Introduced buildable ISO images for desktop and server

- ARM and X86 - Fully configured ISO for dot.nix for easy installation - TODO: automatic builds with github actions
2025-06-15 20:15:16 -04:00 · 2025-06-15 20:15:16 -04:00 · ceec977ad8
commit ceec977ad8
parent 79e14c015c
9 changed files with 1678 additions and 0 deletions
--- a/iso/default.nix
+++ b/iso/default.nix
@ -0,0 +1,59 @@
+{
+  config,
+  inputs,
+  isARM,
+  lib,
+  pkgs,
+  system,
+  ...
+}:
+{
+  # ISO settings
+  isoImage = {
+    isoName = lib.mkForce "nixos-${config.hostSpec.hostName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.iso";
+    makeEfiBootable = true;
+    makeUsbBootable = true;
+    compressImage = false;
+  };
+
+  # Enable root SSH access
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "yes";
+      PasswordAuthentication = true;
+    };
+  };
+
+  networking = {
+    wireless.enable = false;
+    networkmanager.enable = true;
+    enableIPv6 = false;
+  };
+
+  # Extra pkgs; iso tools
+  environment.systemPackages = with pkgs; [
+    parted
+    gptfdisk
+    cryptsetup
+    gparted
+  ];
+
+  # VM guest additions to improve host-guest interaction
+  services.spice-vdagentd.enable = true;
+  services.qemuGuest.enable = true;
+  virtualisation.vmware.guest.enable = pkgs.stdenv.hostPlatform.isx86;
+  # https://github.com/torvalds/linux/blob/00b827f0cffa50abb6773ad4c34f4cd909dae1c8/drivers/hv/Kconfig#L7-L8
+  virtualisation.hypervGuest.enable =
+    pkgs.stdenv.hostPlatform.isx86 || pkgs.stdenv.hostPlatform.isAarch64;
+  services.xe-guest-utilities.enable = pkgs.stdenv.hostPlatform.isx86;
+  # The VirtualBox guest additions rely on an out-of-tree kernel module
+  # which lags behind kernel releases, potentially causing broken builds.
+  virtualisation.virtualbox.guest.enable = false;
+
+  # Basic system settings
+  system.stateVersion = "25.05";
+  nixpkgs.hostPlatform = system;
+  nixpkgs.config.allowUnsupportedSystem = true; # Cross-compilation
+  users.mutableUsers = lib.mkForce true; # Allow password changes
+}
--- a/iso/dist/desktop.nix
+++ b/iso/dist/desktop.nix
@ -0,0 +1,85 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}:
+let
+  hostSpec = config.hostSpec;
+  username = "nixos";
+  user = config.secretsSpec.users.${username};
+
+  calamares-nixos-autostart = pkgs.makeAutostartItem {
+    name = "io.calamares.calamares";
+    package = pkgs.calamares-nixos;
+  };
+in
+{
+  imports = [
+    "${inputs.dot-nix}/hosts/global/core"
+    "${inputs.dot-nix}/hosts/global/common/gnome.nix" # desktop
+    "${inputs.dot-nix}/hosts/global/common/plymouth.nix" # fancy boot screen
+  ];
+
+  hostSpec = {
+    hostName = "nixos";
+    username = username;
+    hashedPassword = user.hashedPassword;
+    email = user.email;
+    handle = user.handle;
+    userFullName = user.fullName;
+    isServer = false;
+    isMinimal = false;
+  };
+
+  # Whitelist wheel users to do anything
+  # This is useful for things like pkexec
+  #
+  # WARNING: this is dangerous for systems
+  # outside the installation-cd and shouldn't
+  # be used anywhere else.
