netali/nixos-iso
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: netali:a9153b7c4c032c8765c516de70cb787aba40cc3a
Branches Tags
netali:main
..
compare: netali:main
Branches Tags
netali:main

11 Commits
a9153b7c4c ... main

Author SHA1 Message Date
netali
104caf1417 include static config in template 2025-06-19 04:04:24 +02:00
netali
ad52b0ba9a nixos 25.05 patches 2025-06-19 03:38:29 +02:00
netali
d750f5299f update + improvements 2025-06-19 03:27:05 +02:00
Jennifer Graul
0a331c214a add lix and update all flake inputs 2025-01-23 12:53:08 +01:00
Jennifer Graul
c5c41d30c2 tune nix settings 2025-01-23 12:52:51 +01:00
Jennifer Graul
cf1514ffc6 update nixpkgs 2024-12-09 21:12:56 +01:00
Jennifer Graul
7bfdd18656 update to 24.11 2024-11-22 15:25:06 +01:00
netali
c9ef5c8da3 update iso to nixos 24.05 beta 2024-05-28 22:04:24 +02:00
netali
04b12172f3 use nixos-23.11 as nixpkgs 2023-11-24 19:28:31 +01:00
netali
cfaaa82d6f update flake inputs 2023-11-23 16:16:12 +01:00
netali
aa5ed84036 default-config: set state-version to 23.11 2023-11-23 16:11:12 +01:00
7 changed files with 200 additions and 33 deletions
Expand all files Collapse all files

98
flake.lock generated
View File

@@ -5,11 +5,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1694529238, "lastModified": 1731533236,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -18,18 +18,86 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"lix": {
"flake": false,
"locked": {
"lastModified": 1746827285,
"narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=",
"rev": "47aad376c87e2e65967f17099277428e4b3f8e5a",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils_2",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746838955,
"narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=",
"rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1698611440, "lastModified": 1750133334,
"narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", "narHash": "sha256-urV51uWH7fVnhIvsZIELIYalMYsyr2FCalvlRTzqWRw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", "rev": "36ab78dab7da2e4e27911007033713bab534187b",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixos-25.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@@ -37,6 +105,7 @@
"root": { "root": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"lix-module": "lix-module",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
} }
}, },
@@ -54,6 +123,21 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

22
flake.nix
View File

@@ -1,26 +1,36 @@
{ {
description = "NixOS ISO of netali"; description = "NixOS ISO of netali";
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
lix-module.url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz";
lix-module.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { self, nixpkgs, flake-utils, ... }@inputs: { outputs = { self, nixpkgs, flake-utils, lix-module, ... }@inputs: {
iso = (nixpkgs.lib.nixosSystem { iso = (nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = inputs; specialArgs = inputs;
modules = [ ./iso.nix ]; modules = [
./iso.nix
lix-module.nixosModules.default
];
}).config.system.build.isoImage; }).config.system.build.isoImage;
hydraJobs.iso = self.iso; hydraJobs.iso = self.iso;
overlays.default = (import ./packages); overlays.default = (import ./packages);
} // flake-utils.lib.eachDefaultSystem (system: let } // flake-utils.lib.eachDefaultSystem (system: let
pkgs = nixpkgs.legacyPackages.${system}; lixpkgs = import nixpkgs {
inherit system;
overlays = [
lix-module.overlays.default
];
};
in { in {
packages = { packages = {
netali-configure-net-ruby = pkgs.callPackage ./packages/netali-configure-net-ruby {}; netali-configure-net-ruby = lixpkgs.callPackage ./packages/netali-configure-net-ruby {};
netali-default-config-ruby = pkgs.callPackage ./packages/netali-default-config-ruby {}; netali-default-config-ruby = lixpkgs.callPackage ./packages/netali-default-config-ruby {};
}; };
}); });
} }

