mynix/nixos-infect
1
0
Fork 0
mirror of https://github.com/elitak/nixos-infect.git synced 2024-11-01 00:29:57 +03:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'master' into patch-1

Browse source
This commit is contained in:
Eric Litak 2024-03-11 08:41:28 -07:00 committed by GitHub
commit 506c961720
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 30 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
README.md
View file

@ -55,7 +55,7 @@ and most importantly, simply didn't work for me!
4) run the script with: 4) run the script with:
``` ```
curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-22.11 bash -x curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-23.05 bash -x
``` ```
*NB*: This script wipes out the targeted host's root filesystem when it runs to completion. *NB*: This script wipes out the targeted host's root filesystem when it runs to completion.
@ -72,7 +72,7 @@ and supply to it the following example yaml stanzas:
#cloud-config #cloud-config
runcmd: runcmd:
- curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=digitalocean NIX_CHANNEL=nixos-22.11 bash 2>&1 | tee /tmp/infect.log - curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=digitalocean NIX_CHANNEL=nixos-23.05 bash 2>&1 | tee /tmp/infect.log
``` ```
#### Potential tweaks: #### Potential tweaks:
@ -90,7 +90,7 @@ write_files:
environment.systemPackages = with pkgs; [ vim ]; environment.systemPackages = with pkgs; [ vim ];
} }
runcmd: runcmd:
- curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=digitalocean NIXOS_IMPORT=./host.nix NIX_CHANNEL=nixos-22.11 bash 2>&1 | tee /tmp/infect.log - curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=digitalocean NIXOS_IMPORT=./host.nix NIX_CHANNEL=nixos-23.05 bash 2>&1 | tee /tmp/infect.log
``` ```
@ -106,6 +106,7 @@ runcmd:
|CoreOS |2430.0.0 (alpha) | _unable_ |2020-03-30| |CoreOS |2430.0.0 (alpha) | _unable_ |2020-03-30|
|Debian |10.3 x64 |**success**|2020-03-30| |Debian |10.3 x64 |**success**|2020-03-30|
|Debian |9.12 x64 |**success**|2020-03-30| |Debian |9.12 x64 |**success**|2020-03-30|
|Debian |11 x64 |**success**|2023-11-12|
|Fedora |30 x64 |**success**|2020-03-30| |Fedora |30 x64 |**success**|2020-03-30|
|Fedora |31 x64 |**success**|2020-03-30| |Fedora |31 x64 |**success**|2020-03-30|
|FreeBSD |11.3 x64 ufs | _failure_ |2020-03-30| |FreeBSD |11.3 x64 ufs | _failure_ |2020-03-30|
@ -120,6 +121,7 @@ runcmd:
|Ubuntu |20.04 x64 |**success**|2022-03-23| |Ubuntu |20.04 x64 |**success**|2022-03-23|
|Ubuntu |22.04 x64 |**success**|2023-06-05| |Ubuntu |22.04 x64 |**success**|2023-06-05|
|Ubuntu |22.10 x64 | _failure_ |2023-06-05| |Ubuntu |22.10 x64 | _failure_ |2023-06-05|
|Ubuntu |23.10 x64 | _failure_ |2023-11-16|
### Vultr ### Vultr
To set up a NixOS Vultr server, instantiate an Ubuntu box with the following "Cloud-Init User-Data": To set up a NixOS Vultr server, instantiate an Ubuntu box with the following "Cloud-Init User-Data":
@ -127,7 +129,7 @@ To set up a NixOS Vultr server, instantiate an Ubuntu box with the following "Cl
```bash ```bash
#!/bin/sh #!/bin/sh
curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-22.11 bash curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-23.05 bash
``` ```
Allow for a few minutes over the usual Ubuntu deployment time for NixOS to download & install itself. Allow for a few minutes over the usual Ubuntu deployment time for NixOS to download & install itself.
