mirror of
https://github.com/elitak/nixos-infect.git
synced 2024-12-23 00:28:28 +03:00
Merge pull request #3 from obadz/nixos-infect-with-lustrate
Use NIXOS_LUSTRATE
This commit is contained in:
commit
4e2e63a812
1 changed files with 37 additions and 39 deletions
76
nixos-infect
76
nixos-infect
|
@ -21,6 +21,14 @@
|
||||||
# - Deploy the droplet indicated at the top of the file, enable ipv6, add your ssh key
|
# - Deploy the droplet indicated at the top of the file, enable ipv6, add your ssh key
|
||||||
# - cat customConfig.optional nixos-infect | ssh root@targethost
|
# - cat customConfig.optional nixos-infect | ssh root@targethost
|
||||||
#
|
#
|
||||||
|
# Alternatively, use the user data mechamism by supplying the following lines (without >)
|
||||||
|
# in the Digital Ocean Web UI (or HTTP API):
|
||||||
|
#
|
||||||
|
# > #cloud-config
|
||||||
|
# >
|
||||||
|
# > runcmd:
|
||||||
|
# > - curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | bash 2>&1 | tee /tmp/infect.log
|
||||||
|
#
|
||||||
# Potential tweaks:
|
# Potential tweaks:
|
||||||
# /etc/nixos/{,hardware-}configuration.nix : rudimentary mostly static config
|
# /etc/nixos/{,hardware-}configuration.nix : rudimentary mostly static config
|
||||||
# /etc/nixos/networking.nix, networking settings determined at runtime
|
# /etc/nixos/networking.nix, networking settings determined at runtime
|
||||||
|
@ -37,7 +45,8 @@
|
||||||
|
|
||||||
set -ex
|
set -ex
|
||||||
|
|
||||||
nixos_channel=nixos-unstable
|
# nixpkgs="https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz"
|
||||||
|
nixpkgs="https://github.com/NixOS/nixpkgs/archive/ba50fd7.tar.gz"
|
||||||
|
|
||||||
makeConf() {
|
makeConf() {
|
||||||
# NB <<"EOF" quotes / $ ` in heredocs, <<EOF does not
|
# NB <<"EOF" quotes / $ ` in heredocs, <<EOF does not
|
||||||
|
@ -64,7 +73,7 @@ EOF
|
||||||
{ ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
|
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
|
||||||
boot.loader.grub.device = "nodev";
|
boot.loader.grub.device = "/dev/vda";
|
||||||
fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
|
fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
|
@ -133,54 +142,43 @@ makeSwap() {
|
||||||
makeConf
|
makeConf
|
||||||
makeSwap # smallest (512MB) droplet needs extra memory!
|
makeSwap # smallest (512MB) droplet needs extra memory!
|
||||||
|
|
||||||
dnf install -y perl-Digest-SHA || true # Fedora 24
|
which dnf && dnf install -y perl-Digest-SHA # Fedora 24
|
||||||
|
|
||||||
groupadd -r nixbld
|
# DigitalOcean doesn't seem to set USER while running user data
|
||||||
|
export USER="root"
|
||||||
|
export HOME="/root"
|
||||||
|
|
||||||
|
groupadd -r nixbld -g 30000
|
||||||
seq 1 10 | xargs -I{} useradd -c "Nix build user {}" -d /var/empty -g nixbld -G nixbld -M -N -r -s `which nologin` nixbld{}
|
seq 1 10 | xargs -I{} useradd -c "Nix build user {}" -d /var/empty -g nixbld -G nixbld -M -N -r -s `which nologin` nixbld{}
|
||||||
|
|
||||||
curl https://nixos.org/nix/install | sh
|
curl https://nixos.org/nix/install | sh
|
||||||
|
|
||||||
source ~/.nix-profile/etc/profile.d/nix.sh
|
source ~/.nix-profile/etc/profile.d/nix.sh
|
||||||
|
|
||||||
nix-channel --add https://nixos.org/channels/${nixos_channel} nixos
|
nix-channel --remove \*
|
||||||
nix-channel --update
|
export NIX_PATH="nixpkgs=$nixpkgs"
