]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/aubergine/Makefile
Add given password for hosts/aubergine/ssh/host.key to store.
[julm/julm-nix.git] / hosts / aubergine / Makefile
1 #cwd := $(notdir $(patsubst %/,%,$(dir $(abspath $(lastword $(MAKEFILE_LIST))))))
2 hostName := aubergine
3 disk_sd := /dev/disk/by-id/mmc-SU08G_0xb0320f0f
4 disk_ssd := /dev/disk/by-id/ata-YMTC_JGS_2201060101833
5 rpool := $(hostName)
6 #cipher := aes-128-gcm
7 cipher :=
8 autotrim := on
9 reservation := 1G
10
11 wipe-sd:
12 sudo sgdisk --zap-all $(disk_sd)
13 wipe-ssd:
14 sudo sgdisk --zap-all $(disk_ssd)
15 sudo zpool labelclear -f /dev/disk/by-partlabel/$(hostName)_ssd_rpool || true
16
17 part: wipe-sd wipe-ssd
18 part-sd: wipe-sd
19 sudo sgdisk -a1 -n0:34:2047 -t0:EF02 -c0:"$(hostName)_sd_bios" $(disk_sd)
20 sudo sgdisk -n0:1M:+100M -t0:EF00 -c0:"$(hostName)_sd_efi" $(disk_sd)
21 sudo sgdisk -n0:0:0 -t0:8300 -c0:"$(hostName)_sd_root" $(disk_sd)
22 sudo sgdisk --randomize-guids $(disk_sd)
23 sudo sgdisk --backup=$(hostName)_sd.sgdisk $(disk_sd)
24 part-ssd:
25 sudo sgdisk -a1 -n0:34:2047 -t0:EF02 -c0:"$(hostName)_ssd_bios" $(disk_ssd)
26 sudo sgdisk -n0:1M:+100M -t0:EF00 -c0:"$(hostName)_ssd_efi" $(disk_ssd)
27 sudo sgdisk -n0:0:+256M -t0:8300 -c0:"$(hostName)_ssd_boot" $(disk_ssd)
28 sudo sgdisk -n0:0:+8G -t0:8200 -c0:"$(hostName)_ssd_swap" $(disk_ssd)
29 sudo sgdisk -n0:0:0 -t0:BF01 -c0:"$(hostName)_ssd_rpool" $(disk_ssd)
30 sudo sgdisk --randomize-guids $(disk_ssd)
31 sudo sgdisk --backup=$(hostName)_ssd.sgdisk $(disk_ssd)
32
33 format-sd: format-sd-root format-sd-efi
34 format-sd-efi:
35 sudo blkid /dev/disk/by-partlabel/$(hostName)_sd_efi -t TYPE=vfat || \
36 sudo mkfs.vfat -F 32 -s 1 -n EFI /dev/disk/by-partlabel/$(hostName)_sd_efi
37 format-sd-root:
38 sudo mkdir -p /mnt/install/$(hostName)
39 sudo blkid -t TYPE=ext4 /dev/disk/by-partlabel/$(hostName)_sd_root; test $$? != 2 || \
40 sudo mkfs.ext4 /dev/disk/by-partlabel/$(hostName)_sd_root
41 format-ssd: format-ssd-root format-ssd-efi format-ssd-boot
42 format-ssd-efi:
43 sudo blkid /dev/disk/by-partlabel/$(hostName)_ssd_efi -t TYPE=vfat || \
44 sudo mkfs.vfat -F 32 -s 1 -n EFI /dev/disk/by-partlabel/$(hostName)_ssd_efi
45 format-ssd-boot:
46 sudo blkid -t TYPE=ext4 /dev/disk/by-partlabel/$(hostName)_ssd_boot; test $$? != 2 || \
47 sudo mkfs.ext4 /dev/disk/by-partlabel/$(hostName)_ssd_boot
48 format-ssd-root:
49 sudo zpool list $(rpool) 2>/dev/null || \
50 sudo zpool create -o ashift=12 \
51 -O utf8only=yes \
52 -R /mnt/$(hostName) $(rpool) /dev/disk/by-partlabel/$(hostName)_ssd_zpool
53 sudo zpool set \
54 autotrim=$(autotrim) \
55 $(rpool)
56 sudo zfs set \
57 acltype=off \
58 atime=off \
59 canmount=off \
60 compression=$(compression) \
61 dnodesize=auto \
62 relatime=on \
63 xattr=off \
64 mountpoint=/ \
65 $(rpool)
66 # https://nixos.wiki/wiki/NixOS_on_ZFS#Reservations
67 sudo zfs list $(rpool)/reserved 2>/dev/null || \
68 sudo zfs create -o canmount=off -o mountpoint=none $(rpool)/reserved
69 sudo zfs set refreservation=$(reservation) $(rpool)/reserved
70 # /
71 # mountpoint=legacy is required to let NixOS mount the ZFS filesystems.
