Compare commits
3 Commits
ee628b296c
...
0364bd5aeb
| Author | SHA1 | Date | |
|---|---|---|---|
0364bd5aeb
|
|||
|
83b3f4de85
|
|||
|
e2ba51580b
|
@ -184,7 +184,8 @@
|
||||
interfaces.${eth_interface} = {
|
||||
ipv4.addresses = [
|
||||
{
|
||||
address = "10.1.1.102";
|
||||
address = "192.168.1.50";
|
||||
# address = "10.1.1.102";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
@ -196,7 +197,8 @@
|
||||
];
|
||||
};
|
||||
defaultGateway = {
|
||||
address = "10.1.1.1";
|
||||
#address = "10.1.1.1";
|
||||
address = "192.168.1.1";
|
||||
interface = eth_interface;
|
||||
};
|
||||
# TODO! fix this
|
||||
|
||||
42
flake.lock
generated
42
flake.lock
generated
@ -10,11 +10,11 @@
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1760836749,
|
||||
"narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
|
||||
"lastModified": 1761656077,
|
||||
"narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a",
|
||||
"rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -319,11 +319,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1761528310,
|
||||
"narHash": "sha256-yUSr9xEJCt5JZjhQyzotu0KmNzykQlbsGe4mnqsR+SU=",
|
||||
"lastModified": 1761848543,
|
||||
"narHash": "sha256-DvFpvmtFMeXUNxzd7OZ/Nzj0PeXKe3Sh8gN8xgRb8+I=",
|
||||
"owner": "ggml-org",
|
||||
"repo": "llama.cpp",
|
||||
"rev": "75cbdd3fce38ea12d50cd19e73a069aa5dbbd5fa",
|
||||
"rev": "16724b5b6836a2d4b8936a5824d2ff27c52b4517",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -341,11 +341,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1761530861,
|
||||
"narHash": "sha256-VMhre9pdUAT6TDo0KV1kOjtZywCEoBowKRYSaa7KHP0=",
|
||||
"lastModified": 1761703457,
|
||||
"narHash": "sha256-nXOEEmPmE3RSzNntpDu17p2SpQ1rNDCXlHpMucJCef0=",
|
||||
"owner": "Infinidoge",
|
||||
"repo": "nix-minecraft",
|
||||
"rev": "c90769ae2c7d46fdadcdb81e09a97137b3b87891",
|
||||
"rev": "8b74b9b65a97d9e2541a9fd28d79d91413e9bda1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -356,11 +356,11 @@
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1760958188,
|
||||
"narHash": "sha256-2m1S4jl+GEDtlt2QqeHil8Ny456dcGSKJAM7q3j/BFU=",
|
||||
"lastModified": 1761827175,
|
||||
"narHash": "sha256-XdPVSYyIBK4/ruoqujaQmmSGg3J2/EenexV9IEXhr6o=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "d6645c340ef7d821602fd2cd199e8d1eed10afbc",
|
||||
"rev": "43ffe9ac82567512abb83187cb673de1091bdfa8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -372,11 +372,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1761468971,
|
||||
"narHash": "sha256-vY2OLVg5ZTobdroQKQQSipSIkHlxOTrIF1fsMzPh8w8=",
|
||||
"lastModified": 1761597516,
|
||||
"narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "78e34d1667d32d8a0ffc3eba4591ff256e80576e",
|
||||
"rev": "daf6dc47aa4b44791372d6139ab7b25269184d55",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -487,11 +487,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1761526984,
|
||||
"narHash": "sha256-o63BGWD4HtDEGdhzJwW6Sa7zTB1b3NA35QKM03VtL64=",
|
||||
"lastModified": 1761825566,
|
||||
"narHash": "sha256-RG1Z8nkvFcZzuIavlVfUsRISBFKET12yUVaLqvtX+SI=",
|
||||
"owner": "nix-community",
|
||||
"repo": "srvos",
|
||||
"rev": "109abf3c735c3cde590f22c484e28a71cca8b27c",
|
||||
"rev": "6b4d766155b07e5d9c14a0c761b495ac9d25a8ae",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -548,11 +548,11 @@
|
||||
"trackerlist": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1761520240,
|
||||
"narHash": "sha256-3zsEtl77eQD61/7s9zJ9K3AuY7YQ7q41R4jK43ZZ8Ao=",
|
||||
"lastModified": 1761779437,
|
||||
"narHash": "sha256-hYHo/6/5t909MtrZBvhM8a6+Ahdg2rd3y7oaRok1QSg=",
|
||||
"owner": "ngosang",
|
||||
"repo": "trackerslist",
|
||||
"rev": "5de358f0163906c3d7e542f0406473defb349d09",
|
||||
"rev": "f33b8a170f1faf6b51d208868a884413d5e5d980",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
59
install.sh
Executable file
59
install.sh
Executable file
@ -0,0 +1,59 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
DISK="${1:-}"
|
||||
FLAKE_DIR="$(dirname "$(realpath "$0")")"
|
||||
|
||||
if [[ -z "$DISK" ]]; then
|
||||
echo "Usage: $0 <disk_device>"
|
||||
echo "Example: $0 /dev/nvme0n1"
|
||||
echo " $0 /dev/sda"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ ! -b "$DISK" ]]; then
|
||||
echo "Error: $DISK is not a block device"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Installing NixOS to $DISK using flake at $FLAKE_DIR"
|
||||
|
||||
# Create temporary directory for secureboot keys
|
||||
mkdir -p /tmp/secureboot
|
||||
|
||||
# Function to cleanup on exit
|
||||
cleanup() {
|
||||
echo "Cleaning up..."
