feat: improve install ISO

Swarsel · Dec 24, 2024 · 5637ab5 · 5637ab5
1 parent 43e1333
commit 5637ab5
Show file tree

Hide file tree

Showing 5 changed files with 84 additions and 10 deletions.
diff --git a/SwarselSystems.org b/SwarselSystems.org
@@ -1747,7 +1747,7 @@ This is a slim setup for developing base configuration.
           swapSize = "8";
           rootDisk = "/dev/vda";
           withImpermanence = true;
-          withEncryption = false;
+          withEncryption = true;
         };
       }
       ./hardware-configuration.nix
@@ -1814,7 +1814,7 @@ This is a slim setup for developing base configuration.
       wallpaper = self + /wallpaper/lenovowp.png;
       impermanence = true;
       isBtrfs = true;
-      isCrypted = false;
+      isCrypted = true;
       initialSetup = true;
     };
 
@@ -1837,8 +1837,26 @@ This is a slim setup for developing base configuration.
 
 This is a live environment ISO that I use to bootstrap new systems. It only loads a minimal configuration and no graphical interface. After booting this image on a host, find out its IP and bootstrap the system using the =bootstrap= utility.
 
+For added convenience, the live environment displays a helpful text on login, we define it here (will be put into =/etc/issue=):
+
+#+begin_src bash :tangle programs/etc/issue
+  [32m~SwarselSystems~[0m
+  IP of primary interface: [31m\4[0m
+  The Password for all users & root is '[31msetup[0m'.
+  Install the system remotely by running '[33mbootstrap -n <HOSTNAME> -d <IP_FROM_ABOVE> [--impermanence] [--encryption][0m' on a machine with deployed secrets.
+  Alternatively, run '[33mswarsel-install -d <DISK> -f <flake>[0m' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access).
+
+#+end_src
+
+Also, an initial bash history is provided to allow for a very quick local deployment:
+
+#+begin_src shell :tangle programs/bash/.bash_history
+swarsel-install -f chaostheatre -d /dev/vda
+#+end_src
+
+
 #+begin_src nix :tangle hosts/nixos/iso/default.nix
-  { self, pkgs, inputs, config, lib, modulesPath, ... }:
+  { self, pkgs, inputs, outputs, config, lib, modulesPath, ... }:
   let
     pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh";
   in
@@ -1855,9 +1873,32 @@ This is a live environment ISO that I use to bootstrap new systems. It only load
 
       "${self}/profiles/iso/minimal.nix"
 
+      inputs.home-manager.nixosModules.home-manager
+      {
+        home-manager.users.swarsel.imports = [
+          "${self}/profiles/common/home/settings.nix"
+        ] ++ (builtins.attrValues outputs.homeManagerModules);
+      }
     ];
 
-    environment.etc."issue".text = "\\4\n";
+    home-manager.users.swarsel.home = {
+      file = {
+        ".bash_history" = {
+          source = self + /programs/bash/.bash_history;
+        };
+      };
+    };
+    home-manager.users.root.home = {
+      stateVersion = "23.05";
+      file = {
+        ".bash_history" = {
+          source = self + /programs/bash/.bash_history;
+        };
+      };
+    };
+
+    # environment.etc."issue".text = "\x1B[32m~SwarselSystems~\x1B[0m\nIP of primary interface: \x1B[31m\\4\x1B[0m\nThe Password for all users & root is '\x1B[31msetup\x1B[0m'.\nInstall the system remotely by running '\x1B[33mbootstrap -n <HOSTNAME> -d <IP_FROM_ABOVE> [--impermanence] [--encryption]\x1B[0m' on a machine with deployed secrets.\nAlternatively, run '\x1B[33mswarsel-install -d <DISK> -f <flake>\x1B[0m' for a local install.\n";
+    environment.etc."issue".source = "${self}/programs/etc/issue";
     networking.dhcpcd.runHook = "${pkgs.utillinux}/bin/agetty --reload";
 
     isoImage = {
@@ -1903,7 +1944,9 @@ This is a live environment ISO that I use to bootstrap new systems. It only load
 
