commit 469161e86723a107aaf55d516f14926aabd0fdd3
parent fcff8bae14677a25157b5db28ef54b42b410a212
Author: Vincent Demeester <vincent@sbr.pm>
Date: Mon, 13 Jul 2020 11:50:15 +0200
hack: add a iso build 🙃
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
2 files changed, 66 insertions(+), 0 deletions(-)
diff --git a/hack/installer_configuration.nix b/hack/installer_configuration.nix
@@ -0,0 +1,18 @@
+{ config, pkgs, ... }:
+
+{
+ imports =
+ [
+ # Include the results of the hardware scan.
+ ./hardware-configuration.nix
+ ];
+
+ # Use the systemd-boot EFI boot loader.
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ services.openssh.enable = true;
+ users.users.root.openssh.authorizedKeys.keyFiles = [ /etc/ssh/authorized_keys.d/root ];
+
+ networking.hostName = "nixos"; # Define your hostname.
+}
diff --git a/hack/iso.nix b/hack/iso.nix
@@ -0,0 +1,48 @@
+# To build the installer for your system's architecture:
+#
+# nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix
+#
+# To build a 32-bit installer, overrride the value of the `system` parameter:
+#
+# nix-build <SAME AS BEFORE> --argStr system i686-linux
+#
+
+{ config, lib, pkgs, system ? builtins.currentSystem, ... }:
+
+with lib;
+let
+ secretPath = ../../secrets/machines.nix;
+ secretCondition = (builtins.pathExists secretPath);
+
+ isAuthorized = p: builtins.isAttrs p && p.authorized or false;
+ authorizedKeys = lists.optionals secretCondition (
+ attrsets.mapAttrsToList
+ (name: value: value.key)
+ (attrsets.filterAttrs (name: value: isAuthorized value) (import secretPath).ssh)
+ );
+in
+{
+ imports = [
+ # https://nixos.wiki/wiki/Creating_a_NixOS_live_CD
+ <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
+ <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
+ ];
+
+ systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
+ users = {
+ mutableUsers = false;
+ users.root.openssh.authorizedKeys.keys = authorizedKeys;
+ };
+
+ environment.etc = {
+ "install.sh" = {
+ source = ./install.sh;
+ mode = "0700";
+ };
+
+ "configuration.nix" = {
+ source = ./installer_configuration.nix;
+ mode = "0600";
+ };
+ };
+}