lytedev/nix
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add installer
Some checks failed
/ check (push) Has been cancelled
Details

Browse source
This commit is contained in:
Daniel Flanagan 2025-02-20 12:24:40 -06:00
parent a15f20b741
commit a4f8a11bd1
5 changed files with 93 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
lib/disko/default.nix
View file

@ -117,6 +117,21 @@ rec {
}; };
}; };
standardEncrypted =
{
disk,
espSize ? "4G",
...
}:
standard {
inherit disk;
esp = {
label = "ESP";
size = espSize;
name = "ESP";
};
};
standard = standard =
{ {
esp ? { esp ? {

2
packages/default.nix
View file

@ -8,4 +8,6 @@ in
iosevkaLyteTermSubset = pkgs.callPackage ./iosevkaLyteTermSubset.nix { iosevkaLyteTermSubset = pkgs.callPackage ./iosevkaLyteTermSubset.nix {
inherit iosevkaLyteTerm; inherit iosevkaLyteTerm;
}; };
installer = pkgs.callPackage ./installer.nix { };
} }

45
packages/hosts/generic-headless.nix
View file

@ -1,48 +1,15 @@
{ ... }:
{ {
hardware, system.stateVersion = "24.11";
config,
...
}:
{
system.stateVersion = "24.05";
networking.hostName = "lyte-generic-headless"; networking.hostName = "lyte-generic-headless";
boot.initrd.availableKernelModules = [ boot = {
"xhci_pci" loader = {
"ahci" systemd-boot.enable = true;
"ehci_pci" efi.canTouchEfiVariables = true;
"usbhid"
"uas"
"sd_mod"
];
imports = with hardware; [
common-cpu-amd
common-pc-ssd
];
users.groups.beefcake = { };
users.users = {
beefcake = {
isSystemUser = true;
createHome = true;
home = "/storage/backups/beefcake";
group = "beefcake";
extraGroups = [ "sftponly" ];
openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys ++ [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7HrojwoyHED+A/FzRjYmIL0hzofwBd9IYHH6yV0oPO root@beefcake"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOEI82VdbyR1RYqSnFtlffHBtHFdXO0v9RmQH7GkfXo restic@beefcake"
];
}; };
}; };
services.openssh.extraConfig = ''
Match Group sftponly
ChrootDirectory /storage/backups/%u
ForceCommand internal-sftp
AllowTcpForwarding no
'';
networking = { networking = {
wifi.enable = true; wifi.enable = true;
firewall = { firewall = {

30
packages/hosts/generic.nix Normal file
View file

@ -0,0 +1,30 @@
{ ... }:
{
system.stateVersion = "24.11";
networking.hostName = "lyte-generic-headless";
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
networking = {
wifi.enable = true;
firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [ 22 ];
};
};
hardware.bluetooth.enable = true;
programs.steam.enable = true;
lyte.desktop.enable = true;
home-manager.users.daniel = {
lyte.shell.enable = true;
lyte.shell.desktop = true;
};
}

40
packages/installer.nix Normal file
View file

@ -0,0 +1,40 @@
{
pkgs,
...
}:
pkgs.writeShellApplication {
name = "suspend-flink-job";
runtimeInputs = with pkgs; [
fzf
jq
gawk
];
text = ''
read -s -r -p 'Disk Encryption Password:' pass1
echo
read -s -r -p 'Disk Encryption Password (Again):' pass2
echo
if ! [[ $pass1 = "$pass2" ]]; then
echo "error: disk encryption passwords did not match!"
exit 1
fi
nixos_host="$(nix eval --json git+https://git.lyte.dev/lytedev/nix#nixosConfigurations --apply 'builtins.attrNames' | jq -r .[] | fzf --prompt 'Select NixOS configuration')"
partition_scheme="$(nix eval --json git+https://git.lyte.dev/lytedev/nix#diskoConfigurations --apply 'builtins.attrNames' | jq -r .[] | fzf --prompt 'Select disk partition scheme (must match NixOS configuration!)')"
disk_path="/dev/$(lsblk -d --raw | tail -n +2 | fzf --prompt 'Select local disk device' | awk '{print $1}')"
disk_pass="$(echo "$pass1" | tr -d "\n")"
nix-shell --packages git --run "sudo nix run \
--extra-experimental-features nix-command \
--extra-experimental-features flakes \
github:nix-community/disko -- \
--flake 'git+https://git.lyte.dev/lytedev/nix#$partition_scheme' \
--mode disko \
--arg disk '$disk_path'"
nix-shell --packages git \
--run "sudo nixos-install \
--no-write-lock-file \
--flake 'git+https://git.lyte.dev/lytedev/nix#$nixos_host' \
--option trusted-substituters 'https://cache.nixos.org https://nix.h.lyte.dev' \
--option trusted-public-keys 'cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= h.lyte.dev-2:te9xK/GcWPA/5aXav8+e5RHImKYMug8hIIbhHsKPN0M='" '';
}