mirror of
https://github.com/tboerger/nixos-config
synced 2024-11-26 07:43:45 +01:00
feat: add mkComputer, bootstrap without agenix
This commit is contained in:
parent
2cdc9f7864
commit
759bdf8cd9
40
README.md
40
README.md
@ -8,21 +8,18 @@ Provisioning for my NixOS systems based on [Nix][nix].
|
||||
|
||||
### Bootstrap
|
||||
|
||||
Copy `/etc/ssh/ssh_host_ed25519_key.pub` into [secrets](./secrets/secrets.nix)
|
||||
and rekey the secrets via [agenix][agenix]. After pushing the regkeyed secrets
|
||||
execute these commands:
|
||||
|
||||
```console
|
||||
sudo loadkeys de
|
||||
sudo nix-shell --packages nixUnstable
|
||||
|
||||
bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/scripts/chnum-partitions)"
|
||||
|
||||
mkdir -p /mnt/etc/ssh
|
||||
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
|
||||
nixos-install --root /mnt --flake github:tboerger/nixos-config#chnum
|
||||
nixos-install --root /mnt --flake github:tboerger/nixos-config#chnum-bootstrap
|
||||
```
|
||||
|
||||
Do not forget to rekey the secrets via [agenix][agenix] including the new keys
|
||||
at `/etc/ssh/ssh_host_ed25519_key.pub`, otherwise updating with the final
|
||||
services won't work.
|
||||
|
||||
### Updates
|
||||
|
||||
If the repository had been cloned you could just execute `make switch`,
|
||||
@ -42,12 +39,13 @@ sudo loadkeys de
|
||||
sudo nix-shell --packages nixUnstable
|
||||
|
||||
bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/scripts/asgard-partitions)"
|
||||
|
||||
mkdir -p /mnt/etc/ssh
|
||||
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
|
||||
nixos-install --root /mnt --flake github:tboerger/nixos-config#asgard
|
||||
nixos-install --root /mnt --flake github:tboerger/nixos-config#asgard-bootstrap
|
||||
```
|
||||
|
||||
Do not forget to rekey the secrets via [agenix][agenix] including the new keys
|
||||
at `/etc/ssh/ssh_host_ed25519_key.pub`, otherwise updating with the final
|
||||
services won't work.
|
||||
|
||||
### Updates
|
||||
|
||||
If the repository had been cloned you could just execute `make switch`,
|
||||
@ -67,12 +65,13 @@ sudo loadkeys de
|
||||
sudo nix-shell --packages nixUnstable
|
||||
|
||||
bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/scripts/utgard-partitions)"
|
||||
|
||||
mkdir -p /mnt/etc/ssh
|
||||
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
|
||||
nixos-install --root /mnt --flake github:tboerger/nixos-config#utgard
|
||||
nixos-install --root /mnt --flake github:tboerger/nixos-config#utgard-bootstrap
|
||||
```
|
||||
|
||||
Do not forget to rekey the secrets via [agenix][agenix] including the new keys
|
||||
at `/etc/ssh/ssh_host_ed25519_key.pub`, otherwise updating with the final
|
||||
services won't work.
|
||||
|
||||
### Updates
|
||||
|
||||
If the repository had been cloned you could just execute `make switch`,
|
||||
@ -92,12 +91,13 @@ sudo loadkeys de
|
||||
sudo nix-shell --packages nixUnstable
|
||||
|
||||
mount /dev/disk/by-label/NIXOS_SD /mnt
|
||||
|
||||
mkdir -p /mnt/etc/ssh
|
||||
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
|
||||
nixos-install --root /mnt --flake github:tboerger/nixos-config#midgard
|
||||
nixos-install --root /mnt --flake github:tboerger/nixos-config#midgard-bootstrap
|
||||
```
|
||||
|
||||
Do not forget to rekey the secrets via [agenix][agenix] including the new keys
|
||||
at `/etc/ssh/ssh_host_ed25519_key.pub`, otherwise updating with the final
|
||||
services won't work.
