stefandeml · October 15, 2019 11:09
diff --git a/gistfile1.txt b/gistfile1.txt
 # Create partitions
 parted --script /dev/nvme0n1 mklabel gpt
 parted --script --align optimal /dev/nvme0n1 -- mklabel gpt mkpart 'ESP-partition' fat32 1MB 551MB set 1 esp on mkpart 'LVM-partition' 551MB '100%'
 partprobe
 udevadm settle --timeout=5 --exit-if-exists=/dev/nvme0n1p1
 udevadm settle --timeout=5 --exit-if-exists=/dev/nvme0n1p2
 # Cleanup
 wipefs -a /dev/nvme0n1p1
 wipefs -a /dev/nvme0n1p2
 set +e
 lvremove nixos
 vgremove -y vgnvme
 pvremove /dev/nvme0n1p2
 set -e
 # Create lvm volume
 pvcreate /dev/nvme0n1p2
 vgcreate vgnvme /dev/nvme0n1p2
 lvcreate --extents '80%FREE' -n nixos vgnvme
 vgchange -ay vgnvme
 # Create FS
 mkfs.fat -F32 -n esp /dev/disk/by-partlabel/ESP-partition
 mkfs.ext4 -F -L nixos-root /dev/mapper/vgnvme-nixos
 udevadm trigger
 udevadm settle --timeout=5 --exit-if-exists=/dev/disk/by-label/nixos-root
 # Install nix
 mkdir -p /etc/nix
 echo "build-users-group =" > /etc/nix/nix.conf # Enable root install
 curl https://nixos.org/nix/install | sh
 set +u +x
 . $HOME/.nix-profile/etc/profile.d/nix.sh
 set -u -x
 nix-channel --add https://nixos.org/channels/nixos-19.03 nixpkgs
 nix-channel --update
 nix-env -iE "_: with import <nixpkgs/nixos> { configuration = {}; }; with config.system.build; [ nixos-generate-config nixos-install nixos-enter manual.manpages ]"
 mount /dev/disk/by-label/nixos-root /mnt
 mkdir -p /mnt/boot
 mount /dev/disk/by-label/esp /mnt/boot
 nixos-generate-config --root /mnt
 cat > /mnt/etc/nixos/configuration.nix <<EOF
 { config, pkgs, ... }:
 {
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];
  # Use GRUB2 as the EFI boot loader.
  boot.loader.systemd-boot.enable = false;
  boot.loader.grub = {
    enable = true;
    efiSupport = true;
  };
  boot.loader.grub.device = "nodev";
  boot.loader.efi.canTouchEfiVariables = true;
  networking.hostName = "avato-build-server";
  networking.nameservers = [ "8.8.8.8" ];
  users.users.root.initialHashedPassword = "";
  services.openssh.permitRootLogin = "prohibit-password";
  services.openssh.ports = [ 32222 ];
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDXxpTQi8X5CwZS6HpeuIR5R51EZNg1rrx7DW4+Z21++n/8jEKtVmJ7vkSiY0LSl3Ha8Y3ZxDyntfuLIOGYzd/AibkwBp7K+ZENjPuIrVApvMZ7ejSjCA+txorpl2zHEmQ9Y0xiUSXYQVyFnTZN5y+GzwXHKZ4Ulo/vKu9/EDL56CaIjHcovJu1XPCangFQ8DJbco16ItFje56Tf1F9Qc5S/mUwHfuLqEmFoUJSiSviFKLm/1TfSx1uv3ELLERat/+uVUjm1HYH7Qu7PEoNuCICejX88LJRmeI9ixydYkqZ5R0xVkGpgW/tGHnUTor93jo5FTrK0Z01p8KFmgIJuXPKn2DmsvPgrrpQPponrh6bK5bm8BHK3kLUPMljxHLiIEb0xU6qg/heeUAfVJC7XgOcAEFjkBvYlDkf8k9KSesWyZxufEDrpdSkIiqIoKxlq1nnwitXZ/hB6XBDxIPh3cnMdLRsOuGc8r4aDEKDs4HhQ5XaT5vQeMflaeSUqCd/0T90Ood9CJt7CjvCd6was+ebmJaYUgk0SX2+Vql0nTiTBngg9dPQ27FL33T9Dqspd6CyxFjy30anbdxru6yBh+GPc6oVLOJXsvfZ88QdwchYr+aZInVEtdhl+b7GJfc2eixdayWp9PAiTffm9F27gCbEHxFDhyvZFdelZp4lLfJjYw== private
