nixos/iso/default.nix

{
	system ? "x86_64-linux",
}:
(import <nixpkgs/nixos/lib/eval-config.nix> {
	inherit system;
	modules = [
		<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
		./configuration.nix
		({ config, pkgs, lib, ... }: {
			systemd.services.install = {
				description = "Bootstrap a NixOS installation";
				wantedBy = [ "multi-user.target" ];
				after = [ "network.target" "polkit.service" ];
				path = [ "/run/current-system/sw/" ];
				script = with pkgs; ''
					echo 'journalctl -fb -n100 -uinstall' >>~nixos/.bash_history

					set -eux

					wait-for() {
						for _ in seq 10; do
							if $@; then
								break
							fi
							sleep 1
						done
					}

					dev=/dev/sda
					[ -b /dev/nvme0n1 ] && dev=/dev/nvme0n1
					[ -b /dev/vda ] && dev=/dev/vda

					${utillinux}/bin/sfdisk --wipe=always $dev <<-END
						label: gpt

						name=BOOT, size=1024MiB, type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B
						name=NIXOS
					END
					mkfs.fat -F 32 -n boot /dev/disk/by-partlabel/BOOT

					sync
					wait-for [ -b /dev/disk/by-partlabel/BOOT ]

					wait-for mkfs.fat -F 32 -n boot /dev/disk/by-partlabel/BOOT

					wait-for [ -b /dev/disk/by-partlabel/NIXOS ]
					${cryptsetup}/bin/cryptsetup luksFormat --type=luks2 --label=root /dev/disk/by-partlabel/NIXOS /dev/zero --keyfile-size=1
					${cryptsetup}/bin/cryptsetup luksOpen /dev/disk/by-partlabel/NIXOS root --key-file=/dev/zero --keyfile-size=1
					mkfs.btrfs -f -L nixos /dev/mapper/root

					sync
          mount /dev/mapper/root /mnt

          btrfs subvolume create /mnt/@
          btrfs subvolume create /mnt/@nix-store
          btrfs subvolume create /mnt/@nix-persist

          umount /mnt

					sync
          mount -t tmpfs -o size=16G,mode=755 tmpfs /mnt
          mkdir -p /mnt/nix
          mount -o noatime,compress=zstd:3,ssd,discard=async,space_cache=v2,subvol=@ /dev/mapper/root /mnt/nix
          mkdir -p /mnt/nix/{store,persist}
          mount -o noatime,compress=zstd:3,ssd,discard=async,space_cache=v2,subvol=@nix-store /dev/mapper/root /mnt/nix/store
          mount -o noatime,compress=zstd:3,ssd,discard=async,space_cache=v2,subvol=@nix-persist /dev/mapper/root /mnt/nix/persist

          mkdir -p /mnt/nix/persist/home

          mkdir -p /mnt/etc/nixos
          mkdir -p /mnt/nix/persist/system/etc/nixos
          mount --bind /mnt/nix/persist/system/etc/nixos /mnt/etc/nixos
          mkdir -p /mnt/root/.ssh
          mkdir -p /mnt/nix/persist/system/root/.ssh
          mount --bind /mnt/nix/persist/system/root/.ssh /mnt/root/.ssh
          mkdir -p /mnt/var/bento
          mkdir -p /mnt/nix/persist/system/var/bento
          mount --bind /mnt/nix/persist/system/var/bento /mnt/var/bento
          mkdir -p /mnt/var/log
          mkdir -p /mnt/nix/persist/system/var/log
          mount --bind /mnt/nix/persist/system/var/log /mnt/var/log
          mkdir -p /mnt/var/lib/bluetooth
          mkdir -p /mnt/nix/persist/system/var/lib/bluetooth
          mount --bind /mnt/nix/persist/system/var/lib/bluetooth /mnt/var/lib/bluetooth
          mkdir -p /mnt/var/lib/docker
          mkdir -p /mnt/nix/persist/system/var/lib/docker
          mount --bind /mnt/nix/persist/system/var/lib/docker /mnt/var/lib/docker
          mkdir -p /mnt/var/lib/flatpak
          mkdir -p /mnt/nix/persist/system/var/lib/flatpak
          mount --bind /mnt/nix/persist/system/var/lib/flatpak /mnt/var/lib/flatpak
          mkdir -p /mnt/var/lib/fprint
          mkdir -p /mnt/nix/persist/system/var/lib/fprint
          mount --bind /mnt/nix/persist/system/var/lib/fprint /mnt/var/lib/fprint
          mkdir -p /mnt/var/lib/nixos
          mkdir -p /mnt/nix/persist/system/var/lib/nixos
          mount --bind /mnt/nix/persist/system/var/lib/nixos /mnt/var/lib/nixos
          mkdir -p /mnt/var/lib/mysql
          mkdir -p /mnt/nix/persist/system/var/lib/mysql
          mount --bind /mnt/nix/persist/system/var/lib/mysql /mnt/var/lib/mysql
          mkdir -p /mnt/etc/NetworkManager/system-connections
          mkdir -p /mnt/nix/persist/system/etc/NetworkManager/system-connections
          mount --bind /mnt/nix/persist/system/etc/NetworkManager/system-connections /mnt/etc/NetworkManager/system-connections

					mkdir /mnt/boot
					wait-for mount /dev/disk/by-label/boot /mnt/boot

          mkdir -p /mnt/nix/persist/system/etc/ssh
          ssh-keygen -t ed25519 -N "" -f /mnt/nix/persist/system/etc/ssh/ssh_host_ed25519_key
          ssh-keygen -t rsa     -b 4096 -N "" -f /mnt/nix/persist/system/etc/ssh/ssh_host_rsa_key

					install -D ${./configuration.nix} /mnt/etc/nixos/configuration.nix
					install -D ${./hardware-configuration.nix} /mnt/etc/nixos/hardware-configuration.nix

					sed -i -E 's/(\w*)#installer-only /\1/' /mnt/etc/nixos/*

					${config.system.build.nixos-install}/bin/nixos-install \
						--system ${(import <nixpkgs/nixos/lib/eval-config.nix> {
							inherit system;
							modules = [
								./configuration.nix
								./hardware-configuration.nix
							];
						}).config.system.build.toplevel} \
						--no-root-passwd \
						--cores 0

					echo 'Shutting off in 1min'
					${systemd}/bin/shutdown +1
				'';
				environment = config.nix.envVars // {
					inherit (config.environment.sessionVariables) NIX_PATH;
					HOME = "/root";
				};
				serviceConfig = {
					Type = "oneshot";
				};
			};
		})
	];
}).config.system.build.isoImage