|
||||
rm -rf /tmp/secureboot 2>/dev/null || true
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
# Decrypt secureboot keys using the key in the repo
|
||||
echo "Decrypting secureboot keys..."
|
||||
if [[ ! -f "$FLAKE_DIR/usb-secrets/usb-secrets/usb-secrets-key" ]]; then
|
||||
echo "Error: usb-secrets-key not found at $FLAKE_DIR/usb-secrets/usb-secrets/usb-secrets-key"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
nix-shell -p age --run "age -d -i '$FLAKE_DIR/usb-secrets/usb-secrets/usb-secrets-key' '$FLAKE_DIR/secrets/secureboot.tar.age'" | \
|
||||
tar -x -C /tmp/secureboot
|
||||
|
||||
echo "Secureboot keys extracted"
|
||||
|
||||
# Check if disko-install is available
|
||||
if ! command -v disko-install >/dev/null 2>&1; then
|
||||
echo "Running disko-install via nix..."
|
||||
DISKO_INSTALL="nix run github:nix-community/disko#disko-install --"
|
||||
else
|
||||
DISKO_INSTALL="disko-install"
|
||||
fi
|
||||
|
||||
echo "Running disko-install to partition, format, and install NixOS..."
|
||||
|
||||
# Run disko-install with secureboot keys available
|
||||
sudo $DISKO_INSTALL \
|
||||
--mode format \
|
||||
--flake "$FLAKE_DIR#muffin" \
|
||||
--disk main "$DISK" \
|
||||
--extra-files /tmp/secureboot /etc/secureboot \
|
||||
--extra-files "$FLAKE_DIR/usb-secrets/usb-secrets" /mnt/usb-secrets
|
||||
@ -22,11 +22,19 @@
|
||||
deps = [ "agenix" ];
|
||||
text = ''
|
||||
#!/bin/sh
|
||||
rm -fr ${config.boot.lanzaboote.pkiBundle} || true
|
||||
mkdir -p ${config.boot.lanzaboote.pkiBundle}
|
||||
${pkgs.gnutar}/bin/tar xf ${config.age.secrets.secureboot-tar.path} -C ${config.boot.lanzaboote.pkiBundle}
|
||||
chown -R root:wheel ${config.boot.lanzaboote.pkiBundle}
|
||||
chmod -R 500 ${config.boot.lanzaboote.pkiBundle}
|
||||
# Check if keys already exist (e.g., from disko-install)
|
||||
if [[ -d ${config.boot.lanzaboote.pkiBundle} && -f ${config.boot.lanzaboote.pkiBundle}/db.key ]]; then
|
||||
echo "Secureboot keys already present, skipping extraction"
|
||||
chown -R root:wheel ${config.boot.lanzaboote.pkiBundle}
|
||||
chmod -R 500 ${config.boot.lanzaboote.pkiBundle}
|
||||
else
|
||||
echo "Extracting secureboot keys from agenix"
|
||||
rm -fr ${config.boot.lanzaboote.pkiBundle} || true
|
||||
mkdir -p ${config.boot.lanzaboote.pkiBundle}
|
||||
${pkgs.gnutar}/bin/tar xf ${config.age.secrets.secureboot-tar.path} -C ${config.boot.lanzaboote.pkiBundle}
|
||||
chown -R root:wheel ${config.boot.lanzaboote.pkiBundle}
|
||||
chmod -R 500 ${config.boot.lanzaboote.pkiBundle}
|
||||
fi
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user