|
||||
|
||||
### Updates
|
||||
|
||||
If the repository had been cloned you could just execute `make switch`,
|
||||
|
261
flake.nix
261
flake.nix
@ -41,181 +41,144 @@
|
||||
|
||||
outputs = { self, nixpkgs, nur, utils, agenix, homemanager, deployrs, arion, hardware, ... }@inputs:
|
||||
let
|
||||
mkComputer = configurationNix: systemName: enableServices: extraModules: nixpkgs.lib.nixosSystem {
|
||||
system = systemName;
|
||||
|
||||
modules = [
|
||||
({ pkgs, ... }:
|
||||
let
|
||||
nur-no-pkgs = import nur {
|
||||
nurpkgs = import nixpkgs { system = systemName; };
|
||||
};
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
nur-no-pkgs.repos.tboerger.modules
|
||||
];
|
||||
|
||||
nixpkgs = {
|
||||
overlays = [
|
||||
(import ./overlays)
|
||||
nur.overlay
|
||||
];
|
||||
};
|
||||
})
|
||||
homemanager.nixosModules.home-manager
|
||||
agenix.nixosModules.age
|
||||
arion.nixosModules.arion
|
||||
configurationNix
|
||||
] ++ extraModules;
|
||||
|
||||
specialArgs = {
|
||||
inherit inputs;
|
||||
};
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
nixosConfigurations = {
|
||||
chnum = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
|
||||
modules = [
|
||||
({ pkgs, ... }:
|
||||
let
|
||||
nur-no-pkgs = import nur {
|
||||
nurpkgs = import nixpkgs { system = "x86_64-linux"; };
|
||||
};
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
nur-no-pkgs.repos.tboerger.modules
|
||||
];
|
||||
|
||||
nixpkgs = {
|
||||
overlays = [
|
||||
(import ./overlays)
|
||||
nur.overlay
|
||||
];
|
||||
};
|
||||
})
|
||||
homemanager.nixosModules.home-manager
|
||||
agenix.nixosModules.age
|
||||
arion.nixosModules.arion
|
||||
chnum = mkComputer
|
||||
./machines/chnum
|
||||
"x86_64-linux"
|
||||
true
|
||||
[
|
||||
./profiles/thomas
|
||||
# ./profiles/anna
|
||||
# ./profiles/adrian
|
||||
# ./profiles/tabea
|
||||
];
|
||||
|
||||
specialArgs = {
|
||||
inherit inputs;
|
||||
};
|
||||
};
|
||||
|
||||
midgard = nixpkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
|
||||
modules = [
|
||||
({ pkgs, ... }:
|
||||
let
|
||||
nur-no-pkgs = import nur {
|
||||
nurpkgs = import nixpkgs { system = "aarch64-linux"; };
|
||||
};
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
nur-no-pkgs.repos.tboerger.modules
|
||||
];
|
||||
|
||||
nixpkgs = {
|
||||
overlays = [
|
||||
(import ./overlays)
|
||||
nur.overlay
|
||||
];
|
||||
};
|
||||
})
|
||||
hardware.nixosModules.raspberry-pi-4
|
||||
homemanager.nixosModules.home-manager
|
||||
agenix.nixosModules.age
|
||||
arion.nixosModules.arion
|
||||
./machines/midgard
|
||||
chnum-bootstrap = mkComputer
|
||||
./machines/chnum
|
||||
"x86_64-linux"
|
||||
false
|
||||
[
|
||||
./profiles/thomas
|
||||
# ./profiles/anna
|
||||
# ./profiles/adrian
|
||||
# ./profiles/tabea
|
||||
];
|
||||
|
||||
specialArgs = {
|
||||
inherit inputs;
|
||||
};
|
||||
};
|
||||
|
||||
utgard = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
|
||||
modules = [
|
||||
({ pkgs, ... }:
|
||||
let
|
||||
nur-no-pkgs = import nur {
|
||||
nurpkgs = import nixpkgs { system = "x86_64-linux"; };
|
||||
};
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
nur-no-pkgs.repos.tboerger.modules
|
||||
];
|
||||
|
||||
nixpkgs = {