+  security.polkit.extraConfig = ''
+    polkit.addRule(function(action, subject) {
+      if (subject.isInGroup("wheel")) {
+        return polkit.Result.YES;
+      }
+    });
+  '';
+
+  environment.systemPackages = with pkgs; [
+    # Calamares for graphical installation
+    libsForQt5.kpmcore
+    calamares-nixos
+    calamares-nixos-autostart
+    calamares-nixos-extensions
+    # Get list of locales
+    glibcLocales
+  ];
+
+  # Support choosing from any locale
+  i18n.supportedLocales = [ "all" ];
+
+  home-manager = lib.mkForce {
+    extraSpecialArgs = {
+      inherit pkgs inputs;
+      inherit (config) secretsSpec hostSpec;
+    };
+    users = {
+      root.home.stateVersion = "24.05"; # Avoid error
+      ${username} = {
+        imports = [
+          (import ../home {
+            inherit
+              config
+              hostSpec
+              inputs
+              lib
+              pkgs
+              ;
+          })
+        ];
+      };
+    };
+  };
+}
--- a/iso/dist/server.nix
+++ b/iso/dist/server.nix
@ -0,0 +1,39 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}:
+let
+  hostSpec = config.hostSpec;
+  username = "nixos";
+  user = config.secretsSpec.users.${username};
+
+  calamares-nixos-autostart = pkgs.makeAutostartItem {
+    name = "io.calamares.calamares";
+    package = pkgs.calamares-nixos;
+  };
+in
+{
+  imports = [
+    "${inputs.dot-nix}/hosts/global/core"
+    "${inputs.dot-nix}/hosts/global/common/plymouth.nix" # fancy boot screen
+  ];
+
+  hostSpec = {
+    hostName = "nixos";
+    username = username;
+    hashedPassword = user.hashedPassword;
+    email = user.email;
+    handle = user.handle;
+    userFullName = user.fullName;
+    isServer = false;
+    isMinimal = false;
+  };
+
+  console = {
+    enable = true;
+    keyMap = "us";
+  };
+}
--- a/iso/flake.lock
+++ b/iso/flake.lock
--- a/iso/flake.nix
+++ b/iso/flake.nix
@ -0,0 +1,114 @@
+{
+  description = "NixOS ISO configurations based on dot.nix";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+
+    dot-nix = {
+      url = "github:tophc7/dot.nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  ## TODO: Add a github action to automatically create iso releases
+
+  outputs =
+    {
+      self,
+      nixpkgs,
+      dot-nix,
+      ...
+    }@inputs:
+    let
+      inherit (nixpkgs) lib;
+
+      # Merge inputs with dot-nix inputs
+      allInputs = inputs // dot-nix.inputs;
+
+      # Define supported systems
+      ARM = "aarch64-linux";
+      X86 = "x86_64-linux";
+
+      systems = [
+        ARM
+        X86
+      ];
+
+      # Helper to create ISO configurations
+      mkIso =
+        name: system: modules:
+        lib.nixosSystem {
+          inherit system;
+          specialArgs = {
+            inputs = allInputs; # Pass merged inputs as 'inputs'
+            outputs = dot-nix.outputs; # Pass main flake outputs
+            inherit system;
+            isARM = system == ARM;
+            lib = nixpkgs.lib.extend (
+              self: super: {
+                custom = import "${dot-nix}/lib" { inherit (nixpkgs) lib; };
+              }
+            );
+          };
+
+          modules = [
+            "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
+            ./not-secrets.nix
+            ./default.nix
+          ] ++ modules;
+        };
+
+      # Generate configurations for all system/type combinations
+      mkConfigurations =
+        let
+          configs = lib.flatten (
+            lib.map (
+              system:
+              let
+                archSuffix = if system == ARM then "arm" else "x86";
+              in
+              [
+                {
+                  name = "server-iso-${archSuffix}";
+                  inherit system;
+                  modules = [ ./dist/server.nix ];
+                }
+                {
+                  name = "desktop-iso-${archSuffix}";
+                  inherit system;
+                  modules = [ ./dist/desktop.nix ];
+                }
+              ]
+            ) systems
+          );
+        in
+        lib.listToAttrs (
+          lib.map (config: {
+            name = config.name;
+            value = mkIso config.name config.system config.modules;
+          }) configs
+        );
+
+      # Generate packages for all systems
+      mkPackages =
+        system:
+        let
+          archSuffix = if system == ARM then "arm" else "x86";
+        in
+        {
+          "server-iso-${archSuffix}" =
+            self.nixosConfigurations."server-iso-${archSuffix}".config.system.build.isoImage;
+          "desktop-iso-${archSuffix}" =
+            self.nixosConfigurations."desktop-iso-${archSuffix}".config.system.build.isoImage;
+        };
+    in
+    {
+      nixosConfigurations = mkConfigurations;
+
+      # Easy build commands for each architecture
+      packages = lib.genAttrs systems mkPackages;
+
+      # Pass through the main flake's outputs (optional)
+      inherit (dot-nix.outputs) overlays;
+    };
+}
--- a/iso/home/default.nix
+++ b/iso/home/default.nix
@ -0,0 +1,17 @@
+{
+  pkgs,
+  lib,
+  inputs,
+  config,
+  ...
