feat: add iso and readme

2025-04-28 22:47:03 +02:00
parent 45a60ff746
commit 8bdbbcd21c
4 changed files with 336 additions and 0 deletions
--- a/iso/configuration.nix
+++ b/iso/configuration.nix
@@ -0,0 +1,52 @@
+{ config, lib, pkgs, ... }: {
+	imports = [
+		<nixpkgs/nixos/modules/profiles/all-hardware.nix>
+		<nixpkgs/nixos/modules/profiles/base.nix>
+	];
+
+	nixpkgs.config.allowUnfree = true;
+
+	zramSwap.enable = true;
+
+	security.sudo.wheelNeedsPassword = false;
+
+	networking.hostName = "install";
+
+	services.openssh.enable = true;
+	services.openssh.settings.PermitRootLogin = "yes";
+
+	users.mutableUsers = false;
+	users.users.root = {
+		# Password is "linux"
+		hashedPassword = lib.mkForce "$6$7IKExnDde920x.YH$ggegnnKJYdmg1Wt33fxuPpM.MmIaX32LXVyjL8ed7ohT385lKotFGzRpitncQ3pd9Lci1QCFGRn2tVJGxkFAm0";
+	};
+
+	services.avahi = {
+		enable = true;
+		ipv4 = true;
+		ipv6 = true;
+		nssmdns = true;
+		publish = { enable = true; domain = true; addresses = true; };
+	};
+
+	environment.systemPackages = with pkgs; [
+		coreutils
+		curl
+		file
+		git
+		htop
+		lsof
+		nano
+		openssl
+		pciutils
+		pv
+		tmux
+		tree
+		unar
+		vim_configurable
+		wget
+		zip
+	];
+
+  system.stateVersion = "23.05"; # Did you read the comment?
+}
--- a/iso/default.nix
+++ b/iso/default.nix
@@ -0,0 +1,86 @@
+{
+	system ? "x86_64-linux",
+}:
+(import <nixpkgs/nixos/lib/eval-config.nix> {
+	inherit system;
+	modules = [
+		<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
+		./configuration.nix
+		({ config, pkgs, lib, ... }: {
+			systemd.services.install = {
+				description = "Bootstrap a NixOS installation";
+				wantedBy = [ "multi-user.target" ];
+				after = [ "network.target" "polkit.service" ];
+				path = [ "/run/current-system/sw/" ];
+				script = with pkgs; ''
+					echo 'journalctl -fb -n100 -uinstall' >>~nixos/.bash_history
+
+					set -eux
+
+					wait-for() {
+						for _ in seq 10; do
+							if $@; then
+								break
+							fi
+							sleep 1
+						done
+					}
+
+					dev=/dev/sda
+					[ -b /dev/nvme0n1 ] && dev=/dev/nvme0n1
+					[ -b /dev/vda ] && dev=/dev/vda
+
+					${utillinux}/bin/sfdisk --wipe=always $dev <<-END
+						label: gpt
+
+						name=BOOT, size=512MiB, type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B
+						name=NIXOS
+					END
+
+					sync
+					wait-for [ -b /dev/disk/by-partlabel/BOOT ]
+
+					mkfs.fat -F 32 -n boot /dev/disk/by-partlabel/BOOT
+					wait-for mkfs.fat -F 32 -n boot /dev/disk/by-partlabel/BOOT
+
+					wait-for [ -b /dev/disk/by-partlabel/NIXOS ]
+					${cryptsetup}/bin/cryptsetup luksFormat --type=luks2 --label=root /dev/disk/by-partlabel/NIXOS /dev/zero --keyfile-size=1
+					${cryptsetup}/bin/cryptsetup luksOpen /dev/disk/by-partlabel/NIXOS root --key-file=/dev/zero --keyfile-size=1
+					mkfs.ext4 -L nixos /dev/mapper/root
+
+					sync
+					mount /dev/mapper/root /mnt
+
+					mkdir /mnt/boot
+					wait-for mount /dev/disk/by-label/boot /mnt/boot
+
+					install -D ${./configuration.nix} /mnt/etc/nixos/configuration.nix
+					install -D ${./hardware-configuration.nix} /mnt/etc/nixos/hardware-configuration.nix
+
+					sed -i -E 's/(\w*)#installer-only /\1/' /mnt/etc/nixos/*
+
+					${config.system.build.nixos-install}/bin/nixos-install \
+						--system ${(import <nixpkgs/nixos/lib/eval-config.nix> {
+							inherit system;
+							modules = [
+								./configuration.nix
+								./hardware-configuration.nix
+							];
+						}).config.system.build.toplevel} \
+						--no-root-passwd \
+						--cores 0
+
+					echo 'Shutting off in 1min'
+					${systemd}/bin/shutdown +1
+				'';
+				environment = config.nix.envVars // {
+					inherit (config.environment.sessionVariables) NIX_PATH;
+					HOME = "/root";
+				};
+				serviceConfig = {
+					Type = "oneshot";
+				};
+			};
+		})
+	];
+}).config.system.build.isoImage
--- a/iso/hardware-configuration.nix
+++ b/iso/hardware-configuration.nix
@@ -0,0 +1,26 @@
+{ config, pkgs, ... }: {
+	boot.loader.systemd-boot.enable = true;
+
+	fileSystems."/boot" = {
+		device = "/dev/disk/by-label/boot";
+		fsType = "vfat";
+	};
+
+	boot.initrd.luks.devices.root = {
+		device = "/dev/disk/by-label/root";
+
+		# WARNING: Leaks some metadata, see cryptsetup man page for --allow-discards.
+		allowDiscards = true;
+
+		# Set your own key with:
+		# cryptsetup luksChangeKey /dev/disk/by-label/root --key-file=/dev/zero --keyfile-size=1
+		# You can then delete the rest of this block.
+		keyFile = "/dev/zero";
+		keyFileSize = 1;
+	};
+
+	fileSystems."/" = {
+		device = "/dev/mapper/root";
+		fsType = "ext4";
+	};
+}