https://github.com/intersectmbo/cardano-airgap

Builds an airgapped nixos boot image with credential-manager signing tools.
https://github.com/intersectmbo/cardano-airgap

Last synced: 9 months ago
JSON representation

Builds an airgapped nixos boot image with credential-manager signing tools.

• Host: GitHub
• URL: https://github.com/intersectmbo/cardano-airgap
• Owner: IntersectMBO
• License: apache-2.0
• Created: 2024-07-16T22:22:44.000Z (over 1 year ago)
• Default Branch: master
• Last Pushed: 2025-05-31T04:56:49.000Z (10 months ago)
• Last Synced: 2025-05-31T07:56:31.161Z (10 months ago)
• Language: Nix
• Homepage:
• Size: 231 KB
• Stars: 0
• Watchers: 2
• Forks: 2
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG
  • Contributing: CONTRIBUTING
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT
  • Codeowners: CODEOWNERS
  • Security: SECURITY.md

Awesome Lists containing this project

README

          
## Build the airgap-boot disk image:

```bash

$ nix build .#iso

```

## Test the airgap-boot image:

```bash

qemu-run-iso

```

## Test the airgap-boot image with a host passed device:

```bash

# Find the device of interest, in this case a thumbdrive:

❯ lsusb | grep -i sandisk

Bus 001 Device 030: ID 0781:5567 SanDisk Corp. Cruzer Blade

# Pass the device to qemu based on vendor and product id:

sudo qemu-run-iso -device nec-usb-xhci,id=xhci -device usb-host,vendorid=0x0781,productid=0x5567

# Or, pass a bus and address to qemu:

sudo qemu-run-iso -device nec-usb-xhci,id=xhci -device usb-host,hostbus=1,hostaddr=30

```

## Fomat the airgap-data device:

WARNING -- BE ABSOLUTELY SURE YOU HAVE THE CORRECT DEVICE LISTED AS THIS DRIVE WILL BE WIPED!

WARNING -- Do a dry first and review the output script if desired.

WARNING -- The device should be at least 16 GB in size or the format may fail.

Below, `$YOUR_AIRGAP_DATA_DRIVE` is the path to the airgap data device,

which may be something like: `/dev/sdb`.

### From within the airgap boot image:

```bash

format-airgap-data --dry-run --argstr device "$YOUR_AIRGAP_DATA_DRIVE"

# If satisfied with the dry run script, proceed with the formatting:

format-airgap-data --argstr device "$YOUR_AIRGAP_DATA_DRIVE"

```

### From the flake devShell of a networked machine:

```bash

disko -m destroy,format,mount --dry-run -f .#airgap-data --argstr device "$YOUR_AIRGAP_DATA_DRIVE"

# If satisfied with the dry run script, proceed with the formatting:

sudo disko -m destroy,format,mount -f .#airgap-data --argstr device "$YOUR_AIRGAP_DATA_DRIVE"

```