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9rw0GjeZuXUAQHTvT/oXre4BSnWghf9jtOfbRIxb17FkGsgD5qEtktdpIOd1TroJtXhmSi67oJ+CJbLmjL7f2z6S9muzngkb475hE3QwT/JwD4h3r22GJO+jSMZbB53VRc3+S96HVYKAu7F94EbVW78XfrcwPCFpW89KTM27t1ARH3vPGg5BdsI7PCZcNyzHOOnuZSwtiELpoMK0Z4RMw1mQ3hMzvvbxB73ocJl/Dtt9QGLZN57JOVV52BynjfaTobwYB9WROvPKvDGeHIYmckujLG+yuEEZmCeUq9h8MxmofI3kfykb/Ln/yDZ3XNDIF2oXzgmHZyY4Y8dsv47JJ sancho@united
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDXxpTQi8X5CwZS6HpeuIR5R51EZNg1rrx7DW4+Z21++n/8jEKtVmJ7vkSiY0LSl3Ha8Y3ZxDyntfuLIOGYzd/AibkwBp7K+ZENjPuIrVApvMZ7ejSjCA+txorpl2zHEmQ9Y0xiUSXYQVyFnTZN5y+GzwXHKZ4Ulo/vKu9/EDL56CaIjHcovJu1XPCangFQ8DJbco16ItFje56Tf1F9Qc5S/mUwHfuLqEmFoUJSiSviFKLm/1TfSx1uv3ELLERat/+uVUjm1HYH7Qu7PEoNuCICejX88LJRmeI9ixydYkqZ5R0xVkGpgW/tGHnUTor93jo5FTrK0Z01p8KFmgIJuXPKn2DmsvPgrrpQPponrh6bK5bm8BHK3kLUPMljxHLiIEb0xU6qg/heeUAfVJC7XgOcAEFjkBvYlDkf8k9KSesWyZxufEDrpdSkIiqIoKxlq1nnwitXZ/hB6XBDxIPh3cnMdLRsOuGc8r4aDEKDs4HhQ5XaT5vQeMflaeSUqCd/0T90Ood9CJt7CjvCd6was+ebmJaYUgk0SX2+Vql0nTiTBngg9dPQ27FL33T9Dqspd6CyxFjy30anbdxru6yBh+GPc6oVLOJXsvfZ88QdwchYr+aZInVEtdhl+b7GJfc2eixdayWp9PAiTffm9F27gCbEHxFDhyvZFdelZp4lLfJjYw==
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOMnrUKIGswAC9vycDk7OsRD1LxM1+IpRwmZ4X6/aRaR6TLZClDtuXqQK6G+8lAYS+0NkyIzMCM7uOeocYh28c5ENA+8u23ai5obm7mzCoQo9+zUfPAjV9QfMr5c1DAfJcP/R+d6KkGbsxAFTwKRBk1T++LFTjwW9pLXjdXDLI5ndydfX9NTsuSQux57RiJpL9sX4leIefkHjL/FprPrKYfAi3zfFkgRM+Z63uU3nB9Ap9vRIfi5SDtjhGr2+4QzHgKXrx8mLQL6+0h05n6cD6E9Y73sUfVqIvLT9Ia/qssVRifHLxyWrwmyp2t4Zdrh5Cdpcb22/LoXr8KKmSEuDy83oeSS/9KAvPn68dG9D67UNjZEsl7UYnjeWnZtwEThlSQapvbHYs7qjsdbgXw72UxqFxEoWkUym+DQLlkxZSehumvx36ujCeDaoErKjeaHoPPHwEXJ5h6KILccGCKVOUBePtPNRuzL6vTBlqnOKjYy3DlWqgHCvAVQlkICttkgCzzrqm2BfqKUZH5HRGSzXE1IWDmppae0/JtGpaQwfDbbrZEg8Tsi9cFhQqiGKcma/PGDvZGKu/RaN1XAKW79IflqeIolluXsfA/GCIyxBa/afDgnfLiWhGlzjsUhIJ/qacx+bKj0thoRtoU6n6PlUpDU3/1Oqbir+bYDGvUIbfnQ== Generated by ISG D-MATH for [email protected] on 2016-02-19 @ 11:39:38
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC78ZdkvJjmkKE3pu4/yEuLbtbBcV/M0br3KVPcr3Son+RwgbCSBV+oazRcnkGuRNiYjcxNT0y+So29BfBLnSgynVS6S3VyAPlXnDmKwjx/g18CgEZ7FC5sdNl06s1XzTkeJNrjzxOueIkMG4bv6nqno1+iUkpRorSsEpdQN9pSdKaNF2u7CfqF2rqA1DSTQIhy61rqlxzq3iEOB8vS7D5OPbGHyscERhlzzxG4hvngiFJOeR8iSYoydmrmC7mBxB6887rwOAjOfh4vCO1LajNkH7eck9VdHfbiO6i9UdaiyA+faPvBapeWFv5ah9I19dx41X/Ag6dJgAxkdsAtaREp [email protected]
