[feat]: Add rescue ISO with mainline kernel

2024-10-17 22:03:38 +02:00 · 2024-10-17 22:03:38 +02:00 · 17a4bba174
commit 17a4bba174
parent fd59db025f
2 changed files with 66 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -220,6 +220,7 @@
          "nixos-karl-kvm-guest"
          "nixos-pulse"
          "nixos-fw16"
+          "rescue-iso"
        ]
          (host: {
            "${host}" = nixpkgs.lib.nixosSystem {
--- a/systems/rescue-iso/default.nix
+++ b/systems/rescue-iso/default.nix
@ -0,0 +1,65 @@
+{ lib
+, pkgs
+, inputs
+, ...
+}:
+{
+  imports = [
+    "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix"
+    "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
+  ];
+
+  nix = {
+    settings.experimental-features = [ "nix-command" "flakes" ];
+    extraOptions = "experimental-features = nix-command flakes";
+  };
+
+  services = {
+    openssh.settings.PermitRootLogin = lib.mkForce "yes";
+    # TODO Add authorized Keys
+  };
+
+  boot =
+    let
+      version = "6.12-rc3";
+      kernelPatches = pkgs.callPackage "${inputs.nixpkgs}/pkgs/os-specific/linux/kernel/patches.nix" { };
+      ref = "6efbea77b390604a7be7364583e19cd2d6a1291b";
+      linux_mainline = { buildLinux, fetchzip, ... }@args: buildLinux {
+        version = version;
+        src = fetchzip {
+          url = "https://git.kernel.org/torvalds/t/linux-${ref}.tar.gz";
+          hash = "sha256-TP1sBMr34gAfIWD/LBlhorSebABUYsQE4OBuDFb348c=";
+        };
+        modDirVersion = lib.versions.pad 3 version;
+        kernelPatches = [
+          kernelPatches.bridge_stp_helper
+          kernelPatches.request_key_helper
+        ];
+        extraMeta.branch = "master";
+      };
+      linuxMainlinePkg = (pkgs.callPackage linux_mainline { });
+      linuxMainlinePkgs = pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linuxMainlinePkg);
+    in
+    {
+      kernelPackages = linuxMainlinePkgs;
+      supportedFilesystems = lib.mkForce [ "bcachefs" "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
+    };
+
+  users.extraUsers.root.hashedPassword = "$y$j9T$6eIwRNXAtlsVCP4x8GrQi1$PDbhjsbOGyIArOYtxtgc6u.w7I.M4iZbfk3pc7a4b93"; # nixos
+  users.extraUsers.root.initialPassword = lib.mkForce null;
+  users.extraUsers.root.initialHashedPassword = lib.mkForce null;
+
+  systemd = {
+    services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
+    targets = {
+      sleep.enable = false;
+      suspend.enable = false;
+      hibernate.enable = false;
+      hybrid-sleep.enable = false;
+    };
+  };
+
+  networking = {
+    hostName = "rescue-iso";
+  };
+}