|
||||
overlays = [
|
||||
(import ./overlays)
|
||||
nur.overlay
|
||||
];
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
})
|
||||
homemanager.nixosModules.home-manager
|
||||
agenix.nixosModules.age
|
||||
arion.nixosModules.arion
|
||||
./machines/utgard
|
||||
./profiles/thomas
|
||||
# ./profiles/anna
|
||||
# ./profiles/adrian
|
||||
# ./profiles/tabea
|
||||
];
|
||||
|
||||
specialArgs = {
|
||||
inherit inputs;
|
||||
};
|
||||
};
|
||||
|
||||
asgard = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
|
||||
modules = [
|
||||
({ pkgs, ... }:
|
||||
let
|
||||
nur-no-pkgs = import nur {
|
||||
nurpkgs = import nixpkgs { system = "x86_64-linux"; };
|
||||
};
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
nur-no-pkgs.repos.tboerger.modules
|
||||
];
|
||||
|
||||
nixpkgs = {
|
||||
overlays = [
|
||||
(import ./overlays)
|
||||
nur.overlay
|
||||
];
|
||||
};
|
||||
})
|
||||
homemanager.nixosModules.home-manager
|
||||
agenix.nixosModules.age
|
||||
arion.nixosModules.arion
|
||||
asgard = mkComputer
|
||||
./machines/asgard
|
||||
"x86_64-linux"
|
||||
true
|
||||
[
|
||||
./profiles/thomas
|
||||
# ./profiles/anna
|
||||
# ./profiles/adrian
|
||||
# ./profiles/tabea
|
||||
];
|
||||
|
||||
specialArgs = {
|
||||
inherit inputs;
|
||||
};
|
||||
};
|
||||
asgard-bootstrap = mkComputer
|
||||
./machines/asgard
|
||||
"x86_64-linux"
|
||||
false
|
||||
[
|
||||
./profiles/thomas
|
||||
# ./profiles/anna
|
||||
# ./profiles/adrian
|
||||
# ./profiles/tabea
|
||||
];
|
||||
|
||||
utgard = mkComputer
|
||||
./machines/utgard
|
||||
"x86_64-linux"
|
||||
true
|
||||
[
|
||||
./profiles/thomas
|
||||
# ./profiles/anna
|
||||
# ./profiles/adrian
|
||||
# ./profiles/tabea
|
||||
];
|
||||
|
||||
utgard-bootstrap = mkComputer
|
||||
./machines/utgard
|
||||
"x86_64-linux"
|
||||
false
|
||||
[
|
||||
./profiles/thomas
|
||||
# ./profiles/anna
|
||||
# ./profiles/adrian
|
||||
# ./profiles/tabea
|
||||
];
|
||||
|
||||
midgard = mkComputer
|
||||
./machines/midgard
|
||||
"aarch64-linux"
|
||||
true
|
||||
[
|
||||
hardware.nixosModules.raspberry-pi-4
|
||||
./profiles/thomas
|
||||
# ./profiles/anna
|
||||
# ./profiles/adrian
|
||||
# ./profiles/tabea
|
||||
];
|
||||
|
||||
midgard-bootstrap = mkComputer
|
||||
./machines/midgard
|
||||
"aarch64-linux"
|
||||
false
|
||||
[
|
||||
hardware.nixosModules.raspberry-pi-4
|
||||
./profiles/thomas
|
||||
# ./profiles/anna
|
||||
# ./profiles/adrian
|
||||
# ./profiles/tabea
|
||||
];
|
||||
};
|
||||
|
||||
chnum = self.nixosConfigurations.chnum.config.system.build.toplevel;
|
||||
midgard = self.nixosConfigurations.midgard.config.system.build.toplevel;
|
||||
chnum-bootstrap = self.nixosConfigurations.chnum-bootstrap.config.system.build.toplevel;
|
||||
utgard = self.nixosConfigurations.utgard.config.system.build.toplevel;
|
||||
utgard-bootstrap = self.nixosConfigurations.utgard-bootstrap.config.system.build.toplevel;
|
||||
asgard = self.nixosConfigurations.asgard.config.system.build.toplevel;
|
||||
asgard-bootstrap = self.nixosConfigurations.asgard-bootstrap.config.system.build.toplevel;
|
||||
midgard = self.nixosConfigurations.midgard.config.system.build.toplevel;
|
||||
