Introduced buildable ISO images for desktop and server

- ARM and X86
- Fully configured ISO for dot.nix for easy installation
- TODO: automatic builds with github actions
This commit is contained in:
Chris Toph 2025-06-15 20:15:16 -04:00
parent 79e14c015c
commit ceec977ad8
9 changed files with 1678 additions and 0 deletions

59
iso/default.nix Normal file
View file

@ -0,0 +1,59 @@
{
config,
inputs,
isARM,
lib,
pkgs,
system,
...
}:
{
# ISO settings
isoImage = {
isoName = lib.mkForce "nixos-${config.hostSpec.hostName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.iso";
makeEfiBootable = true;
makeUsbBootable = true;
compressImage = false;
};
# Enable root SSH access
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PasswordAuthentication = true;
};
};
networking = {
wireless.enable = false;
networkmanager.enable = true;
enableIPv6 = false;
};
# Extra pkgs; iso tools
environment.systemPackages = with pkgs; [
parted
gptfdisk
cryptsetup
gparted
];
# VM guest additions to improve host-guest interaction
services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true;
virtualisation.vmware.guest.enable = pkgs.stdenv.hostPlatform.isx86;
# https://github.com/torvalds/linux/blob/00b827f0cffa50abb6773ad4c34f4cd909dae1c8/drivers/hv/Kconfig#L7-L8
virtualisation.hypervGuest.enable =
pkgs.stdenv.hostPlatform.isx86 || pkgs.stdenv.hostPlatform.isAarch64;
services.xe-guest-utilities.enable = pkgs.stdenv.hostPlatform.isx86;
# The VirtualBox guest additions rely on an out-of-tree kernel module
# which lags behind kernel releases, potentially causing broken builds.
virtualisation.virtualbox.guest.enable = false;
# Basic system settings
system.stateVersion = "25.05";
nixpkgs.hostPlatform = system;
nixpkgs.config.allowUnsupportedSystem = true; # Cross-compilation
users.mutableUsers = lib.mkForce true; # Allow password changes
}

85
iso/dist/desktop.nix vendored Normal file
View file

@ -0,0 +1,85 @@
{
config,
lib,
pkgs,
inputs,
...
}:
let
hostSpec = config.hostSpec;
username = "nixos";
user = config.secretsSpec.users.${username};
calamares-nixos-autostart = pkgs.makeAutostartItem {
name = "io.calamares.calamares";
package = pkgs.calamares-nixos;
};
in
{
imports = [
"${inputs.dot-nix}/hosts/global/core"
"${inputs.dot-nix}/hosts/global/common/gnome.nix" # desktop
"${inputs.dot-nix}/hosts/global/common/plymouth.nix" # fancy boot screen
];
hostSpec = {
hostName = "nixos";
username = username;
hashedPassword = user.hashedPassword;
email = user.email;
handle = user.handle;
userFullName = user.fullName;
isServer = false;
isMinimal = false;
};
# Whitelist wheel users to do anything
# This is useful for things like pkexec
#
# WARNING: this is dangerous for systems
# outside the installation-cd and shouldn't
# be used anywhere else.
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
});
'';
environment.systemPackages = with pkgs; [
# Calamares for graphical installation
libsForQt5.kpmcore
calamares-nixos
calamares-nixos-autostart
calamares-nixos-extensions
# Get list of locales
glibcLocales
];
# Support choosing from any locale
i18n.supportedLocales = [ "all" ];
home-manager = lib.mkForce {
extraSpecialArgs = {
inherit pkgs inputs;
inherit (config) secretsSpec hostSpec;
};
users = {
root.home.stateVersion = "24.05"; # Avoid error
${username} = {
imports = [
(import ../home {
inherit
config
hostSpec
inputs
lib
pkgs
;
})
];
};
};
};
}

39
iso/dist/server.nix vendored Normal file
View file

@ -0,0 +1,39 @@
{
config,
lib,
pkgs,
inputs,
...
}:
let
hostSpec = config.hostSpec;
username = "nixos";
user = config.secretsSpec.users.${username};
calamares-nixos-autostart = pkgs.makeAutostartItem {
name = "io.calamares.calamares";
package = pkgs.calamares-nixos;
};
in
{
imports = [
"${inputs.dot-nix}/hosts/global/core"
"${inputs.dot-nix}/hosts/global/common/plymouth.nix" # fancy boot screen
];
hostSpec = {
hostName = "nixos";
username = username;
hashedPassword = user.hashedPassword;
email = user.email;
handle = user.handle;
userFullName = user.fullName;
isServer = false;
isMinimal = false;
};
console = {
enable = true;
keyMap = "us";
};
}

