Better bootstrap procedure

This commit is contained in:
Cyryl Płotnicki 2021-04-11 10:25:32 +01:00
parent b89ab18330
commit 15ef08a947
5 changed files with 43 additions and 15 deletions

View file

@ -7,6 +7,8 @@ Mostly focusing on setting things up on NixOS, but supporting other OSes where p
1. change password for the default user `nixos` 1. change password for the default user `nixos`
1. ssh from another, already bootstrapped, machine 1. ssh from another, already bootstrapped, machine
remote:
```bash ```bash
sudo su - sudo su -
# `efibootmgr -b 000x -B` if you want to remove entry number x # `efibootmgr -b 000x -B` if you want to remove entry number x
@ -21,10 +23,14 @@ parted /dev/sda -- mkpart primary 1GiB 100%
cryptsetup luksFormat /dev/sda2 cryptsetup luksFormat /dev/sda2
``` ```
remote:
```bash ```bash
cryptsetup luksOpen /dev/sda2 crypt cryptsetup luksOpen /dev/sda2 crypt
``` ```
remote:
```bash ```bash
mkfs.fat -F 32 -n boot /dev/sda1 mkfs.fat -F 32 -n boot /dev/sda1
mkfs.btrfs -L nixos /dev/mapper/crypt mkfs.btrfs -L nixos /dev/mapper/crypt
@ -33,10 +39,34 @@ mount /dev/disk/by-label/nixos /mnt
mkdir -p /mnt/boot mkdir -p /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot mount /dev/disk/by-label/boot /mnt/boot
nixos-generate-config --root /mnt nixos-generate-config --root /mnt
nixos-install
``` ```
local:
```bash ```bash
tar -cvz . > ../dotfiles.tar.gz
scp ../dotfiles.tar.gz nixos@remote:/tmp
```
remote:
```bash
mkdir -p /mnt/home/cyryl/dev/dotfiles/
tar -xvf /tmp/dotfiles.tar.gz -C /mnt/home/cyryl/dev/dotfiles
cp /mnt/etc/nixos/hardware-configuration.nix /mnt/home/cyryl/dev/dotfiles/nixos/boxes/bootstrap/
ln -vfs /mnt/home/cyryl/dev/dotfiles/nixos/boxes/bootstrap/1.nix /mnt/etc/nixos/configuration.nix
nixos-install nixos-install
reboot
```
logged in as root on the target box:
```bash
ln -vfs /home/cyryl/dev/dotfiles/nixos/boxes/bootstrap/2.nix /etc/nixos/configuration.nix
vim /home/cyryl/dev/dotfiles/nixos/boxes/bootstrap/2.nix
nixos-rebuild switch
passwd cyryl
``` ```
## guix ## guix

View file

@ -10,12 +10,8 @@
"kernel.unprivileged_userns_clone" = 1; "kernel.unprivileged_userns_clone" = 1;
"net.core.bpf_jit_harden" = true; "net.core.bpf_jit_harden" = true;
}; };
loader.grub = {
enable = true;
version = 2;
useOSProber = true;
memtest86.enable = true;
};
}; };
} }

View file

@ -6,17 +6,12 @@
./hardware-configuration.nix ./hardware-configuration.nix
../../boot.nix ../../boot.nix
../../common.nix ../../common.nix
../../gfx-intel.nix
../../zerotier.nix
../../i3
../../distributed-builds.nix ../../distributed-builds.nix
../../gui
../../git
../../backups.nix
]; ];
boot.kernelPackages = pkgs.linuxPackages_latest_hardened; boot.kernelPackages = pkgs.linuxPackages_latest_hardened;
time.timeZone = "Europe/London"; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
fonts.fontconfig.enable = true; time.timeZone = "Europe/London";
} }

View file

@ -17,6 +17,8 @@
]; ];
boot.kernelPackages = pkgs.linuxPackages_latest_hardened; boot.kernelPackages = pkgs.linuxPackages_latest_hardened;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
time.timeZone = "Europe/London"; time.timeZone = "Europe/London";
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;

View file

@ -19,7 +19,12 @@
]; ];
boot.kernelPackages = pkgs.unstable.linuxPackages_latest_hardened; boot.kernelPackages = pkgs.unstable.linuxPackages_latest_hardened;
loader.grub = {
enable = true;
version = 2;
useOSProber = true;
memtest86.enable = true;
};
time.hardwareClockInLocalTime = true; time.hardwareClockInLocalTime = true;
time.timeZone = "Europe/London"; time.timeZone = "Europe/London";