machine: aramis: add installer script

This is the first time that I am setting up LVM-on-LUKS with NixOS, so a
VM came in handy to test it out.

machines/aramis/install.sh

@@ -0,0 +1,51 @@
+#!/bin/sh
+
+if [ "$(id -u)" -ne 0 ]; then
+    echo "This script must be run as root" >&2
+    exit 1
+fi
+
+SWAP_SIZE=16GiB
+
+parted /dev/nvme0n1 --script -- \
+    mklabel gpt \
+    mkpart primary 512MiB 100% \
+    mkpart ESP fat32 1MiB 512MiB \
+    set 2 esp on
+
+cryptsetup luksFormat /dev/nvme0n1p1
+cryptsetup open /dev/nvme0n1p1 crypt
+
+pvcreate /dev/mapper/crypt
+vgcreate lvm /dev/mapper/crypt
+lvcreate -L "$SWAP_SIZE" -n swap lvm
+lvcreate -l 100%FREE -n root lvm
+
+mkfs.ext4 -L nixos /dev/lvm/root
+mkswap -L swap /dev/lvm/swap
+mkfs.vfat -n boot /dev/nvme0n1p2
+
+mount /dev/disk/by-label/nixos /mnt
+mkdir /mnt/boot
+mount /dev/nvme0n1p2 /mnt/boot
+swapon /dev/lvm/swap
+
+cat << EOF
+# Run the following commands as setup user
+nixos-generate-config --root /mnt
+
+# Change uuids to labels
+vim /mnt/etc/nixos/hardware-configuration.nix
+
+# Install system
+mkdir -p /mnt/home/ambroisie/git/nix/config
+cd /mnt/home/ambroisie/git/nix/config
+
+git clone <this-repo> .
+# Assuming you set up GPG key correctly
+git crypt unlock
+
+# Setup LUKS with 'boot.initrd.luks.devices.crypt', device is /dev/nvme0n1p1, preLVM = true
+
+# Use 'nixos-install --flake .#aramis --root /mnt --impure' because of home-manager issue
+EOF