feat: added nixos generators

2023-08-30 16:38:30 +02:00 · 2023-08-30 16:38:30 +02:00 · 440048e60c
parent c869e5fc62
commit 440048e60c
9 changed files with 159 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -75,6 +75,10 @@
    1. Create and fill `default.nix`
    1. Fill `net.nix`
    1. Fill `fs.nix`
+    2. Don't forget to add necesarry config for filesystems, etc.
+3. Generate ISO image with `nix build --print-out-paths --no-link .#images.<target-system>.live-iso`
+3. Copy ISO to usb and boot
+5. Copy installer from local machine to live systemd


 ## Deploy
--- a/flake.lock
+++ b/flake.lock
@ -286,6 +286,42 @@
        "type": "github"
      }
    },
+    "nixlib": {
+      "locked": {
+        "lastModified": 1689469483,
+        "narHash": "sha256-2SBhY7rZQ/iNCxe04Eqxlz9YK9KgbaTMBssq3/BgdWY=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "02fea408f27186f139153e1ae88f8ab2abd9c22c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nixos-generators": {
+      "inputs": {
+        "nixlib": "nixlib",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1690133435,
+        "narHash": "sha256-YNZiefETggroaTLsLJG2M+wpF0pJPwiauKG4q48ddNU=",
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "rev": "b1171de4d362c022130c92d7c8adc4bf2b83d586",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "type": "github"
+      }
+    },
    "nixos-hardware": {
      "locked": {
        "lastModified": 1690200740,
@ -370,6 +406,7 @@
        "home-manager": "home-manager",
        "hyprland": "hyprland",
        "impermanence": "impermanence",
+        "nixos-generators": "nixos-generators",
        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs",
        "pre-commit-hooks": "pre-commit-hooks",
--- a/flake.nix
+++ b/flake.nix
@ -12,6 +12,11 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };

+    nixos-generators = {
+      url = "github:nix-community/nixos-generators";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    home-manager = {
      url = "github:nix-community/home-manager";
      # should use system nixpkgs instead of their own
@ -73,8 +78,12 @@
    colmena,
    agenix-rekey,
    devshell,
+    nixos-generators,
    ...
-  } @ inputs:
+  } @ inputs: let
+    inherit (nixpkgs) lib;
+    stateVersion = "23.05";
+  in
    {
      secretsConfig = {
        masterIdentities = [./secrets/NIXOSc.key.pub];
@ -82,7 +91,7 @@
        extraEncryptionPubkeys = [./secrets/recipients.txt];
      };

-      stateVersion = "23.05";
+      inherit stateVersion;

      hosts = builtins.fromTOML (builtins.readFile ./hosts.toml);

@ -92,6 +101,14 @@
      # todo add microvmNodes

      nodes = self.colmenaNodes;
+
+      inherit
+        (lib.foldl' lib.recursiveUpdate {}
+          (lib.mapAttrsToList
+            (import ./nix/generate-installer-package.nix inputs)
+            self.colmenaNodes))
+        packages
+        ;
    }
    // flake-utils.lib.eachDefaultSystem (system: rec {
      pkgs = import nixpkgs {
@ -100,6 +117,22 @@
        # TODO fix this to only allow specific unfree packages
        config.allowUnfree = true;
      };
+
+      images.live-iso = nixos-generators.nixosGenerate {
+        inherit pkgs;
+        modules = [
+          ./nix/installer-configuration.nix
+          ./hosts/common/core/ssh.nix
+          {system.stateVersion = stateVersion;}
+        ];
+        format =
+          {
+            x86_64-linux = "install-iso";
+            aarch64-linux = "sd-aarch64-installer";
+          }
+          .${system};
+      };
+
      apps = agenix-rekey.defineApps self pkgs self.nodes;
      checks = import ./nix/checks.nix inputs system;
      devShell = import ./nix/devshell.nix inputs system;
--- a/hosts/common/hardware/laptop.nix
+++ b/hosts/common/hardware/laptop.nix
@ -7,7 +7,6 @@
    physlock.enable = true;
    tlp = {
      enable = true;
-      # currently broken. Issue open at https://github.com/linrunner/TLP/issues/692
      settings = {
        USB_EXCLUDE_PHONE = 1;
      };
--- a/hosts/common/hardware/nvidia.nix
+++ b/hosts/common/hardware/nvidia.nix
@ -1,8 +1,4 @@
-{
-  lib,
-  pkgs,
-  ...
-}: {
+{lib, ...}: {
  services.xserver.videoDrivers = lib.mkForce ["nvidia"];