@ -147,7 +149,7 @@ When creating a server provide the following yaml as "Cloud config":
#cloud-config #cloud-config
runcmd: runcmd:
- curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=hetznercloud NIX_CHANNEL=nixos-22.11 bash 2>&1 | tee /tmp/infect.log - curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=hetznercloud NIX_CHANNEL=nixos-23.05 bash 2>&1 | tee /tmp/infect.log
``` ```
#### Tested on #### Tested on
@ -257,7 +259,7 @@ Requred some Xen modules to work out, after that NixOS erected itself without a
|Distribution. | Name | Status | test date| |Distribution. | Name | Status | test date|
|-------------------------------------|-----------------|-----------|----------| |-------------------------------------|-----------------|-----------|----------|
| Ubuntu on Ampere Altra (Arm64) | 20.04 |**success**|2022-09-07| | Ubuntu on Ampere Altra (Arm64) | 20.04 |**success**|2022-09-07|
| Debian (Amd64) | 11 |**success**|2023-11-12|
### Contabo ### Contabo
Tested on Cloud VPS. Contabo sets the hostname to something like `vmi######.contaboserver.net`, Nixos only allows RFC 1035 compliant hostnames ([see here](https://search.nixos.org/options?show=networking.hostName&query=hostname)). Run `hostname something_without_dots` before running the script. If you run the script before changing the hostname - remove the `/etc/nixos/configuration.nix` so it's regenerated with the new hostname. Tested on Cloud VPS. Contabo sets the hostname to something like `vmi######.contaboserver.net`, Nixos only allows RFC 1035 compliant hostnames ([see here](https://search.nixos.org/options?show=networking.hostName&query=hostname)). Run `hostname something_without_dots` before running the script. If you run the script before changing the hostname - remove the `/etc/nixos/configuration.nix` so it's regenerated with the new hostname.
@ -274,7 +276,7 @@ build time or using `ssh-copy-id` before running nixos-infect
``` ```
#!/bin/sh #!/bin/sh
curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-22.11 bash 2>&1 | tee /tmp/infect.log curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-23.05 bash 2>&1 | tee /tmp/infect.log
``` ```
#### Tested on #### Tested on
@ -302,7 +304,7 @@ Tested on vServer. The network configuration seems to be important so the same t
### ServArica ### ServArica
Requires the same static network settings that Digital Ocean does. Requires the same static network settings that Digital Ocean does.
curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=servarica NIX_CHANNEL=nixos-22.11 bash curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=servarica NIX_CHANNEL=nixos-23.05 bash
#### Tested on #### Tested on
|Distribution| Name | Status | test date| |Distribution| Name | Status | test date|
@ -333,7 +335,7 @@ write_files:
environment.systemPackages = with pkgs; [ tmux ]; environment.systemPackages = with pkgs; [ tmux ];
} }
runcmd: runcmd:
- curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIXOS_IMPORT=./host.nix NIX_CHANNEL=nixos-22.10 bash 2>&1 | tee /tmp/infect.log - curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIXOS_IMPORT=./host.nix NIX_CHANNEL=nixos-23.05 bash 2>&1 | tee /tmp/infect.log
``` ```
#### Tested on #### Tested on
@ -349,7 +351,7 @@ and have a copy of the private key on your local box.
On RackNerd's Ubuntu 20.04, there's no `curl` by default, so `wget -O-` needs to be used instead: On RackNerd's Ubuntu 20.04, there's no `curl` by default, so `wget -O-` needs to be used instead:
```command ```command
# wget -O- https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-22.11 bash -x # wget -O- https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-23.05 bash -x
``` ```
#### Tested on #### Tested on

24
nixos-infect
View file

@ -4,6 +4,12 @@
