diff --git a/disk.sh b/disk.sh index d4be5c4..cd750e0 100644 --- a/disk.sh +++ b/disk.sh @@ -2,25 +2,19 @@ set -o errexit set -o nounset set -o pipefail -opts=$(getopt --options r:m:b:l:c: --longoptions=root:,mapping:,boot-label:,main-label:,cryptmain-label: --name "$0" -- "$@") +opts=$(getopt --options r:m:b:l:c: --longoptions=root:,boot-label:,main-label: --name "$0" -- "$@") eval set -- "$opts" root=/mnt -mapping=main bootlbl=BOOT mainlbl=main -cryptmainlbl=cryptmain while true; do case "$1" in -r | --root) root=$2 shift 2 ;; - -m | --mapping) - mapping=$2 - shift 2 - ;; -b | --boot-label) bootlbl=${2^^} shift 2 @@ -29,10 +23,6 @@ while true; do mainlbl=$2 shift 2 ;; - -c | --cryptmain-label) - cryptmainlbl=$2 - shift 2 - ;; --) shift break @@ -59,38 +49,10 @@ while IFS= read -r k; do done < <(jq '.partitiontable.partitions | keys[]' <<<"$json") bootfs="${parts[0]}" -mainblkdev="${parts[1]}" +mainfs="${parts[1]}" mkfs.vfat -F 32 -n "$bootlbl" -- "$bootfs" >/dev/null -while true; do - read -r -p 'Do you want your main partition to be encrypted [y/N]? ' luks - case "$luks" in - [Yy]*) - while true; do - read -r -s -p 'Enter password: ' password - printf '\n' - read -r -s -p 'Re-enter password: ' repassword - printf '\n' - if [[ "$password" == "$repassword" ]]; then - break - fi - done - - cryptsetup luksFormat --batch-mode --label "$cryptmainlbl" "$mainblkdev" <<<"$password" - cryptsetup open "$mainblkdev" "$mapping" <<<"$password" - - mainfs=/dev/mapper/$mapping - break - ;; - '' | [Nn]*) - mainfs=$mainblkdev - break - ;; - *) printf 'Please answer with yes or no\n' 1>&2 ;; - esac -done - mkfs.ext4 -q -F -L "$mainlbl" -- "$mainfs" mkdir --parents -- "$root" mount --options noatime -- "$mainfs" "$root" diff --git a/flake.nix b/flake.nix index c0df3a4..d3813ea 100644 --- a/flake.nix +++ b/flake.nix @@ -19,6 +19,8 @@ flake = { nixosConfigurations = let + hostsDir = "hosts"; + commonNixosSystem = name: nixpkgs.lib.nixosSystem { specialArgs = { @@ -29,14 +31,14 @@ inputs.agenix.nixosModules.default ./common - ./hosts/${name} + ./${hostsDir}/${name} ({lib, ...}: {networking.hostName = lib.mkDefault name;}) ]; }; - genHosts = nixpkgs.lib.pipe (builtins.readDir ./hosts) [ - (nixpkgs.lib.filterAttrs (name: type: type == "directory" && name != "default.nix")) + genHosts = nixpkgs.lib.pipe (builtins.readDir ./${hostsDir}) [ + (nixpkgs.lib.filterAttrs (name: type: type == "directory")) builtins.attrNames nixpkgs.lib.genAttrs ]; diff --git a/pubkeys.nix b/pubkeys.nix index 9ae30e3..77a9d91 100644 --- a/pubkeys.nix +++ b/pubkeys.nix @@ -1,4 +1,4 @@ -let +{ users = { "lukas@flamingo" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAztZgcRBHqX8Wb2nAlP1qCKF205M3un/D1YnREcO7Dy"; "lukas@glacier" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4U9RzV/gVGBfrCOye7BlS11g5BS7SmuZ36n2ZIJyAX"; @@ -8,14 +8,4 @@ let abacus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHoUgClpkOlBEffQOb9KkVn970RwnIhU0OiVr7P2WVzg"; vessel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKkYcOb1JPNLTJtob1TcuC08cH9P2APAhLR26RYd573d"; }; -in { - inherit users hosts; - - desktops = { - inherit (hosts) glacier flamingo; - }; - - servers = { - inherit (hosts) abacus vessel; - }; }