  hardware = {
--- a/hosts/desktopnix/default.nix
+++ b/hosts/desktopnix/default.nix
@ -8,7 +8,21 @@
    ../common/core
    ../common/dev

+    ../common/graphical/fonts.nix
+    ../common/graphical/steam.nix
+
+    ../common/hardware/bluetooth.nix
+    ../common/hardware/intel.nix
+    ../common/hardware/physical.nix
+    ../common/hardware/pipewire.nix
+    ../common/hardware/yubikey.nix
+    ../common/hardware/zfs.nix
+
+    ./smb-mounts.nix
+
    ./net.nix
    ./fs.nix
+
+    ../../users/patrick
  ];
 }
--- a/nix/generate-installer-package.nix
+++ b/nix/generate-installer-package.nix
@ -0,0 +1,34 @@
+{self, ...}: nodeName: nodeAttrs: let
+  inherit (self.hosts.${nodeName}) system;
+  pkgs = self.pkgs.${system};
+
+  disko-script = pkgs.writeShellScriptBin "disko-script" "${nodeAttrs.config.system.build.diskoScript}";
+  disko-mount = pkgs.writeShellScriptBin "disko-mount" "${nodeAttrs.config.system.build.mountScript}";
+  disko-format = pkgs.writeShellScriptBin "disko-format" "${nodeAttrs.config.system.build.formatScript}";
+
+  install-system = pkgs.writeShellScriptBin "install-system" ''
+    set -euo pipefail
+
+    echo "Formatting disks..."
+    ${disko-script}/bin/disko-script
+
+    echo "Installing system..."
+    nixos-install --no-root-password --system ${nodeAttrs.config.system.build.toplevel}
+
+    echo "Done!"
+  '';
+
+  installer-package = pkgs.symlinkJoin {
+    name = "installer-package-${nodeName}";
+    paths = [
+      disko-script
+      disko-mount
+      disko-format
+      install-system
+    ];
+  };
+in {
+  # Everything required for the installer as a single package,
+  # so it can be used from an existing live system by copying the derivation.
+  packages.${system}.installer-package.${nodeName} = installer-package;
+}
--- a/nix/installer-configuration.nix
+++ b/nix/installer-configuration.nix
@ -0,0 +1,32 @@
+{pkgs, ...}: {
+  nix.extraOptions = ''
+    experimental-features = nix-command flakes recursive-nix
+  '';
+
+  console = {
+    keyMap = "de-latin1-nodeadkeys";
+  };
+
+  users.users.root = {
+    password = "nixos";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZixkix0KfKuq7Q19whS5FQQg51/AJGB5BiNF/7h/LM"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxD4GOrwrBTG4/qQhm5hoSB2CP7W9g1LPWP11oLGOjQ"
+    ];
+  };
+
+  environment = {
+    variables.EDITOR = "nvim";
+    systemPackages = with pkgs; [
+      neovim
+      git
+      parted
+      ripgrep
+      bat
+      curl
+    ];
+    etc.issue.text = ''
+      Gey
+    '';
+  };
+}
--- a/users/patrick/ssh.nix
+++ b/users/patrick/ssh.nix
@ -1,4 +1,5 @@
 {
+  # yubikey public key parts
  home.file.".ssh/1.pub".text = ''
    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZixkix0KfKuq7Q19whS5FQQg51/AJGB5BiNF/7h/LM cardno:15 489 049
  '';
@ -16,7 +17,7 @@
        inherit identityFile;
      };
      "patricknix" = {
-        hostname = "localhost";
+        hostname = "patricknix.local";
        user = "root";
        inherit identityFile;
      };