Compare commits
13 Commits
master
...
testing/di
Author | SHA1 | Date |
---|---|---|
NaiJi ✨ | 71def7ddc6 | |
Inex Code | 83a65bea88 | |
Inex Code | fec11f8a7a | |
NaiJi ✨ | 512ff0a218 | |
Inex Code | 389e23a161 | |
NaiJi ✨ | ccb337f6d4 | |
Inex Code | 6a1bc092a6 | |
NaiJi ✨ | f8cae86a64 | |
Inex Code | f526e00585 | |
Inex Code | 2b4bb3f793 | |
Inex Code | 5f72978a16 | |
Inex Code | c8b85bffc4 | |
Inex Code | 7af1730fa3 |
49
nixos-infect
49
nixos-infect
|
@ -7,10 +7,18 @@ set -e -o pipefail
|
||||||
makeConf() {
|
makeConf() {
|
||||||
# Skip everything if main config already present
|
# Skip everything if main config already present
|
||||||
[[ -e /etc/nixos/configuration.nix ]] && return 0
|
[[ -e /etc/nixos/configuration.nix ]] && return 0
|
||||||
if [[ $PASSWORD == null ]]; then
|
if [[ -z $PASSWORD ]]; then
|
||||||
export PASSWORD=$(printf $ENCODED_PASSWORD | base64 --decode)
|
export PASSWORD=$(printf $ENCODED_PASSWORD | base64 --decode)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ -z $DNS_PROVIDER_TYPE ]]; then
|
||||||
|
export DNS_PROVIDER_TYPE='CLOUDFLARE'
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -z $STAGING_ACME ]]; then
|
||||||
|
export STAGING_ACME='false'
|
||||||
|
fi
|
||||||
|
|
||||||
export ESCAPED_PASSWORD=$(printf $ENCODED_PASSWORD | base64 --decode | jq -Rs .)
|
export ESCAPED_PASSWORD=$(printf $ENCODED_PASSWORD | base64 --decode | jq -Rs .)
|
||||||
export HASHED_PASSWORD=$( mkpasswd -m sha-512 "$PASSWORD" )
|
export HASHED_PASSWORD=$( mkpasswd -m sha-512 "$PASSWORD" )
|
||||||
|
|
||||||
|
@ -27,6 +35,7 @@ makeConf() {
|
||||||
&& break
|
&& break
|
||||||
done
|
done
|
||||||
local network_import=""
|
local network_import=""
|
||||||
|
[[ -n "$doNetConf" ]] && network_import="./networking.nix # generated at runtime by nixos-infect"
|
||||||
|
|
||||||
cat > /etc/nixos/userdata/userdata.json << EOF
|
cat > /etc/nixos/userdata/userdata.json << EOF
|
||||||
{
|
{
|
||||||
|
@ -34,17 +43,23 @@ makeConf() {
|
||||||
"token": "$API_TOKEN",
|
"token": "$API_TOKEN",
|
||||||
"skippedMigrations": ["migrate_to_selfprivacy_channel", "mount_volume"]
|
"skippedMigrations": ["migrate_to_selfprivacy_channel", "mount_volume"]
|
||||||
},
|
},
|
||||||
"backblaze": {
|
"backup": {
|
||||||
|
"provider": "BACKBLAZE",
|
||||||
"accountId": "$BACKBLAZE_KEY_ID",
|
"accountId": "$BACKBLAZE_KEY_ID",
|
||||||
"accountKey": "$BACKBLAZE_ACCOUNT_KEY",
|
"accountKey": "$BACKBLAZE_ACCOUNT_KEY",
|
||||||
"bucket": "$BACKBLAZE_BUCKET_NAME"
|
"bucket": "$BACKBLAZE_BUCKET_NAME"
|
||||||
},
|
},
|
||||||
"bitwarden": {
|
"bitwarden": {
|
||||||
"enable": true,
|
"enable": true,
|
||||||
"location": "sdb"
|
"location": "sda"
|
||||||
},
|
},
|
||||||
"cloudflare": {
|
"dns": {
|
||||||
"apiKey": "$CF_TOKEN"
|
"provider": "$DNS_PROVIDER_TYPE",
|
