netali/nixos-iso
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update + improvements

Browse Source
This commit is contained in:
netali 2025-06-19 03:27:05 +02:00
parent 0a331c214a
commit d750f5299f
Signed by: netali
GPG Key ID: 9C55E636426B40A9
6 changed files with 92 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
flake.lock generated
View File

@ -23,11 +23,11 @@
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1726560853, "lastModified": 1731533236,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -54,15 +54,15 @@
"lix": { "lix": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1729298361, "lastModified": 1746827285,
"narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=",
"rev": "ad9d06f7838a25beec425ff406fe68721fef73be", "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a",
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz"
} }
}, },
"lix-module": { "lix-module": {
@ -75,29 +75,29 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1732605668, "lastModified": 1746838955,
"narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=", "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=",
"rev": "f19bd752910bbe3a861c9cad269bd078689d50fe", "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc",
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/f19bd752910bbe3a861c9cad269bd078689d50fe.tar.gz?rev=f19bd752910bbe3a861c9cad269bd078689d50fe" "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz" "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1737569578, "lastModified": 1750133334,
"narHash": "sha256-6qY0pk2QmUtBT9Mywdvif0i/CLVgpCjMUn6g9vB+f3M=", "narHash": "sha256-urV51uWH7fVnhIvsZIELIYalMYsyr2FCalvlRTzqWRw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "47addd76727f42d351590c905d9d1905ca895b82", "rev": "36ab78dab7da2e4e27911007033713bab534187b",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-24.11", "ref": "nixos-25.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }

15
flake.nix
View File

@ -1,9 +1,9 @@
{ {
description = "NixOS ISO of netali"; description = "NixOS ISO of netali";
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
lix-module.url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"; lix-module.url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz";
lix-module.inputs.nixpkgs.follows = "nixpkgs"; lix-module.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { self, nixpkgs, flake-utils, lix-module, ... }@inputs: { outputs = { self, nixpkgs, flake-utils, lix-module, ... }@inputs: {
@ -21,11 +21,16 @@
overlays.default = (import ./packages); overlays.default = (import ./packages);
} // flake-utils.lib.eachDefaultSystem (system: let } // flake-utils.lib.eachDefaultSystem (system: let
pkgs = nixpkgs.legacyPackages.${system}; lixpkgs = import nixpkgs {
inherit system;
overlays = [
lix-module.overlays.default
];
};
in { in {
packages = { packages = {
netali-configure-net-ruby = pkgs.callPackage ./packages/netali-configure-net-ruby {}; netali-configure-net-ruby = lixpkgs.callPackage ./packages/netali-configure-net-ruby {};
netali-default-config-ruby = pkgs.callPackage ./packages/netali-default-config-ruby {}; netali-default-config-ruby = lixpkgs.callPackage ./packages/netali-default-config-ruby {};
}; };
}); });
} }

21
packages/netali-configure-net-ruby/default.nix
View File

@ -1,20 +1,31 @@
{ writeShellScriptBin, iproute2 }: { writeShellScriptBin, iproute2 }:
writeShellScriptBin "netali-configure-net-ruby" '' writeShellScriptBin "netali-configure-net-ruby" ''
if [[ $# -ne 2 ]]; then if [[ $# -ne 3 ]]; then
echo "Usage: netali-configure-net-ruby [interface] [last-ip-block]" echo "Usage: netali-configure-net-ruby [interface] [last-ip-block] [mode]"
echo "" echo ""
echo "interface: name of the network interface to configure" echo "interface: name of the network interface to configure"
echo "last-ip-block: last block of the IPv6 address of this host" echo "last-ip-block: last block of the IPv6 address of this host"
echo "mode: 'public' or 'internal' (affects IP subnet)"
exit 1 exit 1
fi fi
INTERFACE=$1 INTERFACE=$1
LAST_IP_BLOCK=$2 LAST_IP_BLOCK=$2
MODE=$3
if [[ $MODE == "public" ]]; then
PREFIX="2a00:fe0:1:21f::"
GATEWAY="2a00:fe0:1:21f::1"
else
PREFIX="2a00:fe0:3f5:1000::"
GATEWAY="2a00:fe0:3f5:1000::1"
fi
${iproute2}/bin/ip link set up $INTERFACE ${iproute2}/bin/ip link set up $INTERFACE
${iproute2}/bin/ip a a 2001:67c:a6c:a::$LAST_IP_BLOCK/64 dev $INTERFACE ${iproute2}/bin/ip a a $PREFIX$LAST_IP_BLOCK/64 dev $INTERFACE
${iproute2}/bin/ip r a default via fe80::1 dev $INTERFACE ${iproute2}/bin/ip r a default via $GATEWAY dev $INTERFACE
echo "nameserver 2606:4700:4700::1111" > /etc/resolv.conf echo "nameserver 2a00:fe0:0:2::300" > /etc/resolv.conf
echo "nameserver 2a00:fe0:0:3::300" >> /etc/resolv.conf
'' ''

