lib/devos: bake devos repo into live cd (#168)
fix #167 This worked for me to bootstrap another machine.
This commit is contained in:
parent
f53b6a4543
commit
3d324e7533
9 changed files with 147 additions and 18 deletions
|
@ -9,3 +9,100 @@ dd bs=4M if=result/iso/*.iso of=/dev/$your_installation_device \
|
||||||
```
|
```
|
||||||
|
|
||||||
This works for any file matching `hosts/*.nix` excluding `default.nix`.
|
This works for any file matching `hosts/*.nix` excluding `default.nix`.
|
||||||
|
|
||||||
|
## Remote access to the live installer
|
||||||
|
|
||||||
|
The iso live installer comes preconfigured with a network configuration
|
||||||
|
which announces it's hostname via [MulticastDNS][mDNS] as `hostname.local`,
|
||||||
|
that is `NixOS.local` in the above example.
|
||||||
|
|
||||||
|
In the rare case that [MulticastDNS][mDNS] is not availabe or turned off
|
||||||
|
in your network, there is a static link-local IPv6 address configured to
|
||||||
|
`fe80::47`(mnemonic from the letter's position in the english alphabet:
|
||||||
|
`n=14 i=9 x=24; 47 = n+i+x`).
|
||||||
|
|
||||||
|
Provided that you have added your public key to the authorized keys of the
|
||||||
|
`nixos` user:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
users.users.nixos.openssh.authorizedKeys.keyFiles = [
|
||||||
|
../secrets/path/to/key.pub
|
||||||
|
];
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
You can then ssh into the live installer through one of the
|
||||||
|
following options:
|
||||||
|
|
||||||
|
```console
|
||||||
|
ssh nixos@NixOS.local
|
||||||
|
|
||||||
|
ssh nixos@fe80::47%eno1 # where eno1 is your network interface on which you are linked to the target
|
||||||
|
```
|
||||||
|
|
||||||
|
_Note: the [static link-local IPv6 address][staticLLA] and [MulticastDNS][mDNS] is only
|
||||||
|
configured on the live installer. If you wish to enable [MulticastDNS][mDNS]
|
||||||
|
for your environment, you ought to configure that in a regular [profile](../../profiles)._
|
||||||
|
|
||||||
|
## EUI-64 LLA & Host Identity
|
||||||
|
|
||||||
|
The iso's IPv6 Link Local Address (LLA) is configured with a static 64-bit Extended
|
||||||
|
Unique Identifiers (EUI-64) that is derived from the host interface's Message
|
||||||
|
Authentication Code (MAC) address.
|
||||||
|
|
||||||
|
After a little while (a few seconds), you can remotely disvover this unique and host
|
||||||
|
specific address over [NDP][NDP] for example with:
|
||||||
|
|
||||||
|
```console
|
||||||
|
ip -6 neigh show # also shows fe80::47
|
||||||
|
```
|
||||||
|
|
||||||
|
***This LLA is stable for the host, unless you need to swap that particular network card.***
|
||||||
|
Under this reservation, though, you may use this EUI-64 to wire up a specific
|
||||||
|
(cryptographic) host identity.
|
||||||
|
|
||||||
|
## Bootstrap Target Machine
|
||||||
|
|
||||||
|
_Note: nothing prevents you from remotely exceuting the boostrapping process._
|
||||||
|
|
||||||
|
Once your target host has booted into the live iso, you need to partion
|
||||||
|
and format your disk according to the [official manual][manual].
|
||||||
|
|
||||||
|
### Mount partitions
|
||||||
|
|
||||||
|
Then properly mount the formatted partitions at `/mnt`, so that you can
|
||||||
|
install your system to those new partitions.
