dragnpkgs/pkgs/bootstrap/archlinux/default.nix

{
  lib,
  concatText,
  fetchzip,
  stdenvNoCC,
  writeText,
  writeShellApplication,

  bash,
  cacert,
  coreutils,
  pacman,
  systemd,
  zstd,

  repos ? ["core" "community" "extra"],
  keyring-version ? "20241015-1",
  keyring-hash ? "sha256-7IegfprKTNn0aPRMgTw34SEc/GRCfy92mE9CVI4rxr0=",
  mirror ? "https://mirror.rackspace.com/archlinux/$repo/os/$arch",
}: rec {
  keyring = (fetchzip.override { withUnzip = false; }) {
    url = "${builtins.replaceStrings ["$repo" "$arch"] ["core" "x86_64"] mirror}/archlinux-keyring-${keyring-version}-any.pkg.tar.zst";
    hash = keyring-hash;
    nativeBuildInputs = [ zstd ];
    stripRoot = false;
    postFetch = ''
      rm "$out"/.BUILDINFO "$out"/.INSTALL "$out"/.MTREE "$out"/.PKGINFO
      mkdir "$out"/share/pacman -p
      mv "$out"/usr/share/pacman/keyrings "$out"/share/pacman
      rm -rf "$out"/usr
    '';
  };

  pacman_conf_in =
    writeText
      "pacman-mirrors.conf"
      (lib.strings.concatLines
        (lib.map
          (repo: ''
            [${repo}]
            Server = ${mirror}
          '')
          repos));

  pacman_conf = concatText "pacman.conf" [ "${pacman}/etc/pacman.conf" pacman_conf_in ];

  bootstrap = writeShellApplication {
    name = "archlinux-bootstrap";

    runtimeInputs = [ coreutils pacman systemd ];

    text = ''
      if [ $# -lt 1 ]; then
        echo "usage: $0 [directory] [pkgs ...]"
        exit 1
      fi

      newroot="$1"
      shift

      echo "Installing arch linux to $newroot"

      # set up new base filesystem
      install -dm0755 "$newroot"
      install -dm0755 "$newroot"/var/{cache/pacman/pkg,lib/pacman,log}
      install -dm0755 "$newroot"/{dev,run,etc/pacman.d}
      install -dm1777 "$newroot"/tmp
      install -dm0555 "$newroot"/{sys,proc}

      # set up mountpoint for nix
      install -dm0755 "$newroot"/nix

      # temporarily set up /etc/mtab, pacman needs this to work
      ln -sf /proc/mounts "$newroot"/etc/mtab

      # fully initialize the keyring ahead of entering the container
      pacman_conf="${pacman_conf}"
      pacman-key --gpgdir "$newroot"/etc/pacman.d/gnupg --config "$pacman_conf" --init
      pacman-key --gpgdir "$newroot"/etc/pacman.d/gnupg --config "$pacman_conf" \
        --populate archlinux --populate-from "${keyring}/share/pacman/keyrings"

      # install the config file
      install -Dm0755 "$pacman_conf" "$newroot"/etc/pacman.conf

      # bootstrap the system. allow pacman to overwrite the existing mtab entry
      systemd-nspawn -D "$newroot" --bind-ro=/nix \
        -E SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt \
        -E PATH=/usr/bin/ \
        -- \
        "${pacman}/bin/pacman" -Sy --noconfirm --overwrite /etc/mtab base "$@"

      # remove nix mount point
      rmdir "$newroot"/nix

      echo "Done installing!"
      echo "Set root password:"
      echo "  sudo systemd-nspawn -UD \"$newroot\" -- /bin/passwd root"
      echo "Boot system:"
      echo "  sudo systemd-nspawn -bUD \"$newroot\""
    '';
  };
}
WIP archlinux bootstrap from nixos 2024-11-28 08:34:05 +00:00			`{`
			`lib,`
			`concatText,`
			`fetchzip,`
			`stdenvNoCC,`
			`writeText,`
			`writeShellApplication,`

