2023-04-24 11:24:57 +02:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
set -ex
|
|
|
|
# provided by nix
|
|
|
|
init="@init@"
|
|
|
|
kernelParams="@kernelParams@"
|
|
|
|
|
|
|
|
SCRIPT_DIR=$(dirname "$(readlink -f "$0")")
|
|
|
|
INITRD_TMP=$(TMPDIR=$SCRIPT_DIR mktemp -d)
|
|
|
|
|
|
|
|
cd "$INITRD_TMP"
|
|
|
|
cleanup() {
|
|
|
|
rm -rf "$INITRD_TMP"
|
|
|
|
}
|
|
|
|
trap cleanup EXIT
|
|
|
|
mkdir -p ssh
|
|
|
|
|
|
|
|
extractPubKeys() {
|
|
|
|
home="$1"
|
|
|
|
for file in .ssh/authorized_keys .ssh/authorized_keys2; do
|
|
|
|
key="$home/$file"
|
|
|
|
if test -e "$key"; then
|
|
|
|
# workaround for debian shenanigans
|
2023-11-08 17:13:10 +01:00
|
|
|
grep -o '\(\(ssh\|ecdsa\|sk\)-[^ ]* .*\)' "$key" >> ssh/authorized_keys || true
|
2023-04-24 11:24:57 +02:00
|
|
|
fi
|
|
|
|
done
|
|
|
|
}
|
|
|
|
extractPubKeys /root
|
|
|
|
|
2024-02-28 12:38:09 +01:00
|
|
|
if test -n "${DOAS_USER-}"; then
|
|
|
|
SUDO_USER="$DOAS_USER"
|
|
|
|
fi
|
|
|
|
|
2023-04-24 11:24:57 +02:00
|
|
|
if test -n "${SUDO_USER-}"; then
|
|
|
|
sudo_home=$(sh -c "echo ~$SUDO_USER")
|
|
|
|
extractPubKeys "$sudo_home"
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Typically for NixOS
|
|
|
|
if test -e /etc/ssh/authorized_keys.d/root; then
|
|
|
|
cat /etc/ssh/authorized_keys.d/root >> ssh/authorized_keys
|
|
|
|
fi
|
|
|
|
if test -n "${SUDO_USER-}" && test -e "/etc/ssh/authorized_keys.d/$SUDO_USER"; then
|
|
|
|
cat "/etc/ssh/authorized_keys.d/$SUDO_USER" >> ssh/authorized_keys
|
|
|
|
fi
|
|
|
|
for p in /etc/ssh/ssh_host_*; do
|
|
|
|
test -e "$p" || continue
|
|
|
|
cp -a "$p" ssh
|
|
|
|
done
|
|
|
|
|
|
|
|
# save the networking config for later use
|
|
|
|
"$SCRIPT_DIR/ip" --json addr > addrs.json
|
|
|
|
|
|
|
|
"$SCRIPT_DIR/ip" -4 --json route > routes-v4.json
|
|
|
|
"$SCRIPT_DIR/ip" -6 --json route > routes-v6.json
|
|
|
|
|
2023-11-22 10:43:59 +01:00
|
|
|
[ -f /etc/machine-id ] && cp /etc/machine-id machine-id
|
|
|
|
|
2023-04-24 11:24:57 +02:00
|
|
|
find . | cpio -o -H newc | gzip -9 >> "$SCRIPT_DIR/initrd"
|
|
|
|
|
2023-12-23 18:16:16 +01:00
|
|
|
kexecSyscallFlags=""
|
|
|
|
# only do kexec-syscall-auto on kernels newer than 6.0.
|
|
|
|
# On older kernel we often get errors like: https://github.com/nix-community/nixos-anywhere/issues/264
|
2023-12-23 21:07:31 +01:00
|
|
|
if printf "%s\n" "6.1" "$(uname -r)" | sort -c -V 2>&1; then
|
2023-12-23 18:16:16 +01:00
|
|
|
kexecSyscallFlags="--kexec-syscall-auto"
|
|
|
|
fi
|
|
|
|
|
2023-05-15 11:15:15 +02:00
|
|
|
if ! "$SCRIPT_DIR/kexec" --load "$SCRIPT_DIR/bzImage" \
|
2023-12-23 18:16:16 +01:00
|
|
|
"$kexecSyscallFlags" \
|
2023-05-08 10:30:28 +02:00
|
|
|
--initrd="$SCRIPT_DIR/initrd" --no-checks \
|
2023-05-15 11:15:15 +02:00
|
|
|
--command-line "init=$init $kernelParams"; then
|
|
|
|
echo "kexec failed, dumping dmesg"
|
|
|
|
dmesg | tail -n 100
|
|
|
|
exit 1
|
|
|
|
fi
|
2023-04-24 11:24:57 +02:00
|
|
|
|
2024-05-10 12:39:48 +02:00
|
|
|
sync; echo 3 > /proc/sys/vm/drop_caches
|
|
|
|
echo "current available memory: $(free -h | awk '/^Mem/ {print $7}')"
|
|
|
|
|
2023-04-24 11:24:57 +02:00
|
|
|
# Disconnect our background kexec from the terminal
|
2023-10-16 23:22:54 +02:00
|
|
|
echo "machine will boot into nixos in 6s..."
|
2023-04-24 11:24:57 +02:00
|
|
|
if test -e /dev/kmsg; then
|
2023-10-16 23:22:54 +02:00
|
|
|
# this makes logging visible in `dmesg`, or the system console or tools like journald
|
2023-04-24 11:24:57 +02:00
|
|
|
exec > /dev/kmsg 2>&1
|
|
|
|
else
|
|
|
|
exec > /dev/null 2>&1
|
|
|
|
fi
|
|
|
|
# We will kexec in background so we can cleanly finish the script before the hosts go down.
|
|
|
|
# This makes integration with tools like terraform easier.
|
|
|
|
nohup sh -c "sleep 6 && '$SCRIPT_DIR/kexec' -e" &
|