 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6G056rT+gY4aeIm6KVbdb5Gav+m77bNdGpCshtTsE5pnhBPoFN30K6L0hpWMZf0V4dhA65kx+HattX6sEPlKacryrefe75L3k9Sr8KRQNeU+SoiQZYvtg1cPA4jotTBmQfHbtfqh6416ePBjiCzwx9h4pUz2fwiRce+nl4B50Sd4JGjoMRCisonNlcokk9zUpjDZAUKb/cmnawHy4GX5umSfxf2jXLYFnxw4XYeR1dLcovW5rMcgqBZEAmIrrR6i8Q/lyRMrS5VISzCct3BqK9RiJvhlKX2skVux08SBQSB4l4CJIbiAWjiVVXbE7t9evbGzTWgdqdYQO6QjEj++iw== [email protected]"
  ];
  services.openssh.enable = true;
  # This value determines the NixOS release with which your system is to be
  # compatible, in order to avoid breaking some software such as database
  # servers. You should change this only after NixOS release notes say you
  # should.
  system.stateVersion = "19.03"; # Did you read the comment?
 }
 EOF
 PATH="$PATH" NIX_PATH="$NIX_PATH" `which nixos-install` --no-root-passwd --root /mnt --max-jobs 40
	# Create partitions
	parted --script /dev/nvme0n1 mklabel gpt
	parted --script --align optimal /dev/nvme0n1 -- mklabel gpt mkpart 'ESP-partition' fat32 1MB 551MB set 1 esp on mkpart 'LVM-partition' 551MB '100%'
	partprobe
	udevadm settle --timeout=5 --exit-if-exists=/dev/nvme0n1p1
	udevadm settle --timeout=5 --exit-if-exists=/dev/nvme0n1p2
	# Cleanup
	wipefs -a /dev/nvme0n1p1
	wipefs -a /dev/nvme0n1p2
	set +e
	lvremove nixos
	vgremove -y vgnvme
	pvremove /dev/nvme0n1p2
	set -e
	# Create lvm volume
	pvcreate /dev/nvme0n1p2
	vgcreate vgnvme /dev/nvme0n1p2
	lvcreate --extents '80%FREE' -n nixos vgnvme
	vgchange -ay vgnvme
	# Create FS
	mkfs.fat -F32 -n esp /dev/disk/by-partlabel/ESP-partition
	mkfs.ext4 -F -L nixos-root /dev/mapper/vgnvme-nixos
	udevadm trigger
	udevadm settle --timeout=5 --exit-if-exists=/dev/disk/by-label/nixos-root
	# Install nix
	mkdir -p /etc/nix
	echo "build-users-group =" > /etc/nix/nix.conf # Enable root install
	curl https://nixos.org/nix/install \| sh
	set +u +x
	. $HOME/.nix-profile/etc/profile.d/nix.sh
	set -u -x
	nix-channel --add https://nixos.org/channels/nixos-19.03 nixpkgs
	nix-channel --update
	nix-env -iE "_: with import <nixpkgs/nixos> { configuration = {}; }; with config.system.build; [ nixos-generate-config nixos-install nixos-enter manual.manpages ]"
	mount /dev/disk/by-label/nixos-root /mnt
	mkdir -p /mnt/boot
	mount /dev/disk/by-label/esp /mnt/boot
	nixos-generate-config --root /mnt
	cat > /mnt/etc/nixos/configuration.nix <<EOF
	{ config, pkgs, ... }:
	{
	imports =
	[ # Include the results of the hardware scan.