			`bash,`
			`cacert,`
			`coreutils,`
			`pacman,`
			`systemd,`
			`zstd,`

			`repos ? ["core" "community" "extra"],`
			`keyring-version ? "20241015-1",`
			`keyring-hash ? "sha256-7IegfprKTNn0aPRMgTw34SEc/GRCfy92mE9CVI4rxr0=",`
			`mirror ? "https://mirror.rackspace.com/archlinux/$repo/os/$arch",`
			`}: rec {`
			`keyring = (fetchzip.override { withUnzip = false; }) {`
			`url = "${builtins.replaceStrings ["$repo" "$arch"] ["core" "x86_64"] mirror}/archlinux-keyring-${keyring-version}-any.pkg.tar.zst";`
			`hash = keyring-hash;`
			`nativeBuildInputs = [ zstd ];`
			`stripRoot = false;`
			`postFetch = ''`
			`rm "$out"/.BUILDINFO "$out"/.INSTALL "$out"/.MTREE "$out"/.PKGINFO`
			`mkdir "$out"/share/pacman -p`
			`mv "$out"/usr/share/pacman/keyrings "$out"/share/pacman`
			`rm -rf "$out"/usr`
			`'';`
			`};`

			`pacman_conf_in =`
			`writeText`
			`"pacman-mirrors.conf"`
			`(lib.strings.concatLines`
			`(lib.map`
			`(repo: ''`
			`[${repo}]`
			`Server = ${mirror}`
			`'')`
			`repos));`

			`pacman_conf = concatText "pacman.conf" [ "${pacman}/etc/pacman.conf" pacman_conf_in ];`

			`bootstrap = writeShellApplication {`
			`name = "archlinux-bootstrap";`

			`runtimeInputs = [ coreutils pacman systemd ];`

			`text = ''`
			`if [ $# -lt 1 ]; then`
			`echo "usage: $0 [directory] [pkgs ...]"`
			`exit 1`
			`fi`

			`newroot="$1"`
			`shift`

			`echo "Installing arch linux to $newroot"`

			`# set up new base filesystem`
			`install -dm0755 "$newroot"`
			`install -dm0755 "$newroot"/var/{cache/pacman/pkg,lib/pacman,log}`
			`install -dm0755 "$newroot"/{dev,run,etc/pacman.d}`
			`install -dm1777 "$newroot"/tmp`
			`install -dm0555 "$newroot"/{sys,proc}`

			`# set up mountpoint for nix`
			`install -dm0755 "$newroot"/nix`

			`# temporarily set up /etc/mtab, pacman needs this to work`
			`ln -sf /proc/mounts "$newroot"/etc/mtab`

			`# fully initialize the keyring ahead of entering the container`
			`pacman_conf="${pacman_conf}"`
			`pacman-key --gpgdir "$newroot"/etc/pacman.d/gnupg --config "$pacman_conf" --init`
			`pacman-key --gpgdir "$newroot"/etc/pacman.d/gnupg --config "$pacman_conf" \`
			`--populate archlinux --populate-from "${keyring}/share/pacman/keyrings"`

			`# install the config file`
			`install -Dm0755 "$pacman_conf" "$newroot"/etc/pacman.conf`

			`# bootstrap the system. allow pacman to overwrite the existing mtab entry`
			`systemd-nspawn -D "$newroot" --bind-ro=/nix \`
			`-E SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt \`
			`-E PATH=/usr/bin/ \`
			`-- \`
			`"${pacman}/bin/pacman" -Sy --noconfirm --overwrite /etc/mtab base "$@"`

			`# remove nix mount point`
			`rmdir "$newroot"/nix`

			`echo "Done installing!"`
			`echo "Set root password:"`
			`echo " sudo systemd-nspawn -UD \"$newroot\" -- /bin/passwd root"`
			`echo "Boot system:"`
			`echo " sudo systemd-nspawn -bUD \"$newroot\""`
			`'';`
			`};`
			`}`