17
packages/netali-default-config-ruby/config-template.txt
View File

@ -8,8 +8,7 @@
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.cleanOnBoot = true;
boot.tmp.useTmpfs = true;
networking.nftables.enable = true; networking.nftables.enable = true;
@ -18,7 +17,7 @@
users.users.netali = { users.users.netali = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOV4f3/OcNQIHqomvH0nGLDmXDlrO/u7JKE9Fgq2Vuqs me@netali.de" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqnMKa8BZmbRM2Oc4E8N9h9N26ABPLgPTketLNSK7l7 me@netali.de" ];
}; };
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
@ -31,7 +30,7 @@
services.qemuGuest.enable = true; services.qemuGuest.enable = true;
system.stateVersion = "24.11"; system.stateVersion = "$STATE_VERSION";
networking.hostName = "$TARGET_HOSTNAME"; networking.hostName = "$TARGET_HOSTNAME";
@ -42,7 +41,7 @@
networking.useDHCP = false; networking.useDHCP = false;
networking.dhcpcd.enable = false; networking.dhcpcd.enable = false;
networking.nameservers = [ "2606:4700:4700::1111" "2606:4700:4700::1001" ]; networking.nameservers = [ "2a00:fe0:0:2::300" "2a00:fe0:0:3::300" ];
nix = { nix = {
settings = { settings = {
@ -64,16 +63,16 @@
systemd.network = { systemd.network = {
enable = true; enable = true;
networks = { networks = {
"40-ens18" = { "40-$INTERFACE" = {
name = "ens18"; name = "$INTERFACE";
networkConfig = { networkConfig = {
IPv6AcceptRA = false; IPv6AcceptRA = false;
}; };
address = [ address = [
"2001:67c:a6c:a::$LAST_IP_BLOCK/64" "$PREFIX$LAST_IP_BLOCK/64"
]; ];
gateway = [ gateway = [
"2001:67c:a6c:a::1" "$GATEWAY"
]; ];
}; };
}; };

26
packages/netali-default-config-ruby/default.nix
View File

@ -1,18 +1,34 @@
{ writeShellScriptBin, envsubst }: { writeShellScriptBin, envsubst }:
writeShellScriptBin "netali-default-config-ruby" '' writeShellScriptBin "netali-default-config-ruby" ''
if [[ $# -ne 3 ]]; then if [[ $# -ne 6 ]]; then
echo "Usage: netali-default-config-ruby [out-path] [hostname] [last-ip-block]" echo "Usage: netali-default-config-ruby [out-path] [hostname] [interface] [last-ip-block] [mode] [state-version]"
echo "" echo ""
echo "out-path: path to which the configuration will be written" echo "out-path: path to which the configuration will be written"
echo "hostname: path to which the configuration will be written" echo "hostname: hostname of the new host"
echo "interface: name of the network interface to configure"
echo "last-ip-block: last block of the IPv6 address of this host" echo "last-ip-block: last block of the IPv6 address of this host"
echo "mode: 'public' or 'internal' (affects IP subnet)"
echo "state-version: NixOS State Version"
exit 1 exit 1
fi fi
OUT_PATH=$1 OUT_PATH=$1
export TARGET_HOSTNAME="$2" export TARGET_HOSTNAME="$2"
export LAST_IP_BLOCK="$3" export INTERFACE=$3
export LAST_IP_BLOCK=$4
MODE=$5
export STATE_VERSION=$6
${envsubst}/bin/envsubst -i ${./config-template.txt} -o $OUT_PATH if [[ $MODE == "public" ]]; then
export PREFIX="2a00:fe0:1:21f::"
export GATEWAY="2a00:fe0:1:21f::1"
else
export PREFIX="2a00:fe0:3f5:1000::"
export GATEWAY="2a00:fe0:3f5:1000::1"
fi
cp ${./static.nix} $OUT_PATH/static.nix
chmod 644 $OUT_PATH/static.nix
${envsubst}/bin/envsubst -i ${./config-template.txt} -o $OUT_PATH/configuration.nix
'' ''

20
packages/netali-default-config-ruby/static.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }:
{
# Pin current nixpkgs channel and flake registry to the nixpkgs version
# the host got build with
nix.nixPath = lib.mkForce [ "nixpkgs=\\${lib.cleanSource pkgs.path}" ];
nix.registry = lib.mkForce {
"nixpkgs" = {
from = {
type = "indirect";
id = "nixpkgs";
};
to = {
type = "path";
path = lib.cleanSource pkgs.path;
};
exact = true;
};
};
}