From 17a4bba1745c00311c138dcee3903dda0d8e17d2 Mon Sep 17 00:00:00 2001
From: Tristan Druyen <tristan@vault81.de>
Date: Thu, 17 Oct 2024 22:03:38 +0200
Subject: [PATCH] [feat]: Add rescue ISO with mainline kernel

---
 flake.nix                      |  1 +
 systems/rescue-iso/default.nix | 65 ++++++++++++++++++++++++++++++++++
 2 files changed, 66 insertions(+)
 create mode 100644 systems/rescue-iso/default.nix

diff --git a/flake.nix b/flake.nix
index 69242cf..e5524dd 100644
--- a/flake.nix
+++ b/flake.nix
@@ -220,6 +220,7 @@
           "nixos-karl-kvm-guest"
           "nixos-pulse"
           "nixos-fw16"
+          "rescue-iso"
         ]
           (host: {
             "${host}" = nixpkgs.lib.nixosSystem {
diff --git a/systems/rescue-iso/default.nix b/systems/rescue-iso/default.nix
new file mode 100644
index 0000000..cbe4833
--- /dev/null
+++ b/systems/rescue-iso/default.nix
@@ -0,0 +1,65 @@
+{ lib
+, pkgs
+, inputs
+, ...
+}:
+{
+  imports = [
+    "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix"
+    "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
+  ];
+
+  nix = {
+    settings.experimental-features = [ "nix-command" "flakes" ];
+    extraOptions = "experimental-features = nix-command flakes";
+  };
+
+  services = {
+    openssh.settings.PermitRootLogin = lib.mkForce "yes";
+    # TODO Add authorized Keys
+  };
+
+  boot =
+    let
+      version = "6.12-rc3";
+      kernelPatches = pkgs.callPackage "${inputs.nixpkgs}/pkgs/os-specific/linux/kernel/patches.nix" { };
+      ref = "6efbea77b390604a7be7364583e19cd2d6a1291b";
+      linux_mainline = { buildLinux, fetchzip, ... }@args: buildLinux {
+        version = version;
+        src = fetchzip {
+          url = "https://git.kernel.org/torvalds/t/linux-${ref}.tar.gz";
+          hash = "sha256-TP1sBMr34gAfIWD/LBlhorSebABUYsQE4OBuDFb348c=";
+        };
+        modDirVersion = lib.versions.pad 3 version;
+        kernelPatches = [
+          kernelPatches.bridge_stp_helper
+          kernelPatches.request_key_helper
+        ];
+        extraMeta.branch = "master";
+      };
+      linuxMainlinePkg = (pkgs.callPackage linux_mainline { });
+      linuxMainlinePkgs = pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linuxMainlinePkg);
+    in
+    {
+      kernelPackages = linuxMainlinePkgs;
+      supportedFilesystems = lib.mkForce [ "bcachefs" "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
+    };
+
+  users.extraUsers.root.hashedPassword = "$y$j9T$6eIwRNXAtlsVCP4x8GrQi1$PDbhjsbOGyIArOYtxtgc6u.w7I.M4iZbfk3pc7a4b93"; # nixos
+  users.extraUsers.root.initialPassword = lib.mkForce null;
+  users.extraUsers.root.initialHashedPassword = lib.mkForce null;
+
+  systemd = {
+    services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
+    targets = {
+      sleep.enable = false;
+      suspend.enable = false;
+      hibernate.enable = false;
+      hybrid-sleep.enable = false;
+    };
+  };
+
+  networking = {
+    hostName = "rescue-iso";
+  };
+}