+}:
+{
+  imports = [
+    "${inputs.dot-nix}/home/global/core"
+    "${inputs.dot-nix}/home/global/common/gnome"
+    "${inputs.dot-nix}/home/global/common/vscode"
+    "${inputs.dot-nix}/home/global/common/xdg.nix"
+    "${inputs.dot-nix}/home/global/common/zen.nix"
+    ./theme
+  ];
+}
--- a/iso/home/theme/default.nix
+++ b/iso/home/theme/default.nix
@ -0,0 +1,79 @@
+{
+  pkgs,
+  inputs,
+  hostSpec,
+  lib,
+  ...
+}:
+{
+  imports = [
+    inputs.stylix.homeModules.stylix
+  ];
+
+  stylix = {
+    enable = true;
+    autoEnable = true;
+    # base16Scheme = ./colors.yaml;
+    image = ./wallpapers/wallpaper.jpg;
+    polarity = "dark";
+    fonts = {
+      serif = {
+        package = pkgs.google-fonts.override { fonts = [ "Laila" ]; };
+        name = "Laila";
+      };
+
+      sansSerif = {
+        package = pkgs.lexend;
+        name = "Lexend";
+      };
+
+      monospace = {
+        package = pkgs.monocraft-nerd-fonts;
+        name = "Monocraft";
+      };
+
+      emoji = {
+        package = pkgs.noto-fonts-emoji;
+        name = "Noto Color Emoji";
+      };
+      sizes = {
+        applications = 12;
+        desktop = 11;
+        popups = 11;
+        terminal = 12;
+      };
+    };
+    targets = {
+      gnome = {
+        enable = true;
+        useWallpaper = true;
+      };
+      vscode = {
+        enable = false;
+      };
+    };
+  };
+
+  home.pointerCursor = {
+    gtk.enable = true;
+    package = pkgs.bibata-cursors;
+    name = "Bibata-Modern-Classic";
+    size = 16;
+  };
+
+  gtk = {
+    enable = true;
+
+    iconTheme = {
+      package = pkgs.papirus-icon-theme;
+      name = "Papirus";
+    };
+  };
+
+  home.file = {
+    "Pictures/Wallpapers" = {
+      source = ./wallpapers;
+      recursive = true;
+    };
+  };
+}
--- a/iso/home/theme/wallpapers/wallpaper.jpg
+++ b/iso/home/theme/wallpapers/wallpaper.jpg
--- a/iso/not-secrets.nix
+++ b/iso/not-secrets.nix
@ -0,0 +1,51 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+
+let
+  ## SSH Keys ##
+  key = {
+    pub = ""; # Set a key for easy SSH access
+  };
+
+  sshConfig = pkgs.writeText "ssh-config" ''
+    Host git.ryot.foo
+      IdentityFile "${config.hostSpec.home}/.ssh/git"
+
+    Host *
+      ForwardAgent no
+      AddKeysToAgent yes
+      Compression no
+      ServerAliveInterval 5
+      ServerAliveCountMax 3
+      HashKnownHosts no
+      UserKnownHostsFile ~/.ssh/known_hosts
+      ControlMaster no
+      ControlPath ~/.ssh/master-%r@%n:%p
+      ControlPersist no
+
+      UpdateHostKeys ask
+  '';
+in
+{
+  secretsSpec = {
+    users = {
+      nixos = {
+        hashedPassword = "$6$rounds=656000$5ehID8CrGOgiG4Ms$MiS68cPnrREv1URzlCcyFnJntVhWMKAnY7ZNaEvgEG36vV1KBnQHyv6HkPmOeh8aGOljYOR0aWFg.irg6ahT3."; # nixos
+        email = "admin@localhost";
+        handle = "nixos";
+        fullName = "NixOS Live User";
+
+        ssh = {
+          publicKeys = [
+            key.pub
+          ];
+          config = sshConfig;
+        };
+      };
+    };
+  };
+}