add custom nixos install iso

2023-02-26 18:45:26 +01:00 · 2023-02-26 18:45:26 +01:00 · 01a5bcce57
parent c22975bdcd
commit 01a5bcce57
6 changed files with 109 additions and 39 deletions
--- a/configuration/common/default.nix
+++ b/configuration/common/default.nix
@ -96,6 +96,8 @@

  services.fstrim.enable = true;

+  clerie.nixfiles.enable = true;
+
  nixpkgs.overlays = [
    (import ../../pkgs/overlay.nix)
  ];
--- a/flake.nix
+++ b/flake.nix
@ -66,6 +66,7 @@
      schule = generateNixosSystem "schule";
      storage-2 = generateNixosSystem "storage-2";
      web-2 = generateNixosSystem "web-2";
+      _iso = generateNixosSystem "_iso";
    };

    colmena = {
@ -99,6 +100,7 @@
      inherit (self)
        packages;
      nixosConfigurations = builtins.mapAttrs (name: host: host.config.system.build.toplevel) self.nixosConfigurations;
+      iso = self.nixosConfigurations._iso.config.system.build.isoImage;
    };
  };
 }
--- a/hosts/_iso/configuration.nix
+++ b/hosts/_iso/configuration.nix
@ -0,0 +1,9 @@
+{ pkgs, lib, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/installer/cd-dvd/installation-cd-base.nix")
+  ];
+
+  networking.hostName = "isowo";
+}
--- a/modules/default.nix
+++ b/modules/default.nix
@ -10,5 +10,6 @@
    ./minecraft-server
    ./monitoring
    ./nginx-port-forward
+    ./nixfiles
  ];
 }
--- a/modules/nixfiles/default.nix
+++ b/modules/nixfiles/default.nix
@ -0,0 +1,95 @@
+{ config, pkgs, lib, ...}:
+
+with lib;
+
+let
+  nixfiles-generate-config = pkgs.writeScriptBin "nixfiles-generate-config" ''
+    #!${pkgs.bash}/bin/bash
+    set -euo pipefail
+
+    hostname=$(hostname --short)
+    root=""
+    ngcroot=""
+
+    while [[ $# -gt 0 ]]; do
+      case $1 in
+        --root)
+          root=$2
+          ngcroot="--root ''${root}"
+          shift
+          shift
+          ;;
+        --hostname)
+          hostname=$2
+          shift
+          shift
+          ;;
+        *)
+          echo "unknown option: $1"
+          exit 1
+          ;;
+      esac
+    done
+
+    mkdir -p ''${root}/etc/nixos
+
+    if [[ ! -d "''${root}/etc/nixos/.git" ]]; then
+      ${pkgs.git}/bin/git clone https://git.clerie.de/clerie/nixfiles.git ''${root}/etc/nixos
+      ${pkgs.git}/bin/git -C ''${root}/etc/nixos remote set-url origin gitea@git.clerie.de:clerie/nixfiles.git 
+    fi
+
+    mkdir -p ''${root}/etc/nixos/hosts/''${hostname}
+
+    nixos-generate-config ''${ngcroot} --dir ''${root}/etc/nixos/hosts/''${hostname}
+
+    # make sure host is added to flake.nix
+    if ! grep -q "''${hostname} = generateNixosSystem \"''${hostname}\";" ''${root}/etc/nixos/flake.nix; then
+      sed -i "s/\(\s*\)_iso = generateNixosSystem \"_iso\";/\1''${hostname} = generateNixosSystem \"''${hostname}\";\n&/g" ''${root}/etc/nixos/flake.nix
+    fi
+
+    sed -i "s/\%HOSTNAME\%/''${hostname}/g" ''${root}/etc/nixos/hosts/''${hostname}/configuration.nix
+  '';
+
+  nixfiles-install = pkgs.writeScriptBin "nixfiles-install" ''
+    #!${pkgs.bash}/bin/bash
+    nixos-install --flake /etc/nixos $@
+  '';
+
+  nixfiles-rebuild = pkgs.writeScriptBin "nixfiles-rebuild" ''
+    #!${pkgs.bash}/bin/bash
+    nixos-rebuild --flake /etc/nixos $@
+  '';
+
+in {
+  options.clerie.nixfiles.enable = mkEnableOption "clerie nixfiles tools";
+  config = mkIf config.clerie.nixfiles.enable {
+    system.nixos-generate-config.configuration = ''
+      { config, pkgs, lib, ... }:
+
+      {
+        imports =
+          [
+            ./hardware-configuration.nix
+          ];
+
+      $bootLoaderConfig
+
+        networking.hostName = "%HOSTNAME%";
+
+        clerie.monitoring = {
+          # enable = true;
+          id = "%MONITORING_ID%";
+          pubkey = "%MONITORING_PUBKEY%";
+        };
+
+        system.stateVersion = "${config.system.nixos.release}";
+      }
+    '';
+
+    environment.systemPackages = [
+      nixfiles-generate-config
+      nixfiles-install
+      nixfiles-rebuild
+    ];
+  };
+}
--- a/setup-configuration.nix
+++ b/setup-configuration.nix
@ -1,39 +0,0 @@
-# Configuration file to import when setting up new hosts
-# Just download and import in the configuration.nix
-
-{ pkgs, lib, ... }:
-
-{
-  networking.domain = "net.clerie.de";
-
-  time.timeZone = "Europe/Berlin";
-
-  i18n.defaultLocale = "en_US.UTF-8";
-  console = {
-    keyMap = "de-latin1";
-  };
-
-  security.sudo.wheelNeedsPassword = false;
-
-  nix.trustedUsers = [ "@wheel" ];
-
-  users.users.clerie = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" ];
-    openssh.authorizedKeys.keys = [
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnUBblmmVoMMBftn4EnwnzqR12m9zill51LpO124hHb10K2rqxNoq8tYSc2pMkV/3briZovffpe5SzB+m2MnXbtOBstIEXkrPZQ78vaZ/nLh7+eWg30lCmMPwjf2wIjlTXkcbxbsi7FbPW7FsolGkU/0mqGhqK1Xft/g7SnCXIoGPSSrHMXEv5dPPofCa1Z0Un+98wQTVfOSKek6TnIsfLbG01UFQVkN7afE4dqSmMiWwEm2PK9l+OiBA2/QzDpbtu9wsfTol4c192vFEWR9crB2YZ1JlMbjVWHjYmB7NFsS0A6lUOikss0Y+LUWS2/QuM/kqybSo4rasZMAIazM6D clerie"
-    ];
-  };
-
-  environment.systemPackages = with pkgs; [
-    htop
-    tmux
-  ];
-
-  programs.mtr.enable = true;
-
-  services.openssh.enable = true;
-  services.openssh.passwordAuthentication = false;
-  services.openssh.challengeResponseAuthentication = false;
-  services.openssh.permitRootLogin = lib.mkDefault "no";
-}