|
||||||
|
|
||||||
newRootImg=`mktemp`
|
|
||||||
newRootMount=`mktemp -d`
|
|
||||||
oldRootMount=`mktemp -d`
|
|
||||||
|
|
||||||
export NIXOS_CONFIG=/etc/nixos/configuration.nix
|
export NIXOS_CONFIG=/etc/nixos/configuration.nix
|
||||||
nix-env -i \
|
|
||||||
-f /nix/var/nix/profiles/per-user/root/channels/nixpkgs/nixos \
|
|
||||||
-A config.system.build.nixos-install
|
|
||||||
|
|
||||||
# XXX GOTCHA NB bindmount causes /bin/bash permission BUG on many
|
nix-env --set \
|
||||||
# versions (nix 1.10-1.11, nixpkgs 15-16), so we must use loopback image instead.
|
-f '<nixpkgs/nixos>' \
|
||||||
# See: https://github.com/NixOS/nixpkgs/issues/10230
|
-p /nix/var/nix/profiles/system \
|
||||||
dd if=/dev/zero of=$newRootImg bs=1M count=2047 # XXX 2048+ will cause mkfs.ext4 to fail on x86
|
-A system
|
||||||
mkfs.ext4 -F $newRootImg
|
|
||||||
mount $newRootImg $newRootMount
|
|
||||||
|
|
||||||
rsync -Ra /./etc/nixos $newRootMount
|
# Remove nix installed with curl | bash
|
||||||
nixos-install --root $newRootMount
|
rm -fv /nix/var/nix/profiles/default*
|
||||||
|
/nix/var/nix/profiles/system/sw/bin/nix-collect-garbage
|
||||||
|
|
||||||
mount -B / $oldRootMount
|
# Follow the symlinks
|
||||||
|
[ -L /etc/resolv.conf ] && mv -v /etc/resolv.conf /etc/resolv.conf.lnk && cat /etc/resolv.conf.lnk > /etc/resolv.conf
|
||||||
|
|
||||||
# Everything up to this point is revertible; this is the truly destructive step.
|
# Staging for the Nix coup d'état
|
||||||
# GOTCHAs when running manually: very easy to forget slash at end of source, or use / as dest instead of bindmounted root, both of which are catastrophic...
|
touch /etc/NIXOS
|
||||||
rsync -a --delete --exclude=$(dirname $newRootMount) $newRootMount/ $oldRootMount || true
|
cat > /etc/NIXOS_LUSTRATE << EOF
|
||||||
|
etc/nixos
|
||||||
|
etc/resolv.conf
|
||||||
|
EOF
|
||||||
|
|
||||||
# Restore access to commands
|
mv -v /boot /boot.bak &&
|
||||||
/nix/var/nix/profiles/system/activate # (this destroys resolv.conf)
|
/nix/var/nix/profiles/system/bin/switch-to-configuration boot
|
||||||
for ns in ${nameservers[@]}; do echo "nameserver $ns" >> /etc/resolv.conf; done
|
|
||||||
source /nix/var/nix/profiles/system/etc/profile
|
|
||||||
|
|
||||||
# grub/initrd was skipped with "nodev", because installing from inside install-root would result in wrong fs UUID, so we need a final rebuild
|
reboot
|
||||||
sed -i 's,nodev,/dev/vda,' /etc/nixos/hardware-configuration.nix
|
|
||||||
# TODO see aszlig's comment in issue about not even having to call rebuild, just nix-build system or something; without ever having to use nixos-install either? and separate ext4fs?
|
|
||||||
# man nixos-rebuild mentions this!!: nixos-rebuid build == nix-build /path/to/nixpkgs/nixos -A system
|
|
||||||
nixos-rebuild boot --install-grub || echo "WARNING: could not install grub, but we'll hope for the best: that the old installation of grub will manage to boot the new installation."
|
|
||||||
|
|
||||||
sync
|
|
||||||
echo "You may now Ctrl-C or otherwise terminate this process."
|
|
||||||
reboot -f
|
|
||||||
|
|
Loading…
Reference in a new issue