2023-09-17 03:40:50 -05:00
|
|
|
#!/usr/env/bin bash
|
|
|
|
|
|
|
|
|
|
set -euox pipefail
|
|
|
|
|
|
|
|
|
|
export DISK="/dev/vda"
|
|
|
|
|
export DISK_EXT="${DISK}"
|
|
|
|
|
# The size is large because I'd like to be able to hibernate my laptop in its entirety. I have 64 GB of ram.
|
|
|
|
|
export SWAP_SIZE="32"
|
|
|
|
|
export SWAP_OFFSET="$(( SWAP_SIZE + 1 ))"
|
|
|
|
|
|
|
|
|
|
export LABEL_CRYPT_LUKS="NixOS-Crypt"
|
|
|
|
|
export LABEL_SWAP="NixOS-Swap"
|
|
|
|
|
export LABEL_BTRFS="NixOS-Primary"
|
|
|
|
|
export LABEL_BOOT="NixOS-Boot"
|
|
|
|
|
|
|
|
|
|
swapoff -a || true
|
|
|
|
|
umount /mnt/**/* || true
|
|
|
|
|
umount /mnt/* || true
|
|
|
|
|
umount /mnt || true
|
|
|
|
|
cryptsetup close enc || true
|
|
|
|
|
dd if=/dev/zero of="${DISK}" bs=512 count=1024 || true
|
|
|
|
|
|
|
|
|
|
### Partition The Disk
|
|
|
|
|
parted "${DISK}" -- mklabel gpt
|
|
|
|
|
# Boot partition
|
|
|
|
|
parted -a optimal "${DISK}" -- mkpart ESP fat32 1MiB 1GiB
|
|
|
|
|
parted "${DISK}" -- set 1 boot on
|
|
|
|
|
mkfs.vfat "${DISK_EXT}1"
|
|
|
|
|
fatlabel "${DISK_EXT}1" "${LABEL_BOOT}"
|
|
|
|
|
# Swap Partition
|
|
|
|
|
parted -a optimal "${DISK}" -- mkpart "${LABEL_SWAP}" linux-swap 1Gib "${SWAP_OFFSET}GB"
|
|
|
|
|
mkswap -L "${LABEL_SWAP}" "${DISK_EXT}2"
|
|
|
|
|
swapon "${DISK_EXT}2"
|
|
|
|
|
# Nix Partition, where the OS will reside with our data
|
|
|
|
|
parted -a optimal "${DISK}" -- mkpart "${LABEL_BTRFS}" "${SWAP_OFFSET}GiB" 100%
|
|
|
|
|
|
|
|
|
|
### Encrypt
|
|
|
|
|
cryptsetup --verify-passphrase -v luksFormat "${DISK_EXT}3"
|
|
|
|
|
cryptsetup config "${DISK_EXT}3" --label "${LABEL_CRYPT_LUKS}"
|
|
|
|
|
# Have to decrypt it so we can actually get other things setup
|
|
|
|
|
export CRYPT_OPEN_NAME="enc"
|
|
|
|
|
export CRYPT_PATH="/dev/mapper/${CRYPT_OPEN_NAME}"
|
|
|
|
|
cryptsetup open "${DISK_EXT}3" "${CRYPT_OPEN_NAME}"
|
|
|
|
|
|
|
|
|
|
### BTRFS Setup
|
|
|
|
|
# Go ahead and make the unerypted BTRFS
|
|
|
|
|
mkfs.btrfs -L "${LABEL_BTRFS}" "${CRYPT_PATH}"
|
|
|
|
|
|
|
|
|
|
# Mount it
|
|
|
|
|
mount -t btrfs "${CRYPT_PATH}" /mnt
|
|
|
|
|
|
|
|
|
|
# Create our subvolumes
|
2023-09-17 23:17:40 -05:00
|
|
|
btrfs subvolume create "/mnt/@nix"
|
2023-09-17 03:40:50 -05:00
|
|
|
umount /mnt
|
|
|
|
|
|
|
|
|
|
### Final Mountings
|
|
|
|
|
# Mount tmpfs to mnt
|
|
|
|
|
mount -t tmpfs -o mode=755 none /mnt
|
|
|
|
|
|
|
|
|
|
# Create our directories
|
2023-09-17 23:17:40 -05:00
|
|
|
mkdir /mnt/{"boot","nix"}
|
2023-09-17 03:40:50 -05:00
|
|
|
# Mount our boot partition
|
|
|
|
|
mount -t vfat -o defaults,noatime "${DISK_EXT}1" /mnt/boot
|
|
|
|
|
|
|
|
|
|
# Mount our btrfs subvolumes individually with some btrfs options
|
|
|
|
|
# NOTE: On high performance NVME SSDs with a beefy CPU it may be worth considering ZLO compression instead of ZSTD. In
|
|
|
|
|
# many cases ZLO is more performant, especially when writing, than ZSTD while having a somewhat worse comrpession ratio.
|
|
|
|
|
# WARN: ZLO *may* be a good solution, it can be VERY slow on incompressible data. Something to keep in mind.
|
|
|
|
|
mount -t btrfs -o noatime,compress=zstd,subvol=@nix "${CRYPT_PATH}" /mnt/nix
|
|
|
|
|
|
|
|
|
|
mkdir -p /mnt/nix/persist
|
|
|
|
|
### Install NixOS
|
|
|
|
|
# Gotta make sure current working tree isn't dirty for the flake
|
|
|
|
|
git config --global user.email "m@m.com"; git config --global user.name "name"; git add .; git commit -m "Shit" >/dev/null 2>&1; \
|
|
|
|
|
# Clone the flake into place
|
|
|
|
|
git clone . /mnt/nix/persist/etc/nixos && cd /mnt/nix/persist/etc/nixos
|
|
|
|
|
# Finally, actually install NixOS
|
|
|
|
|
nixos-install --flake "git+file:.#orion"
|
|
|
|
|
|
