API tools faq
paste
Guest User

Untitled

a guest
Oct 21st, 2018
113
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.95 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. #
  3. # Installs nixos with full disk encrypted root partition.
  4. #
  5. # - Prompts for password initially, after that no interaction should
  6. # be required.
  7. # - At the end it will prompt for a root password, could not make
  8. # echo-ing it into nixos-install work.
  9. # - Reserves 550MB for boot partition, rest for the root volume.
  10. # - After booting, log in as root user and set password for normal user.
  11. # - Removed LVM on Luks due to terrible (only 20%) write performance (???)
  12. #
  13. # USAGE:
  14. # 1. Fill in variables on top.
  15. # 2. $bash install.sh
  16. #
  17. set -euo pipefail
  18.  
  19. DISK="/dev/sda"
  20. BOOT="/dev/sda1"
  21. ROOT="/dev/sda2"
  22. NIXOS_USER=""
  23. HOSTNAME=""
  24. NIXOS_VERSION="19.03"
  25. # CONSOLE_KEYMAP="us" # the default
  26. CONSOLE_KEYMAP="colemak/en-latin9"
  27. # XKB_VARIANT="" # the default
  28. XKB_VARIANT="colemak"
  29. CRYPT_VOLUME="/dev/mapper/crypted-nixos"
  30.  
  31. ########################################################
  32. # No need to edit anything below for normal usage. #
  33. ########################################################
  34.  
  35. read -s -p "DISK Password: " PASSWORD
  36. echo
  37. read -s -p "Confirm: " CONFIRMATION
  38. echo
  39. if [ ! "$PASSWORD" = "$CONFIRMATION" ]; then
  40. echo "Didn't match. Try again."
  41. exit 1
  42. fi
  43.  
  44. echo "Creating partition table."
  45. (echo o # new table
  46. echo Y # yes
  47. echo n # new part
  48. echo # number 1
  49. echo # start
  50. echo '+550M' # end
  51. echo 'ef00' # EFI
  52. echo n # new part
  53. echo # number 2
  54. echo # start
  55. echo # end
  56. echo # linux
  57. echo w # write
  58. echo Y # yes
  59. ) | gdisk $DISK
  60.  
  61. echo "Setting up LUKS."
  62. echo $PASSWORD | cryptsetup luksFormat $ROOT
  63. echo "Opening crypt volume."
  64. echo $PASSWORD | cryptsetup luksOpen $ROOT crypted-nixos
  65.  
  66. echo "Formatting partitions."
  67. mkfs.fat -F 32 $BOOT
  68. mkfs.ext4 -L root $CRYPT_VOLUME
  69.  
  70. echo "Mounting partitions."
  71. mount $CRYPT_VOLUME /mnt
  72. mkdir -p /mnt/boot
  73. mount $BOOT /mnt/boot
  74.  
  75. nixos-generate-config --root /mnt
  76.  
  77. cat > /mnt/etc/nixos/configuration.nix <<EOF
  78. { config, pkgs, ... }:
  79.  
  80. {
  81.  
  82. imports = [ ./hardware-configuration.nix ];
  83.  
  84. boot.loader.systemd-boot.enable = true;
  85. boot.loader.efi.canTouchEfiVariables = true;
  86.  
  87. networking.hostName = "$HOSTNAME";
  88. networking.networkmanager.enable = true;
  89.  
  90. i18n = {
  91. consoleKeyMap = "$CONSOLE_KEYMAP";
  92. defaultLocale = "en_US.UTF-8";
  93. };
  94.  
  95. time.timeZone = "Asia/Hong_Kong";
  96.  
  97. environment.systemPackages = with pkgs; [
  98. git
  99. vim
  100. ];
  101.  
  102. # Some programs need SUID wrappers, can be configured further or are
  103. # started in user sessions.
  104. programs.bash.enableCompletion = true;
  105. programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
  106.  
  107. services.openssh.enable = true;
  108.  
  109. # Define a user account. Don't forget to set a password with ‘passwd’.
  110. users.extraUsers.$NIXOS_USER = {
  111. isNormalUser = true;
  112. uid = 1000;
  113. extraGroups = [ "wheel" ];
  114. };
  115.  
  116. system.stateVersion = "$NIXOS_VERSION"; # Did you read the comment?
  117. }
  118. EOF
  119.  
  120. nixos-install
  121.  
  122. echo "Reboot now, good luck!"
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!