From c45fb4d230b0811abc357d817110b03cea22d1ae Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Tue, 28 Nov 2023 15:44:54 +0100
Subject: [PATCH] add iso, change networking for fw

---
 .../fw.cloonar.com/hardware-configuration.nix | 18 +++-
 hosts/fw.cloonar.com/modules/networking.nix   | 22 ++---
 iso/configuration.nix                         | 54 ++++++++++++
 iso/default.nix                               | 84 +++++++++++++++++++
 iso/hardware-configuration.nix                | 13 +++
 iso/result                                    |  1 +
 6 files changed, 177 insertions(+), 15 deletions(-)
 create mode 100644 iso/configuration.nix
 create mode 100644 iso/default.nix
 create mode 100644 iso/hardware-configuration.nix
 create mode 120000 iso/result

diff --git a/hosts/fw.cloonar.com/hardware-configuration.nix b/hosts/fw.cloonar.com/hardware-configuration.nix
index f67b9f4..b809bd2 100644
--- a/hosts/fw.cloonar.com/hardware-configuration.nix
+++ b/hosts/fw.cloonar.com/hardware-configuration.nix
@@ -1,9 +1,19 @@
 { modulesPath, ... }:
 {
-  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
-  boot.loader.grub.device = "/dev/sda";
+	boot.loader.systemd-boot.enable = true;
+
   boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "vmw_pvscsi" "xen_blkfront" ];
   boot.initrd.kernelModules = [ "nvme" ];
-  fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
-  
+
+	fileSystems."/boot" = {
+		device = "/dev/disk/by-label/boot";
+		fsType = "vfat";
+	};
+
+	fileSystems."/" = {
+		device = "/dev/disk/by-partlabel/NIXOS";
+		fsType = "ext4";
+	};
+
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
diff --git a/hosts/fw.cloonar.com/modules/networking.nix b/hosts/fw.cloonar.com/modules/networking.nix
index 984f80e..127a357 100644
--- a/hosts/fw.cloonar.com/modules/networking.nix
+++ b/hosts/fw.cloonar.com/modules/networking.nix
@@ -1,41 +1,41 @@
 { ... }: {
+  systemd.network.links."10-wan" = {
+    matchConfig.PermanentMACAddress = "a8:b8:e0:00:43:c1";
+    linkConfig.Name = "wan";
+  };
+
   networking = {
     useDHCP = false;
     nameservers = [ "9.9.9.9" "149.112.112.112" ];
     # Define VLANS
     vlans = {
-      wan = {
-        id = 10;
-        interface = "enp1s0";
-      };
       lan = {
         id = 1;
-        interface = "enp2s0";
+        interface = "enp3s0";
       };
       server = {
         id = 2;
-        interface = "enp3s0";
+        interface = "enp4s0";
       };
       multimedia = {
         id = 3;
-        interface = "enp4s0";
+        interface = "enp5s0";
       };
       smart = {
         id = 4094;
-        interface = "enp4s0";
+        interface = "enp5s0";
       };
       guest = {
         id = 100;
-        interface = "enp4s0";
+        interface = "enp5s0";
       };
     };
 
     interfaces = {
       # Don't request DHCP on the physical interfaces
-      enp1s0.useDHCP = false;
-      enp2s0.useDHCP = false;
       enp3s0.useDHCP = false;
       enp4s0.useDHCP = false;
+      enp5s0.useDHCP = false;
       