1234
iso/flake.lock generated Normal file

File diff suppressed because it is too large Load diff

114
iso/flake.nix Normal file
View file

@ -0,0 +1,114 @@
{
description = "NixOS ISO configurations based on dot.nix";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
dot-nix = {
url = "github:tophc7/dot.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
## TODO: Add a github action to automatically create iso releases
outputs =
{
self,
nixpkgs,
dot-nix,
...
}@inputs:
let
inherit (nixpkgs) lib;
# Merge inputs with dot-nix inputs
allInputs = inputs // dot-nix.inputs;
# Define supported systems
ARM = "aarch64-linux";
X86 = "x86_64-linux";
systems = [
ARM
X86
];
# Helper to create ISO configurations
mkIso =
name: system: modules:
lib.nixosSystem {
inherit system;
specialArgs = {
inputs = allInputs; # Pass merged inputs as 'inputs'
outputs = dot-nix.outputs; # Pass main flake outputs
inherit system;
isARM = system == ARM;
lib = nixpkgs.lib.extend (
self: super: {
custom = import "${dot-nix}/lib" { inherit (nixpkgs) lib; };
}
);
};
modules = [
"${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
./not-secrets.nix
./default.nix
] ++ modules;
};
# Generate configurations for all system/type combinations
mkConfigurations =
let
configs = lib.flatten (
lib.map (
system:
let
archSuffix = if system == ARM then "arm" else "x86";
in
[
{
name = "server-iso-${archSuffix}";
inherit system;
modules = [ ./dist/server.nix ];
}
{
name = "desktop-iso-${archSuffix}";
inherit system;
modules = [ ./dist/desktop.nix ];
}
]
) systems
);
in
lib.listToAttrs (
lib.map (config: {
name = config.name;
value = mkIso config.name config.system config.modules;
}) configs
);
# Generate packages for all systems
mkPackages =
system:
let
archSuffix = if system == ARM then "arm" else "x86";
in
{
"server-iso-${archSuffix}" =
self.nixosConfigurations."server-iso-${archSuffix}".config.system.build.isoImage;
"desktop-iso-${archSuffix}" =
self.nixosConfigurations."desktop-iso-${archSuffix}".config.system.build.isoImage;
};
in
{
nixosConfigurations = mkConfigurations;
# Easy build commands for each architecture
packages = lib.genAttrs systems mkPackages;
# Pass through the main flake's outputs (optional)
inherit (dot-nix.outputs) overlays;
};
}

17
iso/home/default.nix Normal file
View file

@ -0,0 +1,17 @@
{
pkgs,
lib,
inputs,
config,
...
}:
{
imports = [
"${inputs.dot-nix}/home/global/core"
"${inputs.dot-nix}/home/global/common/gnome"
"${inputs.dot-nix}/home/global/common/vscode"
"${inputs.dot-nix}/home/global/common/xdg.nix"
"${inputs.dot-nix}/home/global/common/zen.nix"
./theme
];
}

View file

@ -0,0 +1,79 @@
{
pkgs,
inputs,
hostSpec,
lib,
...
}:
{
imports = [
inputs.stylix.homeModules.stylix
];
stylix = {
enable = true;
autoEnable = true;
# base16Scheme = ./colors.yaml;
image = ./wallpapers/wallpaper.jpg;
polarity = "dark";
fonts = {
serif = {
package = pkgs.google-fonts.override { fonts = [ "Laila" ]; };
name = "Laila";
};
sansSerif = {
package = pkgs.lexend;
name = "Lexend";
};
monospace = {
package = pkgs.monocraft-nerd-fonts;
name = "Monocraft";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
sizes = {
applications = 12;
desktop = 11;
popups = 11;
terminal = 12;
};
};
targets = {
gnome = {
enable = true;
useWallpaper = true;
};
vscode = {
enable = false;
};
};
};
home.pointerCursor = {
gtk.enable = true;
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Classic";
size = 16;
};
gtk = {
enable = true;
iconTheme = {
package = pkgs.papirus-icon-theme;
name = "Papirus";
};
};
home.file = {
"Pictures/Wallpapers" = {
source = ./wallpapers;
recursive = true;
};
};
}

Binary file not shown.

After

Width:  |  Height:  |  Size: 382 KiB

51
iso/not-secrets.nix Normal file
View file

@ -0,0 +1,51 @@
{
pkgs,
config,
lib,
...
}:
let
## SSH Keys ##
key = {
pub = ""; # Set a key for easy SSH access
};
sshConfig = pkgs.writeText "ssh-config" ''
Host git.ryot.foo
IdentityFile "${config.hostSpec.home}/.ssh/git"
Host *
ForwardAgent no
AddKeysToAgent yes
Compression no
ServerAliveInterval 5
ServerAliveCountMax 3
HashKnownHosts no
UserKnownHostsFile ~/.ssh/known_hosts
ControlMaster no
ControlPath ~/.ssh/master-%r@%n:%p
ControlPersist no
UpdateHostKeys ask
'';
in
{
secretsSpec = {
users = {
nixos = {
hashedPassword = "$6$rounds=656000$5ehID8CrGOgiG4Ms$MiS68cPnrREv1URzlCcyFnJntVhWMKAnY7ZNaEvgEG36vV1KBnQHyv6HkPmOeh8aGOljYOR0aWFg.irg6ahT3."; # nixos
email = "admin@localhost";
handle = "nixos";
fullName = "NixOS Live User";
ssh = {
publicKeys = [
key.pub
];
config = sshConfig;
};
};
};
};
}