||||||
|
"apiKey": "$CF_TOKEN",
|
||||||
|
"useStagingACME": $STAGING_ACME
|
||||||
|
},
|
||||||
|
"server": {
|
||||||
|
"provider": "DIGITALOCEAN"
|
||||||
},
|
},
|
||||||
"databasePassword": "$DB_PASSWORD",
|
"databasePassword": "$DB_PASSWORD",
|
||||||
"domain": "$DOMAIN",
|
"domain": "$DOMAIN",
|
||||||
|
@ -54,11 +69,11 @@ makeConf() {
|
||||||
"enable": true,
|
"enable": true,
|
||||||
"adminPassword": $ESCAPED_PASSWORD,
|
"adminPassword": $ESCAPED_PASSWORD,
|
||||||
"databasePassword": $ESCAPED_PASSWORD,
|
"databasePassword": $ESCAPED_PASSWORD,
|
||||||
"location": "sdb"
|
"location": "sda"
|
||||||
},
|
},
|
||||||
"gitea": {
|
"gitea": {
|
||||||
"enable": true,
|
"enable": true,
|
||||||
"location": "sdb"
|
"location": "sda"
|
||||||
},
|
},
|
||||||
"jitsi": {
|
"jitsi": {
|
||||||
"enable": true
|
"enable": true
|
||||||
|
@ -68,19 +83,26 @@ makeConf() {
|
||||||
},
|
},
|
||||||
"pleroma": {
|
"pleroma": {
|
||||||
"enable": false,
|
"enable": false,
|
||||||
"location": "sdb"
|
"location": "sda"
|
||||||
},
|
},
|
||||||
"timezone": "Europe/Uzhgorod",
|
"timezone": "Europe/Uzhgorod",
|
||||||
"resticPassword": $ESCAPED_PASSWORD,
|
"resticPassword": $ESCAPED_PASSWORD,
|
||||||
"username": "$LUSER",
|
"username": "$LUSER",
|
||||||
"volumes": [
|
"volumes": [
|
||||||
{
|
{
|
||||||
"device": "/dev/sdb",
|
"device": "/dev/sda",
|
||||||
"mountPoint": "/volumes/sdb",
|
"mountPoint": "/volumes/sda",
|
||||||
"fsType": "ext4"
|
"fsType": "ext4"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"useBinds": true
|
"useBinds": true,
|
||||||
|
"ssh": {
|
||||||
|
"rootKeys": [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQmWNN9YccQecQUOB0n4jYH76gEgSAs4d66eFUZoobt inex@inex-pc",
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNkUTqKof4lWaddRzsrQz+huo4BLJc/2EGmIqieqJbP naiji@laptop",
|
||||||
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFuVzlSfuZREjXQmQgOat+NlFrCUhfjioAIfs6DQzhc+AAAABHNzaDo= yubi-A"
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
chmod 0600 /etc/nixos/userdata/userdata.json
|
chmod 0600 /etc/nixos/userdata/userdata.json
|
||||||
|
@ -106,7 +128,10 @@ EOF
|
||||||
cat > /etc/nixos/hardware-configuration.nix << EOF
|
cat > /etc/nixos/hardware-configuration.nix << EOF
|
||||||
{ modulesPath, ... }:
|
{ modulesPath, ... }:
|
||||||
{
|
{
|
||||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
imports = [
|
||||||
|
(modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
$network_import
|
||||||
|
];
|
||||||
$bootcfg
|
$bootcfg
|
||||||
boot.initrd.kernelModules = [ "nvme" ];
|
boot.initrd.kernelModules = [ "nvme" ];
|
||||||
fileSystems."/" = { device = "$rootfsdev"; fsType = "$rootfstype"; };
|
fileSystems."/" = { device = "$rootfsdev"; fsType = "$rootfstype"; };
|
||||||
|
|
Loading…
Reference in New Issue