set -e -o pipefail set -e -o pipefail
autodetectProvider() {
if [ -e /etc/hetzner-build ]; then
PROVIDER="hetznercloud"
fi
}
makeConf() { makeConf() {
# Skip everything if main config already present # Skip everything if main config already present
[[ -e /etc/nixos/configuration.nix ]] && return 0 [[ -e /etc/nixos/configuration.nix ]] && return 0
@ -20,7 +26,7 @@ makeConf() {
local IFS=$'\n' local IFS=$'\n'
for trypath in /root/.ssh/authorized_keys /home/$SUDO_USER/.ssh/authorized_keys $HOME/.ssh/authorized_keys; do for trypath in /root/.ssh/authorized_keys /home/$SUDO_USER/.ssh/authorized_keys $HOME/.ssh/authorized_keys; do
[[ -r "$trypath" ]] \ [[ -r "$trypath" ]] \
&& keys=$(sed -E 's/^.*((ssh|ecdsa)-[^[:space:]]+)[[:space:]]+([^[:space:]]+)([[:space:]]*.*)$/\1 \3\4/' "$trypath") \ && keys=$(sed -E 's/^[^#].*[[:space:]]((sk-ssh|sk-ecdsa|ssh|ecdsa)-[^[:space:]]+)[[:space:]]+([^[:space:]]+)([[:space:]]*.*)$/\1 \3\4/' "$trypath") \
&& [[ ! -z "$keys" ]] \ && [[ ! -z "$keys" ]] \
&& break && break
done done
@ -35,7 +41,7 @@ makeConf() {
$NIXOS_IMPORT $NIXOS_IMPORT
]; ];
boot.cleanTmpDir = true; boot.tmp.cleanOnBoot = true;
zramSwap.enable = ${zramswap}; zramSwap.enable = ${zramswap};
networking.hostName = "$(hostname -s)"; networking.hostName = "$(hostname -s)";
networking.domain = "$(hostname -d)"; networking.domain = "$(hostname -d)";
@ -90,9 +96,10 @@ EOF
makeLightsailConf() { makeLightsailConf() {
mkdir -p /etc/nixos mkdir -p /etc/nixos
cat > /etc/nixos/configuration.nix << EOF cat > /etc/nixos/configuration.nix << EOF
{ config, pkgs, modulesPath, ... }: { config, pkgs, modulesPath, lib, ... }:
{ {
imports = [ "\${modulesPath}/virtualisation/amazon-image.nix" ]; imports = [ "\${modulesPath}/virtualisation/amazon-image.nix" ];
boot.loader.grub.device = lib.mkForce "/dev/nvme0n1";
} }
EOF EOF
} }
@ -318,8 +325,8 @@ infect() {
# TODO use addgroup and adduser as fallbacks # TODO use addgroup and adduser as fallbacks
#addgroup nixbld -g 30000 || true #addgroup nixbld -g 30000 || true
#for i in {1..10}; do adduser -DH -G nixbld nixbld$i || true; done #for i in {1..10}; do adduser -DH -G nixbld nixbld$i || true; done
NIX_INSTALL_URL="${NIX_INSTALL_URL:-https://nixos.org/nix/install}"
curl -L https://nixos.org/nix/install | sh -s -- --no-channel-add curl -L "${NIX_INSTALL_URL}" | sh -s -- --no-channel-add
# shellcheck disable=SC1090 # shellcheck disable=SC1090
source ~/.nix-profile/etc/profile.d/nix.sh source ~/.nix-profile/etc/profile.d/nix.sh
@ -338,7 +345,7 @@ infect() {
export NIXOS_CONFIG="${NIXOS_CONFIG:-/etc/nixos/configuration.nix}" export NIXOS_CONFIG="${NIXOS_CONFIG:-/etc/nixos/configuration.nix}"
nix-env --set \ nix-env --set \
-I nixpkgs=$HOME/.nix-defexpr/channels/nixos \ -I nixpkgs=$(realpath $HOME/.nix-defexpr/channels/nixos) \
-f '<nixpkgs/nixos>' \ -f '<nixpkgs/nixos>' \
-p /nix/var/nix/profiles/system \ -p /nix/var/nix/profiles/system \
-A system -A system
@ -375,6 +382,11 @@ infect() {
/nix/var/nix/profiles/system/bin/switch-to-configuration boot /nix/var/nix/profiles/system/bin/switch-to-configuration boot
} }
if [ ! -v PROVIDER ]; then
autodetectProvider
fi
[ "$PROVIDER" = "digitalocean" ] && doNetConf=y # digitalocean requires detailed network config to be generated
[ "$PROVIDER" = "lightsail" ] && newrootfslabel="nixos" [ "$PROVIDER" = "lightsail" ] && newrootfslabel="nixos"
if [[ "$PROVIDER" = "digitalocean" ]] || [[ "$PROVIDER" = "servarica" ]] || [[ "$PROVIDER" = "hetznercloud" ]]; then if [[ "$PROVIDER" = "digitalocean" ]] || [[ "$PROVIDER" = "servarica" ]] || [[ "$PROVIDER" = "hetznercloud" ]]; then
doNetConf=y # some providers require detailed network config to be generated doNetConf=y # some providers require detailed network config to be generated