Compare commits
14 Commits
master
...
providers/
Author | SHA1 | Date |
---|---|---|
Inex Code | acae23fdb0 | |
Inex Code | 620a15a3a3 | |
Inex Code | 83a65bea88 | |
Inex Code | fec11f8a7a | |
NaiJi ✨ | 512ff0a218 | |
Inex Code | 389e23a161 | |
NaiJi ✨ | ccb337f6d4 | |
Inex Code | 6a1bc092a6 | |
NaiJi ✨ | f8cae86a64 | |
Inex Code | f526e00585 | |
Inex Code | 2b4bb3f793 | |
Inex Code | 5f72978a16 | |
Inex Code | c8b85bffc4 | |
Inex Code | 7af1730fa3 |
62
nixos-infect
62
nixos-infect
|
@ -7,10 +7,18 @@ set -e -o pipefail
|
|||
makeConf() {
|
||||
# Skip everything if main config already present
|
||||
[[ -e /etc/nixos/configuration.nix ]] && return 0
|
||||
if [[ $PASSWORD == null ]]; then
|
||||
if [[ -z $PASSWORD ]]; then
|
||||
export PASSWORD=$(printf $ENCODED_PASSWORD | base64 --decode)
|
||||
fi
|
||||
|
||||
if [[ -z $DNS_PROVIDER_TYPE ]]; then
|
||||
export DNS_PROVIDER_TYPE='CLOUDFLARE'
|
||||
fi
|
||||
|
||||
if [[ -z $STAGING_ACME ]]; then
|
||||
export STAGING_ACME='false'
|
||||
fi
|
||||
|
||||
export ESCAPED_PASSWORD=$(printf $ENCODED_PASSWORD | base64 --decode | jq -Rs .)
|
||||
export HASHED_PASSWORD=$( mkpasswd -m sha-512 "$PASSWORD" )
|
||||
|
||||
|
@ -21,12 +29,9 @@ makeConf() {
|
|||
|
||||
# Prevent grep for sending error code 1 (and halting execution) when no lines are selected : https://www.unix.com/man-page/posix/1P/grep
|
||||
local IFS=$'\n'
|
||||
for trypath in /root/.ssh/authorized_keys /home/$SUDO_USER/.ssh/authorized_keys $HOME/.ssh/authorized_keys; do
|
||||
[[ -r "$trypath" ]] \
|
||||
&& keys=$(sed -E 's/^.*((ssh|ecdsa)-[^[:space:]]+)[[:space:]]+([^[:space:]]+)([[:space:]]*.*)$/\1 \3\4/' "$trypath") \
|
||||
&& break
|
||||
done
|
||||
|
||||
local network_import=""
|
||||
[[ -n "$doNetConf" ]] && network_import="./networking.nix # generated at runtime by nixos-infect"
|
||||
|
||||
cat > /etc/nixos/userdata/userdata.json << EOF
|
||||
{
|
||||
|
@ -34,17 +39,26 @@ makeConf() {
|
|||
"token": "$API_TOKEN",
|
||||
"skippedMigrations": ["migrate_to_selfprivacy_channel", "mount_volume"]
|
||||
},
|
||||
"backblaze": {
|
||||
"backup": {
|
||||
"provider": "BACKBLAZE",
|
||||
"accountId": "$BACKBLAZE_KEY_ID",
|
||||
"accountKey": "$BACKBLAZE_ACCOUNT_KEY",
|
||||
"bucket": "$BACKBLAZE_BUCKET_NAME"
|
||||
},
|
||||
"bitwarden": {
|
||||
"enable": true,
|
||||
"location": "sdb"
|
||||
"location": "sda"
|
||||
},
|
||||
"cloudflare": {
|
||||
"apiKey": "$CF_TOKEN"
|
||||
"dns": {
|
||||
"provider": "$DNS_PROVIDER_TYPE",
|
||||
"apiKey": "$CF_TOKEN",
|
||||
"useStagingACME": $STAGING_ACME
|
||||
},
|
||||
"email": {
|
||||
"location": "sda"
|
||||
},
|
||||
"server": {
|
||||
"provider": "DIGITALOCEAN"
|
||||
},
|
||||
"databasePassword": "$DB_PASSWORD",
|
||||
"domain": "$DOMAIN",
|
||||
|
@ -54,11 +68,11 @@ makeConf() {
|
|||
"enable": true,
|
||||
"adminPassword": $ESCAPED_PASSWORD,
|
||||
"databasePassword": $ESCAPED_PASSWORD,
|
||||
"location": "sdb"
|
||||
"location": "sda"
|
||||
},
|
||||
"gitea": {
|
||||
"enable": true,
|
||||
"location": "sdb"
|
||||
"location": "sda"
|
||||
},
|
||||
"jitsi": {
|
||||
"enable": true
|
||||
|
@ -68,15 +82,15 @@ makeConf() {
|
|||
},
|
||||
"pleroma": {
|
||||
"enable": false,
|
||||
"location": "sdb"
|
||||
"location": "sda"
|
||||
},
|
||||
"timezone": "Europe/Uzhgorod",
|
||||
"resticPassword": $ESCAPED_PASSWORD,
|
||||
"username": "$LUSER",
|
||||
"volumes": [
|
||||
{
|
||||
"device": "/dev/sdb",
|
||||
"mountPoint": "/volumes/sdb",
|
||||
"device": "/dev/sda",
|
||||
"mountPoint": "/volumes/sda",
|
||||
"fsType": "ext4"
|
||||
}
|
||||
],
|
||||
|
@ -102,13 +116,22 @@ EOF
|
|||
)
|
||||
fi
|
||||
|
||||
availableKernelModules=('"ata_piix"' '"uhci_hcd"' '"xen_blkfront"')
|
||||
if isX86_64; then
|
||||
availableKernelModules+=('"vmw_pvscsi"')
|
||||
fi
|
||||
|
||||
# If you rerun this later, be sure to prune the filesSystems attr
|
||||
cat > /etc/nixos/hardware-configuration.nix << EOF
|
||||
{ modulesPath, ... }:
|
||||
{
|
||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||
imports = [
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
$network_import
|
||||
];
|
||||
$bootcfg
|
||||
boot.initrd.kernelModules = [ "nvme" ];
|
||||
boot.initrd.availableKernelModules = [ ${availableKernelModules[@]} ];
|
||||
fileSystems."/" = { device = "$rootfsdev"; fsType = "$rootfstype"; };
|
||||
}
|
||||
EOF
|
||||
|
@ -163,7 +186,10 @@ EOF
|
|||
networking = {
|
||||
nameservers = [ ${nameservers[@]} ];
|
||||
defaultGateway = "${gateway}";
|
||||
defaultGateway6 = "${gateway6}";
|
||||
defaultGateway6 = {
|
||||
address = "${gateway6}";
|
||||
interface = "${eth0_name}";
|
||||
};
|
||||
dhcpcd.enable = false;
|
||||
$predictable_inames
|
||||
interfaces = {
|
||||
|
@ -312,7 +338,7 @@ infect() {
|
|||
#addgroup nixbld -g 30000 || true
|
||||
#for i in {1..10}; do adduser -DH -G nixbld nixbld$i || true; done
|
||||
|
||||
curl -L https://nixos.org/nix/install | $SHELL
|
||||
curl -L https://nixos.org/nix/install | sh -s -- --no-channel-add
|
||||
|
||||
# shellcheck disable=SC1090
|
||||
source ~/.nix-profile/etc/profile.d/nix.sh
|
||||
|
|
Loading…
Reference in New Issue