72 sudo zfs list $(rpool)/root 2>/dev/null || \
73 sudo zfs create \
74 -o canmount=on \
75 -o mountpoint=legacy \
76 $(rpool)/root
77 # /*
78 for p in \
79 nix \
80 var \
81 ; do \
82 sudo zfs list $(rpool)/"$$p" 2>/dev/null || \
83 sudo zfs create \
84 -o canmount=on \
85 -o mountpoint=legacy \
86 $(rpool)/"$$p" ; \
87 done
88 for p in \
89 home/julm \
90 ; do \
91 sudo zfs list $(rpool)/"$$p" 2>/dev/null || \
92 sudo zfs create \
93 -o canmount=on \
94 -o mountpoint=legacy \
95 $(if $(cipher),-O encryption=$(cipher) \
96 -o keyformat=passphrase \
97 -o keylocation=prompt) \
98 $(rpool)/"$$p" ; \
99 done
100 #sudo zfs set sync=disabled $(rpool)/var/tmp
101 #sudo zfs set copies=2 $(rpool)/home/documents
102
103 mount-sd: mount-sd-root mount-sd-efi
104 mount-sd-root:
105 sudo mkdir -p /mnt/install/$(hostName)
106 sudo mountpoint /mnt/install/$(hostName) || \
107 sudo mount -v /dev/disk/by-partlabel/$(hostName)_sd_root /mnt/install/$(hostName)
108 mount-sd-efi: | mount-sd-root
109 sudo mkdir -p /mnt/install/$(hostName)/boot/efi
110 sudo mountpoint /mnt/install/$(hostName)/boot/efi || \
111 sudo mount -v /dev/disk/by-partlabel/$(hostName)_sd_efi /mnt/install/$(hostName)/boot/efi
112
113 mount-ssd: mount-ssd-root mount-ssd-efi
114 mount-ssd-root:
115 sudo mkdir -p /mnt/install/$(hostName)
116 sudo mountpoint /mnt/install/$(hostName) || \
117 sudo mount -v /dev/disk/by-partlabel/$(hostName)_ssd_root /mnt/install/$(hostName)
118 mount-ssd-efi: | mount-ssd-root
119 sudo mkdir -p /mnt/install/$(hostName)/boot/efi
120 sudo mountpoint /mnt/install/$(hostName)/boot/efi || \
121 sudo mount -v /dev/disk/by-partlabel/$(hostName)_ssd_efi /mnt/install/$(hostName)/boot/efi
122
123 bootstrap:
124 mountpoint /mnt/install/$(hostName)
125
126 # Workaround https://dev.gnupg.org/T3908
127 chmod o+rw $$GPG_TTY $$XAUTHORITY
128
129 sudo --preserve-env \
130 $$(which nixos-install) \
131 --root /mnt/install/$(hostName) \
132 --flake '.#$(hostName)' \
133 --no-root-passwd \
134 --no-channel-copy \
135 --show-trace
136
137 # End workaround https://dev.gnupg.org/T3908
138 chmod o-rw $$GPG_TTY $$XAUTHORITY
139
140 umount:
141 for p in \
142 boot/efi \
143 boot \
144 home \
145 nix \
146 var/cache \
147 var/log \
148 var/tmp \
149 var \
150 "" \
151 ; do \
152 ! sudo mountpoint /mnt/install/$(hostName)/"$$p" || \
153 sudo umount -v /mnt/install/$(hostName)/"$$p" ; \
154 done
155 ! sudo zpool list $(rpool) 2>/dev/null || \
156 zfs get -H encryption $(rpool) | \
157 grep -q '^$(rpool)\s*encryption\s*off' || \
158 zfs get -H keystatus $(rpool) | \
159 grep -q '^$(rpool)\s*keystatus\s*unavailable' || \
160 sudo zfs unload-key $(rpool)
161 #! sudo zpool list bpool 2>/dev/null || \
162 #sudo zpool export bpool
163 ! sudo zpool list $(rpool) 2>/dev/null || \
164 sudo zpool export $(rpool)