28
iso.nix
View File

@@ -12,7 +12,7 @@
nixpkgs.overlays = [ (import ./packages) ]; nixpkgs.overlays = [ (import ./packages) ];
networking.hostName = "netalis-nixos-iso"; networking.hostName = "netalis-nixos-iso";
isoImage.isoBaseName = "netalis-nixos-iso"; isoImage.isoBaseName = lib.mkForce "netalis-nixos-iso";
boot.supportedFilesystems = boot.supportedFilesystems =
[ "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs" ] ++ [ "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs" ] ++
@@ -21,6 +21,32 @@
# Configure host id for ZFS to work # Configure host id for ZFS to work
networking.hostId = lib.mkDefault "8425e349"; networking.hostId = lib.mkDefault "8425e349";
nix = {
settings = {
trusted-users = [ "@wheel" ];
experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true;
};
extraOptions = ''
min-free = ${toString (100 * 1024 * 1024)}
max-free = ${toString (1024 * 1024 * 1024)}
'';
nixPath = lib.mkForce [ "nixpkgs=${lib.cleanSource pkgs.path}" ];
registry = lib.mkForce {
"nixpkgs" = {
from = {
type = "indirect";
id = "nixpkgs";
};
to = {
type = "path";
path = lib.cleanSource pkgs.path;
};
exact = true;
};
};
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
w3m-nographics # needed for the manual anyway w3m-nographics # needed for the manual anyway
testdisk # useful for repairing boot problems testdisk # useful for repairing boot problems

21
packages/netali-configure-net-ruby/default.nix
View File

@@ -1,20 +1,31 @@
{ writeShellScriptBin, iproute2 }: { writeShellScriptBin, iproute2 }:
writeShellScriptBin "netali-configure-net-ruby" '' writeShellScriptBin "netali-configure-net-ruby" ''
if [[ $# -ne 2 ]]; then if [[ $# -ne 3 ]]; then
echo "Usage: netali-configure-net-ruby [interface] [last-ip-block]" echo "Usage: netali-configure-net-ruby [interface] [last-ip-block] [mode]"
echo "" echo ""
echo "interface: name of the network interface to configure" echo "interface: name of the network interface to configure"
echo "last-ip-block: last block of the IPv6 address of this host" echo "last-ip-block: last block of the IPv6 address of this host"
echo "mode: 'public' or 'internal' (affects IP subnet)"
exit 1 exit 1
fi fi
INTERFACE=$1 INTERFACE=$1
LAST_IP_BLOCK=$2 LAST_IP_BLOCK=$2
MODE=$3
if [[ $MODE == "public" ]]; then
PREFIX="2a00:fe0:1:21f::"
GATEWAY="2a00:fe0:1:21f::1"
else
PREFIX="2a00:fe0:3f5:1000::"
GATEWAY="2a00:fe0:3f5:1000::1"
fi
${iproute2}/bin/ip link set up $INTERFACE ${iproute2}/bin/ip link set up $INTERFACE
${iproute2}/bin/ip a a 2001:67c:a6c:a::$LAST_IP_BLOCK/64 dev $INTERFACE ${iproute2}/bin/ip a a $PREFIX$LAST_IP_BLOCK/64 dev $INTERFACE
${iproute2}/bin/ip r a default via fe80::1 dev $INTERFACE ${iproute2}/bin/ip r a default via $GATEWAY dev $INTERFACE
echo "nameserver 2606:4700:4700::1111" > /etc/resolv.conf echo "nameserver 2a00:fe0:0:2::300" > /etc/resolv.conf
echo "nameserver 2a00:fe0:0:3::300" >> /etc/resolv.conf
'' ''

