iso: Make a script for iso generation

2023-06-07 14:13:36 +02:00 · 2023-06-07 14:13:36 +02:00 · c21e8669c6
parent 857c1bb88e
commit c21e8669c6
5 changed files with 46 additions and 0 deletions
--- a/iso/build-iso.sh
+++ b/iso/build-iso.sh
@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+NIXPKGS=$(nix-build nixpkgs.nix)
+
+nixos-generate -c configuration.nix -I NIX_PATH="$NIXPKGS" -f install-iso
--- a/iso/configuration.nix
+++ b/iso/configuration.nix
@ -0,0 +1,32 @@
+{ pkgs, ... }:
+
+let
+  dgn-lib = import ../lib/trivial.nix;
+
+  dgn-members = (import ../meta).members.groups.iso;
+in
+
+{
+  boot = {
+    blacklistedKernelModules = [ "snd_pcsp" ];
+    kernelPackages = pkgs.linuxPackages_6_1;
+    tmp.cleanOnBoot = true;
+
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+
+    supportedFilesystems = [
+      "exfat"
+      "zfs"
+    ];
+  };
+
+  services = {
+    openssh.enable = true;
+  };
+
+  users.users.root.openssh.authorizedKeys.keyFiles =
+    builtins.map (m: dgn-lib.mkRel ../keys "${m}.keys") dgn-members;
+}
--- a/iso/nixpkgs.nix
+++ b/iso/nixpkgs.nix
@ -0,0 +1,5 @@
+let
+  inherit (import ../npins) nixpkgs;
+in
+
+(import nixpkgs { }).srcOnly { name = "nixpkgs-for-iso"; src = nixpkgs; }
--- a/meta/members.nix
+++ b/meta/members.nix
@ -26,6 +26,9 @@ let

    # members of this group are root on web nodes
    web = [ "mdebray" "raito" ];
+
+    # members of this group will have root acces on the installation isos
+    iso = [ "thubrecht" "mdebray" "raito" ];
  };
 in

--- a/shell.nix
+++ b/shell.nix
@ -43,6 +43,7 @@ pkgs.mkShell {
  packages = with pkgs; [
    npins
    colmena
+    nixos-generators
  ] ++ (builtins.map (p: callPackage p { }) [
    (sources.disko + "/package.nix")
  ]);