	./hardware-configuration.nix
	];
	# Use GRUB2 as the EFI boot loader.
	boot.loader.systemd-boot.enable = false;
	boot.loader.grub = {
	enable = true;
	efiSupport = true;
	};
	boot.loader.grub.device = "nodev";
	boot.loader.efi.canTouchEfiVariables = true;
	networking.hostName = "avato-build-server";
	networking.nameservers = [ "8.8.8.8" ];
	users.users.root.initialHashedPassword = "";
	services.openssh.permitRootLogin = "prohibit-password";
	services.openssh.ports = [ 32222 ];
	users.users.root.openssh.authorizedKeys.keys = [
	"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDXxpTQi8X5CwZS6HpeuIR5R51EZNg1rrx7DW4+Z21++n/8jEKtVmJ7vkSiY0LSl3Ha8Y3ZxDyntfuLIOGYzd/AibkwBp7K+ZENjPuIrVApvMZ7ejSjCA+txorpl2zHEmQ9Y0xiUSXYQVyFnTZN5y+GzwXHKZ4Ulo/vKu9/EDL56CaIjHcovJu1XPCangFQ8DJbco16ItFje56Tf1F9Qc5S/mUwHfuLqEmFoUJSiSviFKLm/1TfSx1uv3ELLERat/+uVUjm1HYH7Qu7PEoNuCICejX88LJRmeI9ixydYkqZ5R0xVkGpgW/tGHnUTor93jo5FTrK0Z01p8KFmgIJuXPKn2DmsvPgrrpQPponrh6bK5bm8BHK3kLUPMljxHLiIEb0xU6qg/heeUAfVJC7XgOcAEFjkBvYlDkf8k9KSesWyZxufEDrpdSkIiqIoKxlq1nnwitXZ/hB6XBDxIPh3cnMdLRsOuGc8r4aDEKDs4HhQ5XaT5vQeMflaeSUqCd/0T90Ood9CJt7CjvCd6was+ebmJaYUgk0SX2+Vql0nTiTBngg9dPQ27FL33T9Dqspd6CyxFjy30anbdxru6yBh+GPc6oVLOJXsvfZ88QdwchYr+aZInVEtdhl+b7GJfc2eixdayWp9PAiTffm9F27gCbEHxFDhyvZFdelZp4lLfJjYw== private
	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9rw0GjeZuXUAQHTvT/oXre4BSnWghf9jtOfbRIxb17FkGsgD5qEtktdpIOd1TroJtXhmSi67oJ+CJbLmjL7f2z6S9muzngkb475hE3QwT/JwD4h3r22GJO+jSMZbB53VRc3+S96HVYKAu7F94EbVW78XfrcwPCFpW89KTM27t1ARH3vPGg5BdsI7PCZcNyzHOOnuZSwtiELpoMK0Z4RMw1mQ3hMzvvbxB73ocJl/Dtt9QGLZN57JOVV52BynjfaTobwYB9WROvPKvDGeHIYmckujLG+yuEEZmCeUq9h8MxmofI3kfykb/Ln/yDZ3XNDIF2oXzgmHZyY4Y8dsv47JJ sancho@united
	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDXxpTQi8X5CwZS6HpeuIR5R51EZNg1rrx7DW4+Z21++n/8jEKtVmJ7vkSiY0LSl3Ha8Y3ZxDyntfuLIOGYzd/AibkwBp7K+ZENjPuIrVApvMZ7ejSjCA+txorpl2zHEmQ9Y0xiUSXYQVyFnTZN5y+GzwXHKZ4Ulo/vKu9/EDL56CaIjHcovJu1XPCangFQ8DJbco16ItFje56Tf1F9Qc5S/mUwHfuLqEmFoUJSiSviFKLm/1TfSx1uv3ELLERat/+uVUjm1HYH7Qu7PEoNuCICejX88LJRmeI9ixydYkqZ5R0xVkGpgW/tGHnUTor93jo5FTrK0Z01p8KFmgIJuXPKn2DmsvPgrrpQPponrh6bK5bm8BHK3kLUPMljxHLiIEb0xU6qg/heeUAfVJC7XgOcAEFjkBvYlDkf8k9KSesWyZxufEDrpdSkIiqIoKxlq1nnwitXZ/hB6XBDxIPh3cnMdLRsOuGc8r4aDEKDs4HhQ5XaT5vQeMflaeSUqCd/0T90Ood9CJt7CjvCd6was+ebmJaYUgk0SX2+Vql0nTiTBngg9dPQ27FL33T9Dqspd6CyxFjy30anbdxru6yBh+GPc6oVLOJXsvfZ88QdwchYr+aZInVEtdhl+b7GJfc2eixdayWp9PAiTffm9F27gCbEHxFDhyvZFdelZp4lLfJjYw==