midgard-bootstrap = self.nixosConfigurations.midgard-bootstrap.config.system.build.toplevel;
|
||||
|
||||
deploy = {
|
||||
nodes = {
|
||||
midgard = {
|
||||
sshOpts = [ "-p" "22" ];
|
||||
hostname = "192.168.1.5";
|
||||
fastConnection = true;
|
||||
|
||||
profiles.system = {
|
||||
sshUser = "thomas";
|
||||
user = "root";
|
||||
path = deployrs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.midgard;
|
||||
};
|
||||
};
|
||||
|
||||
asgard = {
|
||||
sshOpts = [ "-p" "22" ];
|
||||
hostname = "192.168.1.10";
|
||||
@ -239,6 +202,18 @@
|
||||
path = deployrs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.utgard;
|
||||
};
|
||||
};
|
||||
|
||||
midgard = {
|
||||
sshOpts = [ "-p" "22" ];
|
||||
hostname = "192.168.1.5";
|
||||
fastConnection = true;
|
||||
|
||||
profiles.system = {
|
||||
sshUser = "thomas";
|
||||
user = "root";
|
||||
path = deployrs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.midgard;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -14,13 +14,13 @@
|
||||
personal = {
|
||||
services = {
|
||||
docker = {
|
||||
enable = true;
|
||||
enable = config.personal.services.enable;
|
||||
};
|
||||
samba = {
|
||||
enable = true;
|
||||
enable = config.personal.services.enable;
|
||||
};
|
||||
tailscale = {
|
||||
enable = true;
|
||||
enable = config.personal.services.enable;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -14,16 +14,16 @@
|
||||
personal = {
|
||||
services = {
|
||||
citrix = {
|
||||
enable = true;
|
||||
enable = config.personal.services.enable;
|
||||
};
|
||||
desktop = {
|
||||
enable = true;
|
||||
enable = config.personal.services.enable;
|
||||
};
|
||||
docker = {
|
||||
enable = true;
|
||||
enable = config.personal.services.enable;
|
||||
};
|
||||
libvirt = {
|
||||
enable = true;
|
||||
enable = config.personal.services.enable;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -14,19 +14,19 @@
|
||||
personal = {
|
||||
services = {
|
||||
acme = {
|
||||
enable = true;
|
||||
enable = config.personal.services.enable;
|
||||
};
|
||||
adguard = {
|
||||
enable = true;
|
||||
enable = config.personal.services.enable;
|
||||
};
|
||||
coredns = {
|
||||
enable = true;
|
||||
enable = config.personal.services.enable;
|
||||
};
|
||||
docker = {
|
||||
enable = true;
|
||||
enable = config.personal.services.enable;
|
||||
};
|
||||
tailscale = {
|
||||
enable = true;
|
||||
enable = config.personal.services.enable;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -10,7 +10,7 @@ with lib;
|
||||
users = {
|
||||
root = {
|
||||
shell = pkgs.zsh;
|
||||
passwordFile = config.age.secrets."users/root/password".path;
|
||||
hashedPassword = "$6$i1AZZ2GnRxgVnJ0X$yfWoi.SDf4mWYRAI6AbaCUMM15OOOZsabgbLo82HgEvCH3yc97N00y5m3aQPcLZ/5QHaL4BPUFRU6Ux3/ziEE/";
|
||||
openssh = {
|
||||
authorizedKeys = {
|
||||
keys = [
|
||||
@ -23,7 +23,7 @@ with lib;
|
||||
description = "Admin";
|
||||
shell = pkgs.zsh;
|
||||
isNormalUser = true;
|
||||
passwordFile = config.age.secrets."users/admin/password".path;
|
||||
hashedPassword = "$6$l5FBDK2QUtR6Sfvv$N.eol4kjcwIr56wIv1iwT07qlK.gD2KU7fAwc8JLMeKLLuik2FjmzQszgglQUuLbvLPiMM39Dj8AsHxJyXwhX.";
|
||||
uid = 1337;
|
||||
openssh = {
|
||||
authorizedKeys = {
|
||||
@ -40,13 +40,5 @@ with lib;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
age.secrets."users/root/password" = {
|
||||
file = ../../secrets/users/root/password.age;
|
||||
};
|
||||
|
||||
age.secrets."users/admin/password" = {
|
||||
file = ../../secrets/users/admin/password.age;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -1,4 +1,5 @@
|
||||
{ pkgs, lib, config, options, ... }:
|
||||
with lib;
|
||||
|
||||
{
|
||||
imports = [
|
||||
@ -22,7 +23,11 @@
|
||||
|
||||
options = {
|
||||
personal = {
|
||||
services = { };
|
||||
services = {
|
||||
enable = mkEnableOption "Services" // {
|
||||
default = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -14,16 +14,16 @@
|
||||
personal = {
|
||||
services = {
|
||||
acme = {
|
||||
enable = true;
|
||||
enable = config.personal.services.enable;
|
||||
};
|
||||
hass = {
|
||||
enable = true;
|
||||
enable = config.personal.services.enable;
|
||||
};
|
||||
media = {
|
||||
enable = true;
|
||||
enable = config.personal.services.enable;
|
||||
};
|
||||
tailscale = {
|
||||
enable = true;
|
||||
enable = config.personal.services.enable;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -22,35 +22,70 @@ while true; do
|
||||
esac
|
||||
done
|
||||
|
||||
echo "----> Remove previous VGs"
|
||||
for VG in $(vgs --noheadings 2>/dev/null | sed -e 's/^[[:space:]]*//' | cut -d" " -f 1); do
|
||||
vgremove -y ${VG} 2>/dev/null
|
||||
done
|
||||
|
||||
echo "----> Remove previous PVs"
|
||||
for PV in $(pvs --noheadings 2>/dev/null | sed -e 's/^[[:space:]]*//' | cut -d" " -f 1); do
|
||||
pvremove -y ${PV} 2>/dev/null
|
||||
done
|
||||
|
||||
echo "----> Remove previous MDs"
|
||||
if [[ -d /dev/md ]]; then
|
||||
for MD in /dev/md/*; do
|
||||
mdadm --stop $MD
|
||||
done
|
||||
fi
|
||||
|
||||
echo "----> Drop existing partitions"
|
||||
sgdisk --zap-all /dev/sda
|
||||
sgdisk -og /dev/sda
|
||||
sgdisk --zap-all /dev/sdb
|
||||
sgdisk -og /dev/sdb
|
||||
sgdisk --zap-all /dev/sdc
|
||||
sgdisk -og /dev/sdc
|
||||
sgdisk --zap-all /dev/sdd
|
||||
sgdisk -og /dev/sdd
|
||||
sgdisk --zap-all /dev/sde
|
||||
sgdisk -og /dev/sde
|
||||
wipefs -a /dev/sda || true
|
||||
sfdisk --delete /dev/sda || true
|
||||
wipefs -a /dev/sdb || true
|
||||
sfdisk --delete /dev/sdb || true
|
||||
wipefs -a /dev/sdc || true
|
||||
sfdisk --delete /dev/sdc || true
|
||||
wipefs -a /dev/sdd || true
|
||||
sfdisk --delete /dev/sdd || true
|
||||
wipefs -a /dev/sde || true
|
||||
sfdisk --delete /dev/sde || true
|
||||
|
||||
echo "-----> Wait for cleanup"
|
||||
sleep 3
|
||||
sync
|
||||
|
||||
echo "-----> Mark MBR disks"
|
||||
echo yes | parted /dev/disk/by-path/pci-0000:00:14.1-ata-1 -- mklabel msdos
|
||||
|
||||
echo "-----> Mark GPT disks"
|
||||
echo yes | parted /dev/disk/by-path/pci-0000:00:11.0-ata-1.0 -- mklabel gpt
|
||||
echo yes | parted /dev/disk/by-path/pci-0000:00:11.0-ata-2.0 -- mklabel gpt
|
||||
echo yes | parted /dev/disk/by-path/pci-0000:00:11.0-ata-3.0 -- mklabel gpt
|
||||
echo yes | parted /dev/disk/by-path/pci-0000:00:11.0-ata-4.0 -- mklabel gpt
|
||||
|
||||
echo "-----> Create boot partition"
|
||||
sgdisk -n 0:0:+1G -t 0:ef00 -c 0:boot /dev/disk/by-path/pci-0000:00:14.1-ata-1
|
||||
parted /dev/disk/by-path/pci-0000:00:14.1-ata-1 -- mkpart primary ext4 1MB 1GB
