1 nixos-rebuild test --flake ".#$(NIXNAME)"
 
-# bootstrap a brand new VM. The VM should have NixOS ISO on the CD drive
-# and just set the password of the root user to "root". This will install
-# NixOS. After installing NixOS, you must reboot and set the root password
-# for the next step.
-#
-# NOTE(mitchellh): I'm sure there is a way to do this and bootstrap all
-# in one step but when I tried to merge them I got errors. One day.
-vm/bootstrap0:
-	ssh $(SSH_OPTIONS) -p$(NIXPORT) root@$(NIXADDR) " \
-		parted /dev/$(NIXBLOCKDEVICE) -- mklabel gpt; \
-		parted /dev/$(NIXBLOCKDEVICE) -- mkpart primary 512MiB -8GiB; \
-		parted /dev/$(NIXBLOCKDEVICE) -- mkpart primary linux-swap -8GiB 100\%; \
-		parted /dev/$(NIXBLOCKDEVICE) -- mkpart ESP fat32 1MiB 512MiB; \
-		parted /dev/$(NIXBLOCKDEVICE) -- set 3 esp on; \
-		mkfs.ext4 -L nixos /dev/$(NIXBLOCKDEVICE)1; \
-		mkswap -L swap /dev/$(NIXBLOCKDEVICE)2; \
-		mkfs.fat -F 32 -n boot /dev/$(NIXBLOCKDEVICE)3; \
-		mount /dev/disk/by-label/nixos /mnt; \
-		mkdir -p /mnt/boot; \
-		mount /dev/disk/by-label/boot /mnt/boot; \
-		nixos-generate-config --root /mnt; \
-		sed --in-place '/system\.stateVersion = .*/a \
-			nix.package = pkgs.nixUnstable;\n \
-			nix.extraOptions = \"experimental-features = nix-command flakes\";\n \
-  			services.openssh.enable = true;\n \
-			services.openssh.passwordAuthentication = true;\n \
-			services.openssh.permitRootLogin = \"yes\";\n \
-			users.users.root.initialPassword = \"root\";\n \
-		' /mnt/etc/nixos/configuration.nix; \
-		nixos-install --no-root-passwd; \
-		reboot; \
-	"
-
-# after bootstrap0, run this to finalize. After this, do everything else
-# in the VM unless secrets change.
+# bootstrap a brand new VM. The VM should have NixOS ISO on the CD drive.
+# After this, do everything else in the VM unless secrets change.
 vm/bootstrap:
 	NIXUSER=root $(MAKE) vm/copy
-	NIXUSER=root $(MAKE) vm/switch
+	NIXUSER=root $(MAKE) vm/install
 	$(MAKE) vm/secrets
 	ssh $(SSH_OPTIONS) -p$(NIXPORT) $(NIXUSER)@$(NIXADDR) " \
 		sudo reboot; \
 	"
 
-
 # copy our secrets into the VM
 vm/secrets:
 	# GPG keyring
@@ -89,11 +55,14 @@ vm/copy:
 		--rsync-path="sudo rsync" \
 		$(MAKEFILE_DIR)/ $(NIXUSER)@$(NIXADDR):/nix-config
 
-# run the nixos-rebuild switch command. This does NOT copy files so you
+# run the nixos-install command. This does NOT copy files so you
 # have to run vm/copy before.
-vm/switch:
+vm/install:
 	ssh $(SSH_OPTIONS) -p$(NIXPORT) $(NIXUSER)@$(NIXADDR) " \
-		sudo NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM=1 nixos-rebuild switch --flake \"/nix-config#${NIXNAME}\" \
+		sudo nix-shell \
+			--argstr blockDevice $(NIXBLOCKDEVICE) \
+			--argstr systemName $(NIXNAME) \
+			/nix-config/bootstrap \
 	"
 
 # Build an ISO image

README.md

@@ -116,16 +116,8 @@ configuration is used:
 $ export NIXNAME=vm-aarch64
 ```
 
-Perform the initial bootstrap. This will install NixOS on the VM disk image
-but will not setup any other configurations yet. This prepares the VM for
-any NixOS customization:
-
-```
-$ make vm/bootstrap0
-```
-
-After the VM reboots, run the full bootstrap, this will finalize the
-NixOS customization using this configuration:
+Perform the bootstrap. This will install NixOS on the VM disk image together
+with customizations using this configuration:
 
 ```
 $ make vm/bootstrap

bootstrap/default.nix

@@ -0,0 +1,31 @@
+{ pkgs ? import <nixpkgs> {}
+, blockDevice ? "sda"
+, systemName ? "vm-intel"
+}:
+
+pkgs.mkShell {
+  buildInputs = [
+    # needs at least Nix v2.4 for flake support
+    pkgs.nixUnstable
+    pkgs.parted
+  ];
+  shellHook = ''
+    set -e -u -o pipefail
+
+    # https://nixos.org/manual/nixos/stable/#sec-installation
+    echo "Installing NixOS system "${systemName}" on /dev/${blockDevice}"
+    parted /dev/${blockDevice} -- mklabel gpt
+    parted /dev/${blockDevice} -- mkpart primary 512MiB -8GiB
+    parted /dev/${blockDevice} -- mkpart primary linux-swap -8GiB 100%
+    parted /dev/${blockDevice} -- mkpart ESP fat32 1MiB 512MiB
+    parted /dev/${blockDevice} -- set 3 esp on
+    mkfs.ext4 -L nixos /dev/${blockDevice}1
+    mkswap -L swap /dev/${blockDevice}2
+    mkfs.fat -F 32 -n boot /dev/${blockDevice}3
+    mount /dev/disk/by-label/nixos /mnt
+    mkdir -p /mnt/boot
+    mount /dev/disk/by-label/boot /mnt/boot
+    NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM=1 nixos-install --flake "/nix-config#${systemName}" --no-root-passwd -v
+    #reboot
+  '';
+}