|
||||||
|
|
||||||
|
Mount `nixos` partition to `/mnt` and — for UEFI — `boot`
|
||||||
|
partition to `/mnt/boot`:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ mount /dev/disk/by-label/nixos /mnt
|
||||||
|
$ mkdir -p /mnt/boot && mount /dev/disk/by-label/boot /mnt/boot # UEFI only
|
||||||
|
$ swapon /dev/$your_swap_partition
|
||||||
|
```
|
||||||
|
|
||||||
|
### Install
|
||||||
|
|
||||||
|
Install using the `flk` wrapper baked into the iso off of a copy of devos
|
||||||
|
from the time the iso was built:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ cd /iso/devos
|
||||||
|
$ nix develop
|
||||||
|
$ flk install NixOS --impure # use same host as above
|
||||||
|
```
|
||||||
|
|
||||||
|
<!-- TODO: find out why --impure is necesary / PRs welcome! -->
|
||||||
|
|
||||||
|
_Note: You _could_ install another machine than the one your iso was built for,
|
||||||
|
but the iso doesn't carry all the necesary build artifacts so the target would
|
||||||
|
start to build the missing parts on demand instead of substituting them from
|
||||||
|
the iso itself._
|
||||||
|
|
||||||
|
[manual]: https://nixos.org/manual/nixos/stable/index.html#sec-installation-partitioning
|
||||||
|
[mDNS]: https://en.wikipedia.org/wiki/Multicast_DNS
|
||||||
|
[NDP]: https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol
|
||||||
|
[staticLLA]: https://tools.ietf.org/html/rfc7404
|
||||||
|
|
10
flake.nix
10
flake.nix
|
@ -36,7 +36,7 @@
|
||||||
|
|
||||||
extern = import ./extern { inherit inputs; };
|
extern = import ./extern { inherit inputs; };
|
||||||
|
|
||||||
pkgs' = os.mkPkgs { inherit self; };
|
pkgs' = os.mkPkgs;
|
||||||
|
|
||||||
outputs =
|
outputs =
|
||||||
let
|
let
|
||||||
|
@ -57,7 +57,7 @@
|
||||||
overlay = import ./pkgs;
|
overlay = import ./pkgs;
|
||||||
overlays = lib.pathsToImportedAttrs (lib.pathsIn ./overlays);
|
overlays = lib.pathsToImportedAttrs (lib.pathsIn ./overlays);
|
||||||
|
|
||||||
lib = import ./lib { inherit nixos pkgs; };
|
lib = import ./lib { inherit nixos pkgs self; };
|
||||||
|
|
||||||
templates.flk.path = ./.;
|
templates.flk.path = ./.;
|
||||||
templates.flk.description = "flk template";
|
templates.flk.description = "flk template";
|
||||||
|
@ -79,16 +79,14 @@
|
||||||
let pkgs = pkgs'.${system}; in
|
let pkgs = pkgs'.${system}; in
|
||||||
{
|
{
|
||||||
packages = utils.lib.flattenTreeSystem system
|
packages = utils.lib.flattenTreeSystem system
|
||||||
(os.mkPackages {
|
(os.mkPackages { inherit pkgs; });
|
||||||
inherit self pkgs;
|
|
||||||
});
|
|
||||||
|
|
||||||
devShell = import ./shell {
|
devShell = import ./shell {
|
||||||
inherit self system;
|
inherit self system;
|
||||||
};
|
};
|
||||||
|
|
||||||
legacyPackages.hmActivationPackages =
|
legacyPackages.hmActivationPackages =
|
||||||
os.mkHomeActivation { inherit self; };
|
os.mkHomeActivation;
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
in
|
in
|
||||||
|
|
|
@ -72,6 +72,10 @@ let
|
||||||
];
|
];
|
||||||
|
|
||||||
networking = { inherit hostName; };
|
networking = { inherit hostName; };
|
||||||
|
|
||||||
|
_module.args = {
|
||||||
|
inherit self;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
dev.os.devosSystem {
|
dev.os.devosSystem {
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
args@{ nixos, pkgs, ... }:
|
args@{ nixos, pkgs, self, ... }:
|
||||||
let inherit (nixos) lib; in
|
let inherit (nixos) lib; in
|
||||||
lib.makeExtensible (self:
|
lib.makeExtensible (final:
|
||||||
let callLibs = file: import file
|
let callLibs = file: import file
|
||||||
({
|
({
|
||||||
inherit lib;
|
inherit lib;
|
||||||
|
|
||||||
dev = self;
|
dev = final;
|
||||||
} // args);
|
} // args);
|
||||||
in
|
in
|
||||||
with self;
|
with final;
|
||||||
{
|
{
|
||||||
inherit callLibs;
