initial commit

hosts/nixos/iso/default.nix

@@ -0,0 +1,107 @@
+#NOTE: This ISO is NOT minimal. We don't want a minimal environment when using the iso for recovery purposes.
+{
+  inputs,
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+{
+  imports = lib.flatten [
+    # FIXME(starter): comment/uncomment the following two lines depending on if you want a cli-only, minimal iso, or a graphical iso that installs gnome
+    # If you are planning to make use of `nix-config/nixos-installer`, you will not require a graphical iso.
+    "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
+    #"${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix"
+    "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
+    # This is overkill but I want my core home level utils if I need to use the iso environment for recovery purpose
+    inputs.home-manager.nixosModules.home-manager
+    (map lib.custom.relativeToRoot [
+      "modules/common/host-spec.nix"
+      # We want primary default so we get ssh authorized keys, zsh, and some basic tty tools. It also pulls in the hm spec for iso.
+      # Note that we are not pulling in "hosts/common/users/primary/nixos.nix" for the iso as it's not needed.
+      "hosts/common/users/primary/"
+      "hosts/common/optional/minimal-user.nix"
+    ])
+  ];
+
+  hostSpec = {
+    hostName = "iso";
+    # FIXME(starter): the username below will be available in additional the the standard `root` and `nixos` users from the nixos installation image.
+    username = "panotaka";
+    isProduction = lib.mkForce false;
+
+    # FIXME(starter): add your github username and github-noreply email address
+    handle = "panotaka";
+    #email.gitHub = "foo@users.noreply.github.com";
+  };
+
+  # root's ssh key are mainly used for remote deployment
+  users.extraUsers.root = {
+    inherit (config.users.users.${config.hostSpec.username}) hashedPassword;
+    openssh.authorizedKeys.keys =
+      config.users.users.${config.hostSpec.username}.openssh.authorizedKeys.keys;
+  };
+
+  environment.etc = {
+    isoBuildTime = {
+      #
+      text = lib.readFile (
+        "${pkgs.runCommand "timestamp" {
+          # builtins.currentTime requires --impure
+          env.when = builtins.currentTime;
+        } "echo -n `date -d @$when  +%Y-%m-%d_%H-%M-%S` > $out"}"
+      );
+    };
+  };
+
+  # Add the build time to the prompt so it's easier to know the ISO age
+  programs.bash.promptInit = ''
+    export PS1="\\[\\033[01;32m\\]\\u@\\h-$(cat /etc/isoBuildTime)\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ "
+  '';
+
+  # The default compression-level is (6) and takes too long on some machines (>30m). 3 takes <2m
+  isoImage.squashfsCompression = "zstd -Xcompression-level 3";
+
+  nixpkgs = {
+    hostPlatform = lib.mkDefault "x86_64-linux";
+    config.allowUnfree = true;
+  };
+
+  nix = {
+    settings.experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+    extraOptions = "experimental-features = nix-command flakes";
+  };
+
+  services = {
+    qemuGuest.enable = true;
+    openssh = {
+      settings.PermitRootLogin = lib.mkForce "yes";
+    };
+  };
+
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    supportedFilesystems = lib.mkForce [
+      "btrfs"
+      "vfat"
+    ];
+  };
+
+  networking = {
+    hostName = "iso";
+  };
+
+  systemd = {
+    services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
+    # gnome power settings to not turn off screen
+    targets = {
+      sleep.enable = false;
+      suspend.enable = false;
+      hibernate.enable = false;
+      hybrid-sleep.enable = false;
+    };
+  };
+}