feat: add installer

2025-02-20 12:24:40 -06:00 · 2025-02-20 12:24:40 -06:00 · a4f8a11bd1
commit a4f8a11bd1
parent a15f20b741
5 changed files with 93 additions and 39 deletions
--- a/lib/disko/default.nix
+++ b/lib/disko/default.nix
@ -117,6 +117,21 @@ rec {
    };
  };

+  standardEncrypted =
+    {
+      disk,
+      espSize ? "4G",
+      ...
+    }:
+    standard {
+      inherit disk;
+      esp = {
+        label = "ESP";
+        size = espSize;
+        name = "ESP";
+      };
+    };
+
  standard =
    {
      esp ? {
--- a/packages/default.nix
+++ b/packages/default.nix
@ -8,4 +8,6 @@ in
  iosevkaLyteTermSubset = pkgs.callPackage ./iosevkaLyteTermSubset.nix {
    inherit iosevkaLyteTerm;
  };
+
+  installer = pkgs.callPackage ./installer.nix { };
 }
--- a/packages/hosts/generic-headless.nix
+++ b/packages/hosts/generic-headless.nix
@ -1,48 +1,15 @@
+{ ... }:
 {
-  hardware,
-  config,
-  ...
-}:
-{
-  system.stateVersion = "24.05";
+  system.stateVersion = "24.11";
  networking.hostName = "lyte-generic-headless";

-  boot.initrd.availableKernelModules = [
-    "xhci_pci"
-    "ahci"
-    "ehci_pci"
-    "usbhid"
-    "uas"
-    "sd_mod"
-  ];
-
-  imports = with hardware; [
-    common-cpu-amd
-    common-pc-ssd
-  ];
-
-  users.groups.beefcake = { };
-  users.users = {
-    beefcake = {
-      isSystemUser = true;
-      createHome = true;
-      home = "/storage/backups/beefcake";
-      group = "beefcake";
-      extraGroups = [ "sftponly" ];
-      openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys ++ [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7HrojwoyHED+A/FzRjYmIL0hzofwBd9IYHH6yV0oPO root@beefcake"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOEI82VdbyR1RYqSnFtlffHBtHFdXO0v9RmQH7GkfXo restic@beefcake"
-      ];
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
    };
  };

-  services.openssh.extraConfig = ''
-    Match Group sftponly
-      ChrootDirectory /storage/backups/%u
-      ForceCommand internal-sftp
-      AllowTcpForwarding no
-  '';
-
  networking = {
    wifi.enable = true;
    firewall = {
--- a/packages/hosts/generic.nix
+++ b/packages/hosts/generic.nix
@ -0,0 +1,30 @@
+{ ... }:
+{
+  system.stateVersion = "24.11";
+  networking.hostName = "lyte-generic-headless";
+
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+  };
+
+  networking = {
+    wifi.enable = true;
+    firewall = {
+      enable = true;
+      allowPing = true;
+      allowedTCPPorts = [ 22 ];
+    };
+  };
+
+  hardware.bluetooth.enable = true;
+
+  programs.steam.enable = true;
+  lyte.desktop.enable = true;
+  home-manager.users.daniel = {
+    lyte.shell.enable = true;
+    lyte.shell.desktop = true;
+  };
+}
--- a/packages/installer.nix
+++ b/packages/installer.nix
@ -0,0 +1,40 @@
+{
+  pkgs,
+  ...
+}:
+pkgs.writeShellApplication {
+  name = "suspend-flink-job";
+  runtimeInputs = with pkgs; [
+    fzf
+    jq
+    gawk
+  ];
+  text = ''
+    read -s -r -p 'Disk Encryption Password:' pass1
+    echo
+    read -s -r -p 'Disk Encryption Password (Again):' pass2
+    echo
+    if ! [[ $pass1 = "$pass2" ]]; then
+      echo "error: disk encryption passwords did not match!"
+      exit 1
+    fi
+    nixos_host="$(nix eval --json git+https://git.lyte.dev/lytedev/nix#nixosConfigurations --apply 'builtins.attrNames' | jq -r .[] | fzf --prompt 'Select NixOS configuration')"
+    partition_scheme="$(nix eval --json git+https://git.lyte.dev/lytedev/nix#diskoConfigurations --apply 'builtins.attrNames' | jq -r .[] | fzf --prompt 'Select disk partition scheme (must match NixOS configuration!)')"
+    disk_path="/dev/$(lsblk -d --raw | tail -n +2 | fzf --prompt 'Select local disk device' | awk '{print $1}')"
+    disk_pass="$(echo "$pass1" | tr -d "\n")"
+
+    nix-shell --packages git --run "sudo nix run \
+      --extra-experimental-features nix-command \
+      --extra-experimental-features flakes \
+      github:nix-community/disko -- \
+        --flake 'git+https://git.lyte.dev/lytedev/nix#$partition_scheme' \
+        --mode disko \
+        --arg disk '$disk_path'"
+
+    nix-shell --packages git \
+      --run "sudo nixos-install \
+        --no-write-lock-file \
+        --flake 'git+https://git.lyte.dev/lytedev/nix#$nixos_host' \
+        --option trusted-substituters 'https://cache.nixos.org https://nix.h.lyte.dev' \
+        --option trusted-public-keys 'cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= h.lyte.dev-2:te9xK/GcWPA/5aXav8+e5RHImKYMug8hIIbhHsKPN0M='"  '';
+}