|
inherit callLibs;
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ lib, nixos, ... }:
|
{ lib, nixos, self, ... }:
|
||||||
|
|
||||||
{ modules, ... } @ args:
|
{ modules, ... } @ args:
|
||||||
lib.nixosSystem (args // {
|
lib.nixosSystem (args // {
|
||||||
|
@ -13,11 +13,43 @@ lib.nixosSystem (args // {
|
||||||
"${nixos}/${modpath}/${cd}"
|
"${nixos}/${modpath}/${cd}"
|
||||||
({ config, ... }: {
|
({ config, ... }: {
|
||||||
isoImage.isoBaseName = "nixos-" + config.networking.hostName;
|
isoImage.isoBaseName = "nixos-" + config.networking.hostName;
|
||||||
|
isoImage.contents = [{
|
||||||
|
source = self;
|
||||||
|
target = "/devos/";
|
||||||
|
}];
|
||||||
# confilcts with networking.wireless which might be slightly
|
# confilcts with networking.wireless which might be slightly
|
||||||
# more useful on a stick
|
# more useful on a stick
|
||||||
networking.networkmanager.enable = lib.mkForce false;
|
networking.networkmanager.enable = lib.mkForce false;
|
||||||
# confilcts with networking.wireless
|
# confilcts with networking.wireless
|
||||||
networking.wireless.iwd.enable = lib.mkForce false;
|
networking.wireless.iwd.enable = lib.mkForce false;
|
||||||
|
# Set up a link-local boostrap network
|
||||||
|
# See also: https://github.com/NixOS/nixpkgs/issues/75515#issuecomment-571661659
|
||||||
|
networking.usePredictableInterfaceNames = lib.mkForce true; # so prefix matching works
|
||||||
|
networking.useNetworkd = lib.mkForce true;
|
||||||
|
networking.useDHCP = lib.mkForce false;
|
||||||
|
networking.dhcpcd.enable = lib.mkForce false;
|
||||||
|
systemd.network = {
|
||||||
|
# https://www.freedesktop.org/software/systemd/man/systemd.network.html
|
||||||
|
networks."boostrap-link-local" = {
|
||||||
|
matchConfig = {
|
||||||
|
Name = "en* wl* ww*";
|
||||||
|
};
|
||||||
|
networkConfig = {
|
||||||
|
Description = "Link-local host bootstrap network";
|
||||||
|
MulticastDNS = true;
|
||||||
|
LinkLocalAddressing = "ipv6";
|
||||||
|
DHCP = "yes";
|
||||||
|
};
|
||||||
|
address = [
|
||||||
|
# fall back well-known link-local for situations where MulticastDNS is not available
|
||||||
|
"fe80::47" # 47: n=14 i=9 x=24; n+i+x
|
||||||
|
];
|
||||||
|
extraConfig = ''
|
||||||
|
# Unique, yet stable. Based off the MAC address.
|
||||||
|
IPv6LinkLocalAddressGenerationMode = "eui64"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
})).config;
|
})).config;
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
{ lib, ... }:
|
{ lib, self, ... }:
|
||||||
|
|
||||||
{ self }:
|
|
||||||
let hmConfigs =
|
let hmConfigs =
|
||||||
lib.mapAttrs
|
lib.mapAttrs
|
||||||
(_: config: config.config.home-manager.users)
|
(_: config: config.config.home-manager.users)
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{ lib, dev, ... }:
|
{ lib, dev, self, ... }:
|
||||||
|
|
||||||
{ self, pkgs }:
|
{ pkgs }:
|
||||||
let
|
let
|
||||||
inherit (self) overlay overlays;
|
inherit (self) overlay overlays;
|
||||||
packagesNames = lib.attrNames (overlay null null)
|
packagesNames = lib.attrNames (overlay null null)
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
{ lib, dev, nixos, ... }:
|
{ lib, dev, nixos, self, ... }:
|
||||||
|
|
||||||
{ self }:
|
|
||||||
let inherit (self) inputs;
|
let inherit (self) inputs;
|
||||||
in
|
in
|
||||||
(inputs.utils.lib.eachDefaultSystem
|
(inputs.utils.lib.eachDefaultSystem
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
, system ? builtins.currentSystem
|
, system ? builtins.currentSystem
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
pkgs = (self.lib.os.mkPkgs { inherit self; }).${system};
|
pkgs = (self.lib.os.mkPkgs).${system};
|
||||||
|
|
||||||
inherit (pkgs) lib;
|
inherit (pkgs) lib;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue