diff --git a/README.md b/README.md index 6d14404..44039a8 100644 --- a/README.md +++ b/README.md @@ -75,6 +75,10 @@ 1. Create and fill `default.nix` 1. Fill `net.nix` 1. Fill `fs.nix` + 2. Don't forget to add necesarry config for filesystems, etc. +3. Generate ISO image with `nix build --print-out-paths --no-link .#images..live-iso` +3. Copy ISO to usb and boot +5. Copy installer from local machine to live systemd ## Deploy diff --git a/flake.lock b/flake.lock index 9ccf3ce..af90f5d 100644 --- a/flake.lock +++ b/flake.lock @@ -286,6 +286,42 @@ "type": "github" } }, + "nixlib": { + "locked": { + "lastModified": 1689469483, + "narHash": "sha256-2SBhY7rZQ/iNCxe04Eqxlz9YK9KgbaTMBssq3/BgdWY=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "02fea408f27186f139153e1ae88f8ab2abd9c22c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1690133435, + "narHash": "sha256-YNZiefETggroaTLsLJG2M+wpF0pJPwiauKG4q48ddNU=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "b1171de4d362c022130c92d7c8adc4bf2b83d586", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1690200740, @@ -370,6 +406,7 @@ "home-manager": "home-manager", "hyprland": "hyprland", "impermanence": "impermanence", + "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "pre-commit-hooks": "pre-commit-hooks", diff --git a/flake.nix b/flake.nix index 5f616af..b465a27 100644 --- a/flake.nix +++ b/flake.nix @@ -12,6 +12,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { url = "github:nix-community/home-manager"; # should use system nixpkgs instead of their own @@ -73,8 +78,12 @@ colmena, agenix-rekey, devshell, + nixos-generators, ... - } @ inputs: + } @ inputs: let + inherit (nixpkgs) lib; + stateVersion = "23.05"; + in { secretsConfig = { masterIdentities = [./secrets/NIXOSc.key.pub]; @@ -82,7 +91,7 @@ extraEncryptionPubkeys = [./secrets/recipients.txt]; }; - stateVersion = "23.05"; + inherit stateVersion; hosts = builtins.fromTOML (builtins.readFile ./hosts.toml); @@ -92,6 +101,14 @@ # todo add microvmNodes nodes = self.colmenaNodes; + + inherit + (lib.foldl' lib.recursiveUpdate {} + (lib.mapAttrsToList + (import ./nix/generate-installer-package.nix inputs) + self.colmenaNodes)) + packages + ; } // flake-utils.lib.eachDefaultSystem (system: rec { pkgs = import nixpkgs { @@ -100,6 +117,22 @@ # TODO fix this to only allow specific unfree packages config.allowUnfree = true; }; + + images.live-iso = nixos-generators.nixosGenerate { + inherit pkgs; + modules = [ + ./nix/installer-configuration.nix + ./hosts/common/core/ssh.nix + {system.stateVersion = stateVersion;} + ]; + format = + { + x86_64-linux = "install-iso"; + aarch64-linux = "sd-aarch64-installer"; + } + .${system}; + }; + apps = agenix-rekey.defineApps self pkgs self.nodes; checks = import ./nix/checks.nix inputs system; devShell = import ./nix/devshell.nix inputs system; diff --git a/hosts/common/hardware/laptop.nix b/hosts/common/hardware/laptop.nix index c62ad20..7faf61f 100644 --- a/hosts/common/hardware/laptop.nix +++ b/hosts/common/hardware/laptop.nix @@ -7,7 +7,6 @@ physlock.enable = true; tlp = { enable = true; - # currently broken. Issue open at https://github.com/linrunner/TLP/issues/692 settings = { USB_EXCLUDE_PHONE = 1; }; diff --git a/hosts/common/hardware/nvidia.nix b/hosts/common/hardware/nvidia.nix index a764899..b03a07e 100644 --- a/hosts/common/hardware/nvidia.nix +++ b/hosts/common/hardware/nvidia.nix @@ -1,8 +1,4 @@ -{ - lib, - pkgs, - ... -}: { +{lib, ...}: { services.xserver.videoDrivers = lib.mkForce ["nvidia"]; hardware = { diff --git a/hosts/desktopnix/default.nix b/hosts/desktopnix/default.nix index a51ac1c..ceadf92 100644 --- a/hosts/desktopnix/default.nix +++ b/hosts/desktopnix/default.nix @@ -8,7 +8,21 @@ ../common/core ../common/dev + ../common/graphical/fonts.nix + ../common/graphical/steam.nix + + ../common/hardware/bluetooth.nix + ../common/hardware/intel.nix + ../common/hardware/physical.nix + ../common/hardware/pipewire.nix + ../common/hardware/yubikey.nix + ../common/hardware/zfs.nix + + ./smb-mounts.nix + ./net.nix ./fs.nix + + ../../users/patrick ]; } diff --git a/nix/generate-installer-package.nix b/nix/generate-installer-package.nix new file mode 100644 index 0000000..30c5efd --- /dev/null +++ b/nix/generate-installer-package.nix @@ -0,0 +1,34 @@ +{self, ...}: nodeName: nodeAttrs: let + inherit (self.hosts.${nodeName}) system; + pkgs = self.pkgs.${system}; + + disko-script = pkgs.writeShellScriptBin "disko-script" "${nodeAttrs.config.system.build.diskoScript}"; + disko-mount = pkgs.writeShellScriptBin "disko-mount" "${nodeAttrs.config.system.build.mountScript}"; + disko-format = pkgs.writeShellScriptBin "disko-format" "${nodeAttrs.config.system.build.formatScript}"; + + install-system = pkgs.writeShellScriptBin "install-system" '' + set -euo pipefail + + echo "Formatting disks..." + ${disko-script}/bin/disko-script + + echo "Installing system..." + nixos-install --no-root-password --system ${nodeAttrs.config.system.build.toplevel} + + echo "Done!" + ''; + + installer-package = pkgs.symlinkJoin { + name = "installer-package-${nodeName}"; + paths = [ + disko-script + disko-mount + disko-format + install-system + ]; + }; +in { + # Everything required for the installer as a single package, + # so it can be used from an existing live system by copying the derivation. + packages.${system}.installer-package.${nodeName} = installer-package; +} diff --git a/nix/installer-configuration.nix b/nix/installer-configuration.nix new file mode 100644 index 0000000..568fa4f --- /dev/null +++ b/nix/installer-configuration.nix @@ -0,0 +1,32 @@ +{pkgs, ...}: { + nix.extraOptions = '' + experimental-features = nix-command flakes recursive-nix + ''; + + console = { + keyMap = "de-latin1-nodeadkeys"; + }; + + users.users.root = { + password = "nixos"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZixkix0KfKuq7Q19whS5FQQg51/AJGB5BiNF/7h/LM" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxD4GOrwrBTG4/qQhm5hoSB2CP7W9g1LPWP11oLGOjQ" + ]; + }; + + environment = { + variables.EDITOR = "nvim"; + systemPackages = with pkgs; [ + neovim + git + parted + ripgrep + bat + curl + ]; + etc.issue.text = '' + Gey + ''; + }; +} diff --git a/users/patrick/ssh.nix b/users/patrick/ssh.nix index e8165ce..10769e2 100644 --- a/users/patrick/ssh.nix +++ b/users/patrick/ssh.nix @@ -1,4 +1,5 @@ { + # yubikey public key parts home.file.".ssh/1.pub".text = '' ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZixkix0KfKuq7Q19whS5FQQg51/AJGB5BiNF/7h/LM cardno:15 489 049 ''; @@ -16,7 +17,7 @@ inherit identityFile; }; "patricknix" = { - hostname = "localhost"; + hostname = "patricknix.local"; user = "root"; inherit identityFile; };