machine: aramis: add installer script

This is the first time that I am setting up LVM-on-LUKS with NixOS, so a
VM came in handy to test it out.
This commit is contained in:
Bruno BELANYI 2021-03-23 19:42:35 +00:00
parent 5041fc7472
commit 817ca1e9df

51
machines/aramis/install.sh Executable file
View file

@ -0,0 +1,51 @@
#!/bin/sh
if [ "$(id -u)" -ne 0 ]; then
echo "This script must be run as root" >&2
exit 1
fi
SWAP_SIZE=16GiB
parted /dev/nvme0n1 --script -- \
mklabel gpt \
mkpart primary 512MiB 100% \
mkpart ESP fat32 1MiB 512MiB \
set 2 esp on
cryptsetup luksFormat /dev/nvme0n1p1
cryptsetup open /dev/nvme0n1p1 crypt
pvcreate /dev/mapper/crypt
vgcreate lvm /dev/mapper/crypt
lvcreate -L "$SWAP_SIZE" -n swap lvm
lvcreate -l 100%FREE -n root lvm
mkfs.ext4 -L nixos /dev/lvm/root
mkswap -L swap /dev/lvm/swap
mkfs.vfat -n boot /dev/nvme0n1p2
mount /dev/disk/by-label/nixos /mnt
mkdir /mnt/boot
mount /dev/nvme0n1p2 /mnt/boot
swapon /dev/lvm/swap
cat << EOF
# Run the following commands as setup user
nixos-generate-config --root /mnt
# Change uuids to labels
vim /mnt/etc/nixos/hardware-configuration.nix
# Install system
mkdir -p /mnt/home/ambroisie/git/nix/config
cd /mnt/home/ambroisie/git/nix/config
git clone <this-repo> .
# Assuming you set up GPG key correctly
git crypt unlock
# Setup LUKS with 'boot.initrd.luks.devices.crypt', device is /dev/nvme0n1p1, preLVM = true
# Use 'nixos-install --flake .#aramis --root /mnt --impure' because of home-manager issue
EOF