williamp/orphanage
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
orphanage/flake.nix

153 lines
5.2 KiB
Nix
Raw Permalink Blame History

{
description = "The simple provisioning service";
inputs = {
nixpkgs.url = "nixpkgs/nixos-unstable";
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, nixos-generators, ... }:
let
lastModifiedDate = self.lastModifiedDate or self.lastModified or "19700101";
version = builtins.substring 0 8 lastModifiedDate;
supportedSystems = [ "x86_64-linux" "aarch64-linux" ];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; });
in
{
packages = forAllSystems (system:
let
pkgs = nixpkgsFor.${system};
clientPackage = pkgs.buildGoModule {
pname = "client";
inherit version;
src = ./client;
vendorHash = null;
};
in
{
default = clientPackage;
boot-env-iso = nixos-generators.nixosGenerate {
inherit system;
format = "iso";
modules = [
({modulesPath, ...}: {
imports = [
(modulesPath + "/profiles/minimal.nix")
(modulesPath + "/profiles/base.nix")
];
system.stateVersion = "25.05";
boot.initrd.kernelModules = ["hv_vmbus" "hv_storvsc"]; # Hyper-V Support
# Disable unneeded features
documentation.enable = false;
fonts.fontconfig.enable = false;
services.udisks2.enable = false;
networking.firewall.enable = false; # Technically we COULD use the firewall, but given that this is a network-dependent, one-time-use service, it would cause more issues
services.getty.autologinUser = "root";
environment.systemPackages = [ clientPackage ];
environment.etc."profile.local".text = ''
client
'';
isoImage.squashfsCompression = "gzip -Xcompression-level 1";
})
];
};
boot-env-pxe = let
systemConfig = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
({modulesPath, ...}: {
imports = [
(modulesPath + "/installer/netboot/netboot-minimal.nix")
];
system.stateVersion = "25.05";
boot.initrd.kernelModules = ["hv_vmbus" "hv_storvsc"]; # Hyper-V Support
# Disable unneeded features
documentation.enable = nixpkgs.lib.mkForce false;
documentation.nixos.enable = nixpkgs.lib.mkForce false;
fonts.fontconfig.enable = false;
services.udisks2.enable = false;
users.allowNoPasswordLogin = true;
users.mutableUsers = false;
security.sudo.enable = false;
services.getty.helpLine = nixpkgs.lib.mkForce "";
nix.enable = false;
networking.firewall.enable = false; # Technically we COULD use the firewall, but given that this is a network-dependent, one-time-use service, it would cause more issues
services.getty.autologinUser = nixpkgs.lib.mkForce "root";
environment.systemPackages = [ clientPackage ];
environment.etc."profile.local".text = ''
client
'';
})
];
}; in pkgs.stdenv.mkDerivation {
name = "boot-env-pxe";
buildCommand = ''
mkdir -p $out
cp -r ${systemConfig.config.system.build.kernel}/bzImage $out/kernel
cp -r ${systemConfig.config.system.build.netbootRamdisk} $out/initrd
cat <<EOF > $out/boot.ipxe
#!ipxe
imgfree
kernel http://127.0.0.1:8081/kernel init=${systemConfig.config.system.build.toplevel}/init initrd=initrd ${toString systemConfig.config.boot.kernelParams} ''${cmdline}
initrd http://127.0.0.1:8081/initrd
boot
EOF
'';
};
});
apps = forAllSystems (system:
let
pkgs = nixpkgsFor.x86_64-linux;
iso = self.packages.x86_64-linux.boot-env-iso;
in
{
test-iso-x86_64 = {
type = "app";
program = "${pkgs.writeScriptBin "test-iso" ''
#!/bin/sh
${pkgs.qemu}/bin/qemu-system-x86_64 -cdrom ${iso}/iso/*.iso -m 1G \
-net nic,model=rtl8139 -net user,hostfwd=tcp::8080-:8080
''}/bin/test-iso";
};
});
devShells = forAllSystems (system:
let
pkgs = nixpkgsFor.${system};
in
{
default = pkgs.mkShell {
hardeningDisable = [ "fortify" ];
buildInputs = [
pkgs.bashInteractive
pkgs.go
pkgs.delve
pkgs.qemu_kvm
];
};
});
};
}
Reference in New Issue View Git Blame Copy Permalink