{ description = "The simple provisioning service"; inputs = { nixpkgs.url = "nixpkgs/nixos-unstable"; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; }; }; outputs = { self, nixpkgs, nixos-generators, ... }: let lastModifiedDate = self.lastModifiedDate or self.lastModified or "19700101"; version = builtins.substring 0 8 lastModifiedDate; supportedSystems = [ "x86_64-linux" "aarch64-linux" ]; forAllSystems = nixpkgs.lib.genAttrs supportedSystems; nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); in { packages = forAllSystems (system: let pkgs = nixpkgsFor.${system}; clientPackage = pkgs.buildGoModule { pname = "client"; inherit version; src = ./client; vendorHash = null; }; in { default = clientPackage; boot-env-iso = nixos-generators.nixosGenerate { inherit system; format = "iso"; modules = [ ({modulesPath, ...}: { imports = [ (modulesPath + "/profiles/minimal.nix") (modulesPath + "/profiles/base.nix") ]; system.stateVersion = "25.05"; # Disable unneeded features ##boot.loader.grub.enable = true; # Not needed as iso-image.nix in modulesPath defines these and cause conflict ##boot.loader.grub.device = "nodev"; documentation.enable = false; fonts.fontconfig.enable = false; services.udisks2.enable = false; networking.firewall.enable = false; # Technically we COULD use the firewall, but given that this is a network-dependent, one-time-use service, it would cause more issues services.getty.autologinUser = "root"; environment.systemPackages = [ clientPackage ]; environment.etc."profile.local".text = '' client ''; isoImage.squashfsCompression = "gzip -Xcompression-level 1"; }) ]; }; }); devShells = forAllSystems (system: let pkgs = nixpkgsFor.${system}; in { default = pkgs.mkShell { hardeningDisable = [ "fortify" ]; buildInputs = [ pkgs.bashInteractive pkgs.go pkgs.delve pkgs.qemu_kvm ]; }; }); }; }