Readme + moved to legacy boot
This commit is contained in:
parent
e8744cc4e4
commit
c31bd41a30
39
README.md
39
README.md
@ -9,3 +9,42 @@ From another linux system, create the build script
|
|||||||
Write your disk password to somewhere, like /tmp/secret.key,
|
Write your disk password to somewhere, like /tmp/secret.key,
|
||||||
then build the image calling the result:
|
then build the image calling the result:
|
||||||
`./result --build-memory 8192 --pre-format-files /tmp/secret.key secret.key`
|
`./result --build-memory 8192 --pre-format-files /tmp/secret.key secret.key`
|
||||||
|
|
||||||
|
|
||||||
|
## VMC
|
||||||
|
|
||||||
|
VMC has a weird mapping for keys (Qwerty-1 * bepo)
|
||||||
|
To remap, use the following python script
|
||||||
|
|
||||||
|
```Python
|
||||||
|
a = "abcdefghijklmnopqrsuvx,.'ABCDEFHIJKLMOPQRSUX"
|
||||||
|
b = "akxipe,cdtsrq'ljbouv.yghmAKXIPECDTSRQLJBOUVY"
|
||||||
|
d = dict()
|
||||||
|
for i in range(len(b)):
|
||||||
|
d[b[i]] = a[i]
|
||||||
|
|
||||||
|
p = "motdepasse"
|
||||||
|
pp = ''.join([c for c in p if c in b])
|
||||||
|
pc = ''.join([d[c] for c in pp])
|
||||||
|
print("Mot de passe:",pp)
|
||||||
|
print("Mot de passe:",pc)
|
||||||
|
```
|
||||||
|
|
||||||
|
## Install with nixos-anywhere
|
||||||
|
|
||||||
|
|
||||||
|
```Bash
|
||||||
|
# Write disk encryption password to secret.key
|
||||||
|
echo "motdepasse" > secret.key
|
||||||
|
# Connect to ssh, run kexec to nixos install rom, and format disko
|
||||||
|
nix run github:nix-community/nixos-anywhere -- --flake '.#midori' --target-host root@109.94.170.38 --disk-encryption-keys /tmp/secret.key ./secret.key --phases kexec,disko
|
||||||
|
|
||||||
|
# Mount persistence directories that nixos will install stuff into
|
||||||
|
mkdir -p /mnt/persistence/nix
|
||||||
|
mkdir -p /mnt/persistence/var/lib/nixos
|
||||||
|
mount --bind -m -o X-fstrim.notrim /mnt/persistence/nix /mnt/nix
|
||||||
|
mount --bind -m -o X-fstrim.notrim /mnt/persistence/var/lib/nixos /mnt/var/lib/nixos
|
||||||
|
|
||||||
|
# Run the install phase
|
||||||
|
nix run github:nix-community/nixos-anywhere -- --flake '.#midori' --target-host root@109.94.170.38 --disk-encryption-keys /tmp/secret.key ./secret.key --phases install
|
||||||
|
```
|
||||||
|
|||||||
@ -9,9 +9,16 @@
|
|||||||
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.grub = {
|
||||||
|
enable = true;
|
||||||
|
efiSupport = false;
|
||||||
|
device = "/dev/vda";
|
||||||
|
};
|
||||||
boot.initrd.systemd.enable = true;
|
boot.initrd.systemd.enable = true;
|
||||||
|
|
||||||
|
# Root can't login, so useless
|
||||||
|
systemd.enableEmergencyMode = false;
|
||||||
|
|
||||||
# This option defines the first version of NixOS you have installed on this particular machine,
|
# This option defines the first version of NixOS you have installed on this particular machine,
|
||||||
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
|
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
|
||||||
#
|
#
|
||||||
|
|||||||
@ -6,31 +6,29 @@
|
|||||||
disk = {
|
disk = {
|
||||||
main = {
|
main = {
|
||||||
type = "disk";
|
type = "disk";
|
||||||
device = "/dev/disk/by-path/pci-0000:00:04.0";
|
device = "/dev/vda";
|
||||||
content = {
|
content = {
|
||||||
type = "gpt";
|
type = "table";
|
||||||
partitions = {
|
format = "msdos";
|
||||||
esp = {
|
partitions = [
|
||||||
size = "512M";
|
{
|
||||||
type = "ef00";
|
name = "ESP";
|
||||||
|
start = "1M";
|
||||||
|
end = "500M";
|
||||||
|
bootable = true;
|
||||||
content = {
|
content = {
|
||||||
type = "filesystem";
|
type = "filesystem";
|
||||||
format = "vfat";
|
format = "vfat";
|
||||||
mountpoint = "/boot";
|
mountpoint = "/boot";
|
||||||
mountOptions = [
|
mountOptions = [ "umask=0077" ];
|
||||||
# Do not set the executable bit on files and prevent access from
|
|
||||||
# non-root users.
|
|
||||||
"dmask=0077"
|
|
||||||
"fmask=0177"
|
|
||||||
|
|
||||||
"noatime"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
}
|
||||||
persistence-encrypted = {
|
{
|
||||||
start = "513M";
|
name = "Midori-disk";
|
||||||
size = "100%";
|
start = "500M";
|
||||||
# type = "8309";
|
end = "100%";
|
||||||
|
part-type = "primary";
|
||||||
|
bootable = true;
|
||||||
content = {
|
content = {
|
||||||
type = "luks";
|
type = "luks";
|
||||||
name = "persistence";
|
name = "persistence";
|
||||||
@ -59,8 +57,8 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
}
|
||||||
};
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
@ -12,6 +12,9 @@
|
|||||||
# This is for instance where timers activation times are stored, hence
|
# This is for instance where timers activation times are stored, hence
|
||||||
# why it is desirable for this directory to be persistent.
|
# why it is desirable for this directory to be persistent.
|
||||||
"/var/lib/systemd"
|
"/var/lib/systemd"
|
||||||
|
|
||||||
|
# We want this to be preserved accross reboots, to debug crash cause
|
||||||
|
"/var/log/journal"
|
||||||
];
|
];
|
||||||
|
|
||||||
files = [
|
files = [
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user