     system.activationScripts.cache = {
       text = ''
-        mkdir -p /home/swarsel/.local/share/nix/
+        mkdir -p -m=0777 /home/swarsel/.local/state/nix/profiles
+        mkdir -p -m=0777 /home/swarsel/.local/state/home-manager/gcroots
+        mkdir -p -m=0777 /home/swarsel/.local/share/nix/
         printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /home/swarsel/.local/share/nix/trusted-settings.json > /dev/null
         mkdir -p /root/.local/share/nix/
         printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /root/.local/share/nix/trusted-settings.json > /dev/null

diff --git a/hosts/nixos/iso/default.nix b/hosts/nixos/iso/default.nix
@@ -1,4 +1,4 @@
-{ self, pkgs, inputs, config, lib, modulesPath, ... }:
+{ self, pkgs, inputs, outputs, config, lib, modulesPath, ... }:
 let
   pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh";
 in
@@ -15,9 +15,32 @@ in
 
     "${self}/profiles/iso/minimal.nix"
 
+    inputs.home-manager.nixosModules.home-manager
+    {
+      home-manager.users.swarsel.imports = [
+        "${self}/profiles/common/home/settings.nix"
+      ] ++ (builtins.attrValues outputs.homeManagerModules);
+    }
   ];
 
-  environment.etc."issue".text = "\\4\n";
+  home-manager.users.swarsel.home = {
+    file = {
+      ".bash_history" = {
+        source = self + /programs/bash/.bash_history;
+      };
+    };
+  };
+  home-manager.users.root.home = {
+    stateVersion = "23.05";
+    file = {
+      ".bash_history" = {
+        source = self + /programs/bash/.bash_history;
+      };
+    };
+  };
+
+  # environment.etc."issue".text = "\x1B[32m~SwarselSystems~\x1B[0m\nIP of primary interface: \x1B[31m\\4\x1B[0m\nThe Password for all users & root is '\x1B[31msetup\x1B[0m'.\nInstall the system remotely by running '\x1B[33mbootstrap -n <HOSTNAME> -d <IP_FROM_ABOVE> [--impermanence] [--encryption]\x1B[0m' on a machine with deployed secrets.\nAlternatively, run '\x1B[33mswarsel-install -d <DISK> -f <flake>\x1B[0m' for a local install.\n";
+  environment.etc."issue".source = "${self}/programs/etc/issue";
   networking.dhcpcd.runHook = "${pkgs.utillinux}/bin/agetty --reload";
 
   isoImage = {
@@ -63,7 +86,9 @@ in
 
   system.activationScripts.cache = {
     text = ''
-      mkdir -p /home/swarsel/.local/share/nix/
+      mkdir -p -m=0777 /home/swarsel/.local/state/nix/profiles
+      mkdir -p -m=0777 /home/swarsel/.local/state/home-manager/gcroots
+      mkdir -p -m=0777 /home/swarsel/.local/share/nix/
       printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /home/swarsel/.local/share/nix/trusted-settings.json > /dev/null
       mkdir -p /root/.local/share/nix/
       printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /root/.local/share/nix/trusted-settings.json > /dev/null

diff --git a/hosts/nixos/toto/default.nix b/hosts/nixos/toto/default.nix
@@ -13,7 +13,7 @@ in
         swapSize = "8";
         rootDisk = "/dev/vda";
         withImpermanence = true;
-        withEncryption = false;
+        withEncryption = true;
       };
     }
     ./hardware-configuration.nix
@@ -80,7 +80,7 @@ in
     wallpaper = self + /wallpaper/lenovowp.png;
     impermanence = true;
     isBtrfs = true;
-    isCrypted = false;
+    isCrypted = true;
     initialSetup = true;
   };
 

diff --git a/programs/bash/.bash_history b/programs/bash/.bash_history
@@ -0,0 +1 @@
+swarsel-install -f chaostheatre -d /dev/vda
diff --git a/programs/etc/issue b/programs/etc/issue
@@ -0,0 +1,5 @@
+[32m~SwarselSystems~[0m
+IP of primary interface: [31m\4[0m
+The Password for all users & root is '[31msetup[0m'.
+Install the system remotely by running '[33mbootstrap -n <HOSTNAME> -d <IP_FROM_ABOVE> [--impermanence] [--encryption][0m' on a machine with deployed secrets.
+Alternatively, run '[33mswarsel-install -d <DISK> -f <flake>[0m' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access).