	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOMnrUKIGswAC9vycDk7OsRD1LxM1+IpRwmZ4X6/aRaR6TLZClDtuXqQK6G+8lAYS+0NkyIzMCM7uOeocYh28c5ENA+8u23ai5obm7mzCoQo9+zUfPAjV9QfMr5c1DAfJcP/R+d6KkGbsxAFTwKRBk1T++LFTjwW9pLXjdXDLI5ndydfX9NTsuSQux57RiJpL9sX4leIefkHjL/FprPrKYfAi3zfFkgRM+Z63uU3nB9Ap9vRIfi5SDtjhGr2+4QzHgKXrx8mLQL6+0h05n6cD6E9Y73sUfVqIvLT9Ia/qssVRifHLxyWrwmyp2t4Zdrh5Cdpcb22/LoXr8KKmSEuDy83oeSS/9KAvPn68dG9D67UNjZEsl7UYnjeWnZtwEThlSQapvbHYs7qjsdbgXw72UxqFxEoWkUym+DQLlkxZSehumvx36ujCeDaoErKjeaHoPPHwEXJ5h6KILccGCKVOUBePtPNRuzL6vTBlqnOKjYy3DlWqgHCvAVQlkICttkgCzzrqm2BfqKUZH5HRGSzXE1IWDmppae0/JtGpaQwfDbbrZEg8Tsi9cFhQqiGKcma/PGDvZGKu/RaN1XAKW79IflqeIolluXsfA/GCIyxBa/afDgnfLiWhGlzjsUhIJ/qacx+bKj0thoRtoU6n6PlUpDU3/1Oqbir+bYDGvUIbfnQ== Generated by ISG D-MATH for [email protected] on 2016-02-19 @ 11:39:38
	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC78ZdkvJjmkKE3pu4/yEuLbtbBcV/M0br3KVPcr3Son+RwgbCSBV+oazRcnkGuRNiYjcxNT0y+So29BfBLnSgynVS6S3VyAPlXnDmKwjx/g18CgEZ7FC5sdNl06s1XzTkeJNrjzxOueIkMG4bv6nqno1+iUkpRorSsEpdQN9pSdKaNF2u7CfqF2rqA1DSTQIhy61rqlxzq3iEOB8vS7D5OPbGHyscERhlzzxG4hvngiFJOeR8iSYoydmrmC7mBxB6887rwOAjOfh4vCO1LajNkH7eck9VdHfbiO6i9UdaiyA+faPvBapeWFv5ah9I19dx41X/Ag6dJgAxkdsAtaREp [email protected]
	ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6G056rT+gY4aeIm6KVbdb5Gav+m77bNdGpCshtTsE5pnhBPoFN30K6L0hpWMZf0V4dhA65kx+HattX6sEPlKacryrefe75L3k9Sr8KRQNeU+SoiQZYvtg1cPA4jotTBmQfHbtfqh6416ePBjiCzwx9h4pUz2fwiRce+nl4B50Sd4JGjoMRCisonNlcokk9zUpjDZAUKb/cmnawHy4GX5umSfxf2jXLYFnxw4XYeR1dLcovW5rMcgqBZEAmIrrR6i8Q/lyRMrS5VISzCct3BqK9RiJvhlKX2skVux08SBQSB4l4CJIbiAWjiVVXbE7t9evbGzTWgdqdYQO6QjEj++iw== [email protected]"
	];
	services.openssh.enable = true;
	# This value determines the NixOS release with which your system is to be
	# compatible, in order to avoid breaking some software such as database
	# servers. You should change this only after NixOS release notes say you
	# should.
	system.stateVersion = "19.03"; # Did you read the comment?
	}
	EOF
	PATH="$PATH" NIX_PATH="$NIX_PATH" `which nixos-install` --no-root-passwd --root /mnt --max-jobs 40