add mk-lappy-ssd

extras/mk-enc-usb.nix

@@ -18,7 +18,6 @@ in stdenv.mkDerivation {
     substituteAllInPlace mk-enc-usb.sh
     substituteInPlace mk-enc-usb.sh \
       --replace "@TEST@" "nyaaaaa" \
-      --replace "@USB_FILESYSTEM@" "${usb_data.unencrypted_fs_type}" \
       --replace "@USB_ENCRYPTED_PARTLABEL@" "${usb_data.encrypted_partlabel}" \
       --replace "@USB_UNENCRYPTED_LABEL@" "${usb_data.unencrypted_label}"
 

extras/mk-enc-usb.sh

@@ -21,8 +21,6 @@ if [ "$EUID" -ne 0 ]; then
   exit
 fi
 
-# e.g. ext4, btrfs, etc
-USB_FILESYSTEM=@USB_FILESYSTEM@
 # encrypted partition label
 USB_ENCRYPTED_PARTLABEL=@USB_ENCRYPTED_PARTLABEL@
 # unencrypted filesystem label
@@ -41,12 +39,7 @@ echo "Opening Encrypted Partition"
 @cryptsetup@/bin/cryptsetup open "${USB_DEVICE}${PARTITION_SEPARATOR}1" "mk_enc_usb"
 
 echo "Making Encrypted Filesystem"
-if [ "${USB_FILESYSTEM}" == "ext4" ]; then
-    @e2fsprogs@/bin/mkfs.ext4 -L "${USB_UNENCRYPTED_LABEL}" /dev/mapper/mk_enc_usb
-else
-    echo "Invalid Filesystem, please make script support it."
-    exit 1
-fi
+@e2fsprogs@/bin/mkfs.ext4 -L "${USB_UNENCRYPTED_LABEL}" /dev/mapper/mk_enc_usb
 
 echo "Closing Encrypted Partition"
 @cryptsetup@/bin/cryptsetup close "mk_enc_usb"

extras/mk-lappy-ssd.nix

@@ -0,0 +1,31 @@
+{ stdenv, bash, parted, cryptsetup, e2fsprogs, dosfstools }:
+let ssd_data = import ../hosts/lappy/hardware/ssd_data.nix { };
+in stdenv.mkDerivation {
+  name = "mk-lappy-ssd";
+  src = ./mk-lappy-ssd.sh;
+  unpackPhase = ''
+    for srcFile in $src; do
+      cp $srcFile $(stripHash $srcFile)
+    done
+  '';
+
+  inherit bash;
+  inherit parted;
+  inherit cryptsetup;
+  inherit e2fsprogs;
+  inherit dosfstools;
+
+  patchPhase = ''
+    substituteAllInPlace mk-lappy-ssd.sh
+    substituteInPlace mk-lappy-ssd.sh \
+      --replace "@SSD_ENCRYPTED_PARTLABEL@" "${ssd_data.encrypted_root_partlabel}" \
+      --replace "@SSD_UNENCRYPTED_LABEL@" "${ssd_data.unencrypted_root_label}" \
+      --replace "@SSD_BOOT_LABEL@" "${ssd_data.boot_label}"
+  '';
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp mk-lappy-ssd.sh $out/bin/mk-lappy-ssd
+    chmod +x $out/bin/mk-lappy-ssd
+  '';
+}

extras/mk-lappy-ssd.sh

@@ -0,0 +1,60 @@
+#! @bash@/bin/sh
+
+set -e
+
+# e.g /dev/nvme0n1
+SSD_PATH=$1
+KEY_FILE=$2
+
+if echo "$SSD_PATH" | grep -q "[0-9]$"; then
+    PARTITION_SEPARATOR="p"
+else
+    PARTITION_SEPARATOR=""
+fi
+
+if [ -z "$SSD_PATH" ]; then
+  echo "Please specify a path to device as first argument"
+  exit 1
+fi
+
+if [ -z "$KEY_FILE" ]; then
+  echo "Please specify a key file to use"
+  exit 1
+fi
+
+if [ "$EUID" -ne 0 ]; then
+  echo "Please run as root"
+  exit
+fi
+
+# encrypted partition label
+SSD_ENCRYPTED_PARTLABEL=@SSD_ENCRYPTED_PARTLABEL@
+# unencrypted filesystem label
+SSD_UNENCRYPTED_LABEL=@SSD_UNENCRYPTED_LABEL@
+# ssd boot label
+SSD_BOOT_LABEL=@SSD_BOOT_LABEL@
+
+echo "Creating Lappy's SSD."
+
+echo "Creating Partitions..."
+@parted@/bin/parted ${SSD_PATH} -- mklabel gpt
+@parted@/bin/parted ${SSD_PATH} -- mkpart ESP fat32 1MiB 512MiB
+@parted@/bin/parted ${SSD_PATH} -- mkpart primary 620MiB -1MiB
+@parted@/bin/parted ${SSD_PATH} -- set 1 esp on
+@parted@/bin/parted ${SSD_PATH} -- name 1 "${SSD_BOOT_LABEL}"
+@parted@/bin/parted ${SSD_PATH} -- name 2 "${SSD_ENCRYPTED_PARTLABEL}"
+
+echo "Formatting boot partition"
+@dosfstools@/bin/mkfs.fat -n "${SSD_BOOT_LABEL}" "${SSD_PATH}${PARTITION_SEPARATOR}1"
+
+echo "Creating Encrypted Partition"
+@cryptsetup@/bin/cryptsetup luksFormat "${SSD_PATH}${PARTITION_SEPARATOR}2" --key-file "${KEY_FILE}"
+
+echo "Opening Encrypted Partition"
+@cryptsetup@/bin/cryptsetup open "${SSD_PATH}${PARTITION_SEPARATOR}2" "mk_enc_ssd" --key-file "${KEY_FILE}"
+
+echo "Formatting Encrypted Root Filesystem"
+@e2fsprogs@/bin/mkfs.ext4 -L "${SSD_UNENCRYPTED_LABEL}" /dev/mapper/mk_enc_ssd
+
+echo "Closing Encrypted Partition"
+@cryptsetup@/bin/cryptsetup close "mk_enc_ssd"

hosts/lappy/hardware/ssd_data.nix

@@ -5,6 +5,7 @@
 
   # Partition Labels
   boot_label = "nixboot";
+  unencrypted_root_label = "nixos";
   encrypted_root_partlabel = "nixos_encrypted";
 
   # Partition Filesystems

outputs.nix

@@ -51,6 +51,7 @@ in {
       exa
       deploy-rs.packages."x86_64-linux".deploy-rs
       (pkgs-x86_64-linux.callPackage ./extras/mk-enc-usb.nix {})
+      (pkgs-x86_64-linux.callPackage ./extras/mk-lappy-ssd.nix {})
     ];
   };