18
packages/netali-default-config-ruby/config-template.txt
View File

@@ -4,12 +4,12 @@
imports = imports =
[ [
./hardware-configuration.nix ./hardware-configuration.nix
./static.nix
]; ];
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.cleanOnBoot = true;
boot.tmp.useTmpfs = true;
networking.nftables.enable = true; networking.nftables.enable = true;
@@ -18,7 +18,7 @@
users.users.netali = { users.users.netali = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOV4f3/OcNQIHqomvH0nGLDmXDlrO/u7JKE9Fgq2Vuqs me@netali.de" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqnMKa8BZmbRM2Oc4E8N9h9N26ABPLgPTketLNSK7l7 me@netali.de" ];
}; };
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
@@ -31,7 +31,7 @@
services.qemuGuest.enable = true; services.qemuGuest.enable = true;
system.stateVersion = "23.05"; system.stateVersion = "$STATE_VERSION";
networking.hostName = "$TARGET_HOSTNAME"; networking.hostName = "$TARGET_HOSTNAME";
@@ -42,7 +42,7 @@
networking.useDHCP = false; networking.useDHCP = false;
networking.dhcpcd.enable = false; networking.dhcpcd.enable = false;
networking.nameservers = [ "2606:4700:4700::1111" "2606:4700:4700::1001" ]; networking.nameservers = [ "2a00:fe0:0:2::300" "2a00:fe0:0:3::300" ];
nix = { nix = {
settings = { settings = {
@@ -64,16 +64,16 @@
systemd.network = { systemd.network = {
enable = true; enable = true;
networks = { networks = {
"40-ens18" = { "40-$INTERFACE" = {
name = "ens18"; name = "$INTERFACE";
networkConfig = { networkConfig = {
IPv6AcceptRA = false; IPv6AcceptRA = false;
}; };
address = [ address = [
"2001:67c:a6c:a::$LAST_IP_BLOCK/64" "$PREFIX$LAST_IP_BLOCK/64"
]; ];
gateway = [ gateway = [
"2001:67c:a6c:a::1" "$GATEWAY"
]; ];
}; };
}; };

26
packages/netali-default-config-ruby/default.nix
View File

@@ -1,18 +1,34 @@
{ writeShellScriptBin, envsubst }: { writeShellScriptBin, envsubst }:
writeShellScriptBin "netali-default-config-ruby" '' writeShellScriptBin "netali-default-config-ruby" ''
if [[ $# -ne 3 ]]; then if [[ $# -ne 6 ]]; then
echo "Usage: netali-default-config-ruby [out-path] [hostname] [last-ip-block]" echo "Usage: netali-default-config-ruby [out-path] [hostname] [interface] [last-ip-block] [mode] [state-version]"
echo "" echo ""
echo "out-path: path to which the configuration will be written" echo "out-path: path to which the configuration will be written"
echo "hostname: path to which the configuration will be written" echo "hostname: hostname of the new host"
echo "interface: name of the network interface to configure"
echo "last-ip-block: last block of the IPv6 address of this host" echo "last-ip-block: last block of the IPv6 address of this host"
echo "mode: 'public' or 'internal' (affects IP subnet)"
echo "state-version: NixOS State Version"
exit 1 exit 1
fi fi
OUT_PATH=$1 OUT_PATH=$1
export TARGET_HOSTNAME="$2" export TARGET_HOSTNAME="$2"
export LAST_IP_BLOCK="$3" export INTERFACE=$3
export LAST_IP_BLOCK=$4
MODE=$5
export STATE_VERSION=$6
${envsubst}/bin/envsubst -i ${./config-template.txt} -o $OUT_PATH if [[ $MODE == "public" ]]; then
export PREFIX="2a00:fe0:1:21f::"
export GATEWAY="2a00:fe0:1:21f::1"
else
export PREFIX="2a00:fe0:3f5:1000::"
export GATEWAY="2a00:fe0:3f5:1000::1"
fi
cp ${./static.nix} $OUT_PATH/static.nix
chmod 644 $OUT_PATH/static.nix
${envsubst}/bin/envsubst -i ${./config-template.txt} -o $OUT_PATH/configuration.nix
'' ''

20
packages/netali-default-config-ruby/static.nix Normal file
View File

@@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }:
{
# Pin current nixpkgs channel and flake registry to the nixpkgs version
# the host got build with
nix.nixPath = lib.mkForce [ "nixpkgs=\\${lib.cleanSource pkgs.path}" ];
nix.registry = lib.mkForce {
"nixpkgs" = {
from = {
type = "indirect";
id = "nixpkgs";
};
to = {
type = "path";
path = lib.cleanSource pkgs.path;
};
exact = true;
};
};
}