SebastianStork/nixos-installer
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-installer.git synced 2026-01-21 11:01:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Init

Browse source
This commit is contained in:
SebastianStork 2025-03-11 00:38:47 +01:00
commit b2aca0a845
11 changed files with 327 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc Normal file
View file

@ -0,0 +1 @@
use flake .

3
.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
.direnv/
result
*.dec

3
.sops.yaml Normal file
View file

@ -0,0 +1,3 @@
creation_rules:
- age: >-
age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5

139
flake.lock generated Normal file
View file

@ -0,0 +1,139 @@
{
"nodes": {
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1741684000,
"narHash": "sha256-NQykaWIrn5zilncefIvW4jPQ76YMXVK/dMTzkSVDmdk=",
"owner": "nix-community",
"repo": "disko",
"rev": "2db1d64fc084b1d15e3871dffc02c62a94ed6ed7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1741352980,
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1736643958,
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1740947705,
"narHash": "sha256-Co2kAD2SZalOm+5zoxmzEVZNvZ17TyafuFsD46BwSdY=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "507911df8c35939050ae324caccc7cf4ffb76565",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1741600792,
"narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ebe2788eafd539477f83775ef93c3c7e244421d3",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-24.11",
"type": "indirect"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1740877520,
"narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "147dee35aab2193b174e4c0868bd80ead5ce755c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"root": {
"inputs": {
"disko": "disko",
"flake-parts": "flake-parts",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs",
"treefmt-nix": "treefmt-nix"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1739829690,
"narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "3d0579f5cc93436052d94b73925b48973a104204",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

37
flake.nix Normal file
View file

@ -0,0 +1,37 @@
{
inputs = {
nixpkgs.url = "nixpkgs/nixos-24.11";
flake-parts.url = "github:hercules-ci/flake-parts";
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{ flake-parts, ... }@inputs:
flake-parts.lib.mkFlake { inherit inputs; } (
{ inputs, ... }:
{
systems = [ "x86_64-linux" ];
imports = [
./flake/dev-shells.nix
./flake/formatter.nix
./flake/image-generators.nix
];
}
);
}

12
flake/dev-shells.nix Normal file
View file

@ -0,0 +1,12 @@
{
perSystem =
{ pkgs, system, ... }:
{
devShells.default = pkgs.mkShell {
packages = [
pkgs.sops
pkgs.age
];
};
};
}

16
flake/formatter.nix Normal file
View file

@ -0,0 +1,16 @@
{ inputs, ... }:
{
perSystem =
{ pkgs, ... }:
{
formatter =
(inputs.treefmt-nix.lib.evalModule pkgs {
projectRootFile = "flake.nix";
programs = {
nixfmt.enable = true;
prettier.enable = true;
just.enable = true;
};
}).config.build.wrapper;
};
}

48
flake/image-generators.nix Normal file
View file

@ -0,0 +1,48 @@
{ inputs, self, ... }:
{
perSystem =
{
system,
inputs',
lib,
...
}:
{
packages =
let
mkImage =
{
name,
format,
config ? { },
}:
{
${name} = inputs.nixos-generators.nixosGenerate {
customFormats.minimal-iso = "${self}/formats/minimal-iso.nix";
inherit system format;
specialArgs = { inherit inputs'; };
modules = [
{ isoImage.isoBaseName = name; }
config
];
};
};
in
lib.mkMerge [
(mkImage {
name = "minimal";
format = "minimal-iso";
})
(mkImage {
name = "minimal-wlan";
format = "minimal-iso";
config = {
networking.networkmanager.enable = true;
};
})
];
};
}

28
formats/minimal-iso.nix Normal file
View file

@ -0,0 +1,28 @@
{
modulesPath,
inputs',
lib,
...
}:
{
imports = [ "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" ];
formatAttr = "isoImage";
fileExtension = ".iso";
services.openssh.enable = lib.mkForce false;
networking.wireless.enable = false;
console.keyMap = "de-latin1-nodeadkeys";
environment.systemPackages = [ inputs'.disko.packages.default ];
services.tailscale = {
enable = true;
openFirewall = true;
extraUpFlags = [ "--ssh" ];
# Ephemeral + not pre-approved
authKeyFile = ../tailscale-auth-key.dec;
};
}

19
justfile Normal file
View file

@ -0,0 +1,19 @@
set quiet := true
default:
just --list --unsorted
generate image: decrypt && encrypt
-nix build path:.#{{ image }}
decrypt:
sops decrypt --extract '["tailscale-auth-key"]' --output tailscale-auth-key.dec secrets.yaml
encrypt:
rm tailscale-auth-key.dec
update:
nix flake update --commit-lock-file
fmt:
nix fmt

21
secrets.yaml Normal file
View file

@ -0,0 +1,21 @@
tailscale-auth-key: ENC[AES256_GCM,data:3zUdiJyZtgFEABk3bAC1R60h3MMvssssc+vDW80EVGVNoSdudMnzBhmZEsMkaBFZYiTQ0evyPDqV1/jhb6g=,iv:bEn6kMKOrf+K2fIwFd0dTRpd86ia5H/ZwvbzTiTFOW0=,tag:r41zSXHqYJrsVbBxbpvONg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArMGk2UjBudmQ2eTJIZkFw
b212VXdGd09nMmY0dnhDcStnUHF3SFpKSFRjCnFFYmkrbVh0N3ozMXJIR0VOa2h4
S09BUjI0dGVWOEdqbUZ2eVEzb3R1aTgKLS0tIHpRdHFBSnBhaWdJUEMveFhselRV
QXd5WUd2NnV4OHNhVG41SngrRmh6KzgKVGxnz3esV5y2c4gYm03Qtcm8TPWcYOBK
Ns9q18/XQYYknOvZUB2QQLNVLphvx36wTlVQU6+nmqIVlZjRTfX0ug==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-11T19:50:10Z"
mac: ENC[AES256_GCM,data:csoXmToEAyKrDk5uTZnwau0FiJrdlZJTEmqaOS76/rq+iuxHGHnNk8esC7pjU4fvqkyyQDrbVtew/9c9DodjI6kx/gx1N/aEsE8sp68MpeOt75xVEwC8RUZjVzjhhE/5x/8gd5hakv01ySZXHhHvNnhINPjJnpQVtt6p63Thuc0=,iv:eVY+oWP8A5LEkNvKVX4mr1y9LrTtvaHjFfhS8OeX5r4=,tag:VPXXcFAdV2AsATgjSn7KdA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4