|
||||
parted /dev/disk/by-path/pci-0000:00:14.1-ata-1 -- set 1 boot on
|
||||
|
||||
echo "-----> Create root partition"
|
||||
sgdisk -n 0:0:0 -t 0:8300 -c 0:data /dev/disk/by-path/pci-0000:00:14.1-ata-1
|
||||
parted /dev/disk/by-path/pci-0000:00:14.1-ata-1 -- mkpart primary ext4 1GB 100%
|
||||
|
||||
echo "-----> Create tank partition"
|
||||
sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-1
|
||||
sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-2
|
||||
sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-3
|
||||
sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-4
|
||||
|
||||
echo "-----> Wait for data"
|
||||
sleep 3
|
||||
sync
|
||||
|
||||
echo "-----> Create data pv"
|
||||
pvcreate /dev/disk/by-partlabel/data
|
||||
pvcreate /dev/disk/by-path/pci-0000:00:14.1-ata-1-part2
|
||||
|
||||
echo "-----> Create data vg"
|
||||
vgcreate system /dev/disk/by-partlabel/data
|
||||
vgcreate system /dev/disk/by-path/pci-0000:00:14.1-ata-1-part2
|
||||
|
||||
echo "-----> Create swap volume"
|
||||
lvcreate -y --size 24G --name swap system
|
||||
@ -79,20 +114,22 @@ mkdir /mnt/home
|
||||
mount -t ext4 /dev/system/home /mnt/home
|
||||
|
||||
echo "-----> Create boot filesystem"
|
||||
mkfs.vfat -n boot /dev/disk/by-partlabel/boot
|
||||
|
||||
echo "-----> Wait for boot"
|
||||
sleep 3
|
||||
mkfs.ext4 -L boot /dev/disk/by-path/pci-0000:00:14.1-ata-1-part1
|
||||
|
||||
echo "-----> Mount boot filesystem"
|
||||
mkdir /mnt/boot
|
||||
mount /dev/disk/by-label/boot /mnt/boot
|
||||
|
||||
echo "-----> Create tank partition"
|
||||
sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-1
|
||||
sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-2
|
||||
sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-3
|
||||
sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-4
|
||||
echo "-----> Wait for filesystems"
|
||||
sleep 3
|
||||
sync
|
||||
|
||||
echo "----> Remove previous MDs"
|
||||
if [[ -d /dev/md ]]; then
|
||||
for MD in /dev/md/*; do
|
||||
mdadm --stop $MD
|
||||
done
|
||||
fi
|
||||
|
||||
echo "-----> Create raid volume"
|
||||
echo yes | mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/disk/by-path/pci-0000:00:11.0-ata-1.0-part1 /dev/disk/by-path/pci-0000:00:11.0-ata-2.0-part1
|
||||
|
@ -22,14 +22,25 @@ while true; do
|
||||
esac
|
||||
done
|
||||
|
||||
echo "----> Remove previous VGs"
|
||||
for VG in $(vgs --noheadings 2>/dev/null | sed -e 's/^[[:space:]]*//' | cut -d" " -f 1); do
|
||||
vgremove -y ${VG} 2>/dev/null
|
||||
done
|
||||
|
||||
echo "----> Remove previous PVs"
|
||||
for PV in $(pvs --noheadings 2>/dev/null | sed -e 's/^[[:space:]]*//' | cut -d" " -f 1); do
|
||||
pvremove -y ${PV} 2>/dev/null
|
||||
done
|
||||
|
||||
echo "----> Drop existing partitions"
|
||||
wipefs -a /dev/sda
|
||||
sfdisk --delete /dev/sda
|
||||
|
||||
echo "-----> Wait for cleanup"
|
||||
sleep 3
|
||||
sync
|
||||
|
||||
echo "-----> Mark GPT disk"
|
||||
echo "-----> Mark GPT disks"
|
||||
echo yes | parted /dev/sda -- mklabel gpt
|
||||
|
||||
echo "-----> Create boot partition"
|
||||
@ -40,27 +51,22 @@ sgdisk -n 0:0:0 -t 0:8300 -c 0:data /dev/sda
|
||||
|
||||
echo "-----> Wait for data"
|
||||
sleep 3