       # Handle the VLANs
       wan.useDHCP = true;
diff --git a/iso/configuration.nix b/iso/configuration.nix
new file mode 100644
index 0000000..a9a2fa5
--- /dev/null
+++ b/iso/configuration.nix
@@ -0,0 +1,54 @@
+{ config, lib, pkgs, ... }: {
+	imports = [
+		<nixpkgs/nixos/modules/profiles/all-hardware.nix>
+		<nixpkgs/nixos/modules/profiles/base.nix>
+		#installer-only ./hardware-configuration.nix
+	];
+
+	nixpkgs.config.allowUnfree = true;
+
+	zramSwap.enable = true;
+	services.logind.lidSwitch = "ignore";
+
+	security.sudo.wheelNeedsPassword = false;
+
+	networking.hostName = "install";
+
+	services.openssh.enable = true;
+	services.openssh.settings.PermitRootLogin = "yes";
+
+	users.mutableUsers = false;
+	users.users.root = {
+		# Password is "linux"
+		hashedPassword = lib.mkForce "$6$7IKExnDde920x.YH$ggegnnKJYdmg1Wt33fxuPpM.MmIaX32LXVyjL8ed7ohT385lKotFGzRpitncQ3pd9Lci1QCFGRn2tVJGxkFAm0";
+	};
+
+	services.avahi = {
+		enable = true;
+		ipv4 = true;
+		ipv6 = true;
+		nssmdns = true;
+		publish = { enable = true; domain = true; addresses = true; };
+	};
+
+	environment.systemPackages = with pkgs; [
+		coreutils
+		curl
+		file
+		git
+		htop
+		lsof
+		nano
+		openssl
+		pciutils
+		pv
+		tmux
+		tree
+		unar
+		vim_configurable
+		wget
+		zip
+	];
+
+  system.stateVersion = "23.05"; # Did you read the comment?
+}
diff --git a/iso/default.nix b/iso/default.nix
new file mode 100644
index 0000000..82cc1ef
--- /dev/null
+++ b/iso/default.nix
@@ -0,0 +1,84 @@
+{
+	system ? "x86_64-linux",
+}:
+(import <nixpkgs/nixos/lib/eval-config.nix> {
+	inherit system;
+	modules = [
+		<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
+		./configuration.nix
+		({ config, pkgs, lib, ... }: {
+			systemd.services.install = {
+				description = "Bootstrap a NixOS installation";
+				wantedBy = [ "multi-user.target" ];
+				after = [ "network.target" "polkit.service" ];
+				path = [ "/run/current-system/sw/" ];
+				script = with pkgs; ''
+					echo 'journalctl -fb -n100 -uinstall' >>~nixos/.bash_history
+
+					set -eux
+
+					wait-for() {
+						for _ in seq 10; do
+							if $@; then
+								break
+							fi
+							sleep 1
+						done
+					}
+
+					dev=/dev/sda
+					[ -b /dev/nvme0n1 ] && dev=/dev/nvme0n1
+					[ -b /dev/vda ] && dev=/dev/vda
+
+					${utillinux}/bin/sfdisk --wipe=always $dev <<-END
+						label: gpt
+
+						name=BOOT, size=512MiB, type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B
+						name=NIXOS
+					END
+					mkfs.fat -F 32 -n boot /dev/disk/by-partlabel/BOOT
+
+					sync
+					wait-for [ -b /dev/disk/by-partlabel/BOOT ]
+
+					wait-for mkfs.fat -F 32 -n boot /dev/disk/by-partlabel/BOOT
+
+					wait-for [ -b /dev/disk/by-partlabel/NIXOS ]
+					mkfs.ext4 -L nixos /dev/disk/by-partlabel/NIXOS
+
+					sync
+					mount /dev/disk/by-partlabel/NIXOS /mnt
+
+					mkdir /mnt/boot
+					wait-for mount /dev/disk/by-label/boot /mnt/boot
+
+					install -D ${./configuration.nix} /mnt/etc/nixos/configuration.nix
+					install -D ${./hardware-configuration.nix} /mnt/etc/nixos/hardware-configuration.nix
+
+					sed -i -E 's/(\w*)#installer-only /\1/' /mnt/etc/nixos/*
+
+					${config.system.build.nixos-install}/bin/nixos-install \
+						--system ${(import <nixpkgs/nixos/lib/eval-config.nix> {
+							inherit system;
+							modules = [
+								./configuration.nix
+								./hardware-configuration.nix
+							];
+						}).config.system.build.toplevel} \
+						--no-root-passwd \
+						--cores 0
+
+					echo 'Shutting off in 1min'
+					${systemd}/bin/shutdown +1
+				'';
+				environment = config.nix.envVars // {
+					inherit (config.environment.sessionVariables) NIX_PATH;
+					HOME = "/root";
+				};
+				serviceConfig = {
+					Type = "oneshot";
+				};
+			};
+		})
+	];
+}).config.system.build.isoImage
diff --git a/iso/hardware-configuration.nix b/iso/hardware-configuration.nix
new file mode 100644
index 0000000..218de10
--- /dev/null
+++ b/iso/hardware-configuration.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, ... }: {
+	boot.loader.systemd-boot.enable = true;
+
+	fileSystems."/boot" = {
+		device = "/dev/disk/by-label/boot";
+		fsType = "vfat";
+	};
+
+	fileSystems."/" = {
+		device = "/dev/disk/by-partlabel/NIXOS";
+		fsType = "ext4";
+	};
+}
diff --git a/iso/result b/iso/result
new file mode 120000
index 0000000..b04a57f
--- /dev/null
+++ b/iso/result
@@ -0,0 +1 @@
+/nix/store/awr76nk2v9gambbksl4lj2z1f30b595i-nixos-23.05.4974.d2e4de209881-x86_64-linux.iso
\ No newline at end of file