|
||||
|
||||
echo "-----> Format luks partition"
|
||||
cryptsetup --verify-passphrase luksFormat /dev/disk/by-partlabel/data
|
||||
|
||||
echo "-----> Open luks partition"
|
||||
cryptsetup --allow-discards luksOpen /dev/disk/by-partlabel/data luks
|
||||
sync
|
||||
|
||||
echo "-----> Create data pv"
|
||||
pvcreate /dev/mapper/luks
|
||||
pvcreate /dev/disk/by-partlabel/data
|
||||
|
||||
echo "-----> Create data vg"
|
||||
vgcreate system /dev/mapper/luks
|
||||
vgcreate system /dev/disk/by-partlabel/data
|
||||
|
||||
echo "-----> Create swap volume"
|
||||
lvcreate --size 24G --name swap system
|
||||
lvcreate -y --size 24G --name swap system
|
||||
|
||||
echo "-----> Create root volume"
|
||||
lvcreate --size 100G --name root system
|
||||
lvcreate -y --size 100G --name root system
|
||||
|
||||
echo "-----> Create home volume"
|
||||
lvcreate --size 100G --name home system
|
||||
lvcreate -y --size 100G --name home system
|
||||
|
||||
echo "-----> Enable swap partition"
|
||||
mkswap -L swap /dev/system/swap
|
||||
@ -85,3 +91,7 @@ mkfs.vfat -n boot /dev/disk/by-partlabel/boot
|
||||
echo "-----> Mount boot filesystem"
|
||||
mkdir /mnt/boot
|
||||
mount /dev/disk/by-label/boot /mnt/boot
|
||||
|
||||
echo "-----> Wait for filesystems"
|
||||
sleep 3
|
||||
sync
|
||||
|
@ -22,6 +22,16 @@ while true; do
|
||||
esac
|
||||
done
|
||||
|
||||
echo "----> Remove previous VGs"
|
||||
for VG in $(vgs --noheadings 2>/dev/null | sed -e 's/^[[:space:]]*//' | cut -d" " -f 1); do
|
||||
vgremove -y ${VG} 2>/dev/null
|
||||
done
|
||||
|
||||
echo "----> Remove previous PVs"
|
||||
for PV in $(pvs --noheadings 2>/dev/null | sed -e 's/^[[:space:]]*//' | cut -d" " -f 1); do
|
||||
pvremove -y ${PV} 2>/dev/null
|
||||
done
|
||||
|
||||
echo "----> Drop existing partitions"
|
||||
wipefs -a /dev/sda
|
||||
sfdisk --delete /dev/sda
|
||||
@ -30,8 +40,9 @@ sfdisk --delete /dev/sdb
|
||||
|
||||
echo "-----> Wait for cleanup"
|
||||
sleep 3
|
||||
sync
|
||||
|
||||
echo "-----> Mark GPT disk"
|
||||
echo "-----> Mark GPT disks"
|
||||
echo yes | parted /dev/sda -- mklabel gpt
|
||||
echo yes | parted /dev/sdb -- mklabel gpt
|
||||
|
||||
@ -46,21 +57,22 @@ sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/sdb
|
||||
|
||||
echo "-----> Wait for data"
|
||||
sleep 3
|
||||
sync
|
||||
|
||||
echo "-----> Create data pv"
|
||||
pvcreate /dev/disk/by-partlabel/data /dev/disk/by-partlabel/tank
|
||||
|
||||
echo "-----> Create data vg"
|
||||
vgcreate system /dev/disk/by-partlabel/data
|
||||
vgcreate system /dev/disk/by-partlabel/data /dev/disk/by-partlabel/tank
|
||||
|
||||
echo "-----> Create swap volume"
|
||||
lvcreate --size 24G --name swap system
|
||||
lvcreate -y --size 24G --name swap system
|
||||
|
||||
echo "-----> Create root volume"
|
||||
lvcreate --size 50G --name root system
|
||||
lvcreate -y --size 50G --name root system
|
||||
|
||||
echo "-----> Create home volume"
|
||||
lvcreate --size 50G --name home system
|
||||
lvcreate -y --size 50G --name home system
|
||||
|
||||
echo "-----> Enable swap partition"
|
||||
mkswap -L swap /dev/system/swap
|
||||
@ -86,20 +98,12 @@ echo "-----> Mount boot filesystem"
|
||||
mkdir /mnt/boot
|
||||
mount /dev/disk/by-label/boot /mnt/boot
|
||||
|
||||
for PARTITION in acme nzbget jellyfin bazarr lidarr prowlarr radarr readarr sonarr; do
|
||||
echo "-----> Create ${PARTITION} volume"
|
||||
lvcreate --size 5G --name ${PARTITION} system
|
||||
|
||||
echo "-----> Create ${PARTITION} filesystem"
|
||||
mkfs.ext4 -L ${PARTITION} /dev/system/${PARTITION}
|
||||
|
||||
echo "-----> Mount ${PARTITION} filesystem"
|
||||
mkdir /mnt/var/lib/${PARTITION}
|
||||
mount -t ext4 /dev/system/${PARTITION} /mnt/var/lib/${PARTITION}
|
||||
done
|
||||
echo "-----> Wait for filesystems"
|
||||
sleep 3
|
||||
sync
|
||||
|
||||
echo "-----> Create downloads volume"
|
||||
lvcreate --size 200G --name downloads system
|
||||
lvcreate -y --size 200G --name downloads system
|
||||
|
||||
echo "-----> Create downloads filesystem"
|
||||
mkfs.ext4 -L downloads /dev/system/downloads
|
||||
@ -108,3 +112,15 @@ echo "-----> Mount downloads filesystem"
|
||||
mkdir -p /mnt/var/lib/downloads
|
||||
mount -t ext4 /dev/tank/downloads /mnt/var/lib/downloads
|
||||
chown 20000:20000 /mnt/var/lib/downloads
|
||||
|
||||
for PARTITION in acme nzbget jellyfin bazarr lidarr prowlarr radarr readarr sonarr; do
|
||||
echo "-----> Create ${PARTITION} volume"
|
||||
lvcreate -y --size 5G --name ${PARTITION} system
|
||||
|
||||
echo "-----> Create ${PARTITION} filesystem"
|
||||
mkfs.ext4 -L ${PARTITION} /dev/system/${PARTITION}
|
||||
|
||||
echo "-----> Mount ${PARTITION} filesystem"
|
||||
mkdir /mnt/var/lib/${PARTITION}
|
||||
mount -t ext4 /dev/system/${PARTITION} /mnt/var/lib/${PARTITION}
|
||||
done
|
||||
|
@ -14,13 +14,10 @@ in
|
||||
"services/nixbuild/sshkey.age".publicKeys = users ++ systems;
|
||||
"services/tailscale/authkey.age".publicKeys = users ++ systems;
|
||||
|
||||
"users/media/password.age".publicKeys = users ++ systems;
|
||||
"users/media/smbpasswd.age".publicKeys = users ++ systems;
|
||||
|
||||
"users/media/password.age".publicKeys = users ++ systems;
|
||||
"users/printer/password.age".publicKeys = users ++ systems;
|
||||
"users/root/password.age".publicKeys = users ++ systems;
|
||||
"users/admin/password.age".publicKeys = users ++ systems;
|
||||
|
||||
"users/thomas/password.age".publicKeys = users ++ systems;
|
||||
"users/anna/password.age".publicKeys = users ++ systems;
|
||||
"users/adrian/password.age".publicKeys = users ++ systems;
|
||||
|
@ -1,14 +0,0 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 ptT1OQ m41ZYkxBg3ngM4ZpFHCb4Ft/ElZjPSf1s2a5lSvz4xg
|
||||
rvMP6Ue5ZDOElRrW2GC1b43F/ZyS+5vQC8lQxVSBUy4
|
||||
-> ssh-ed25519 vDK6kA O8UeamU3Zx4cxCardgxbe9ftFmkR0sSXEUSu8DHnhxk
|
||||
AmgswlByLQGJeUzrAu9gJ4vOoxkAF+FNIaXBuY/MRqk
|
||||
-> ssh-ed25519 gBo+cg UFDVPaFYhVypXE8h7wIp5yvCpKpeXR81JwXVDHNpIAI
|
||||
3GcUg0kPP/GwYZXjh1CraS/qsopwrTrjTmegyE1fhO0
|
||||
-> ssh-ed25519 QkapZw kn/5bNeJnnEDdFlk9TklUbzb3mRHdgnfw8qyBxJM7yA
|
||||
HONZGOxZZuOny0jj2+N0lKKrdAZZhV3vlWEV8FHHqWk
|
||||
-> Xavbo#^^-grease I
|
||||
6kc1UvDDimkMwSlrUtx5+s6TmG2l4KHsRYSNibGisCEXPTOZnZdV5G9WO4DqxuHI
|
||||
+aje2p6qtOB1+6i3S/BDDyhI82UFMXT2gZt7Jk7gz/Ylsm4z
|
||||
--- q/EYv2kRnAnW0Xg4DrPanJRPVH1r7RMdxacyK3TIQA4
|
||||
E.z…Æc]2îdð<64>L¬KØÀ¤pRÌ…™&ÊÙéäe?—øNºø›
|
Binary file not shown.
Loading…
Reference in New Issue
Block a user