Add NixOS

ddterm · Feb 4, 2025 · 3ea23ca · 3ea23ca
1 parent d2395e8
commit 3ea23ca
Show file tree

Hide file tree

Showing 4 changed files with 188 additions and 0 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -50,6 +50,7 @@ jobs:
           - ubuntu2204
           - ubuntu2404
           - ubuntu2410
+          - nixos
 
     runs-on: ubuntu-24.04
     timeout-minutes: 45

diff --git a/configuration.nix b/configuration.nix
@@ -0,0 +1,74 @@
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "nixos";
+
+  networking.networkmanager.enable = true;
+
+  services.xserver.enable = true;
+  services.xserver.displayManager.gdm.enable = true;
+  services.xserver.desktopManager.gnome.enable = true;
+
+  services.printing.enable = true;
+
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+
+    # use the example session manager (no others are packaged yet so this is enabled by default,
+    # no need to redefine it in your config for now)
+    #media-session.enable = true;
+  };
+
+  users.users.vagrant = {
+    initialPassword = "vagrant";
+    isNormalUser = true;
+    description = "Vagrant";
+    extraGroups = [ "networkmanager" "wheel" ];
+    packages = with pkgs; [
+    ];
+    openssh.authorizedKeys.keys = [
+      ${join("\n", formatlist("\"%s\"", compact(split("\n", file("${path.root}/keys/vagrant.pub")))))}
+    ];
+  };
+
+  security.sudo.extraRules = [
+    {
+      users = [ "vagrant" ];
+      commands = [
+        {
+          command = "ALL";
+          options = [ "NOPASSWD" ];
+        }
+      ];
+    }
+  ];
+
+  environment.systemPackages = with pkgs; [
+  ];
+
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = true;
+    settings.KbdInteractiveAuthentication = true;
+    settings.PermitRootLogin = "yes";
+  };
+
+  services.qemuGuest.enable = true;
+  services.spice-vdagentd.enable = true;
+  services.spice-webdavd.enable = true;
+
+  system.stateVersion = "${state_version}";
+}
diff --git a/nixos.pkr.hcl b/nixos.pkr.hcl
@@ -0,0 +1,102 @@
+variable "nixos_channel" {
+  type = string
+  default = "24.11"
+}
+
+data "http" "nixos_iso_checksum" {
+  url = "https://channels.nixos.org/nixos-${var.nixos_channel}/latest-nixos-minimal-x86_64-linux.iso.sha256"
+}
+
+local "nixos_iso_checksum_split" {
+  expression = compact(split(" ", data.http.nixos_iso_checksum.body))
+}
+
+local "nixos_iso_checksum" {
+  expression = trimspace(local.nixos_iso_checksum_split[0])
+}
+
+local "nixos_iso_name" {
+  expression = trimspace(local.nixos_iso_checksum_split[1])
+}
+
+local "nixos_iso_dir" {
+  expression = regex_replace(local.nixos_iso_name, "nixos-minimal-(.*)-x86_64-linux.iso", "nixos-$1")
+}
+
+source "qemu" "nixos" {
+  iso_url = "https://releases.nixos.org/nixos/${var.nixos_channel}/${local.nixos_iso_dir}/${local.nixos_iso_name}"
+  iso_checksum = "sha256:${local.nixos_iso_checksum}"
+  vga = "virtio"
+  cpus = 2
+  memory = 4096
+  headless = var.headless
+  shutdown_command = "sudo shutdown -P now"
+  qmp_enable = true
+  disk_discard = "unmap"
+  ssh_timeout = "1h"
+  ssh_username = "root"
+  ssh_password = "nixos"
+  boot_wait = "1m"
+  boot_command = [
+    "sudo passwd root<enter><wait>",
+    "nixos<enter><wait>",
+    "nixos<enter><wait>",
+  ]
+  efi_firmware_code = "${path.root}/ovmf/OVMF_CODE.4m.fd"
+  efi_firmware_vars = "${path.root}/ovmf/OVMF_VARS.4m.fd"
+  qemuargs = [["-serial", "stdio"]]
+  machine_type = var.machine_type
+}
+
+build {
+  sources = [
+    "source.qemu.nixos"
+  ]
+
+  provisioner "shell" {
+    inline = [
+      "parted /dev/vda -- mklabel gpt",
+      "parted /dev/vda -- mkpart primary 512MB -8GB",
+      "parted /dev/vda -- mkpart primary linux-swap -8GB 100%",
+      "parted /dev/vda -- mkpart ESP fat32 1MB 512MB",
+      "parted /dev/vda -- set 3 esp on",
+
+      "mkfs.btrfs -L nixos /dev/vda1",
+      "mkswap -L swap /dev/vda2",
+      "swapon /dev/vda2",
+      "mkfs.fat -F 32 -n boot /dev/vda3",
+      "mount -o discard /dev/disk/by-label/nixos /mnt",
+      "mkdir -p /mnt/boot",
+      "mount /dev/disk/by-label/boot /mnt/boot",
+      "nixos-generate-config --root /mnt",
+    ]
+  }
+
+  provisioner "file" {
+    content = templatefile("${path.root}/configuration.nix", { path = path, state_version = var.nixos_channel })
+    destination = "/mnt/etc/nixos/configuration.nix"
+  }
+
+  provisioner "shell" {
+    inline = [
+      "nixos-install --no-root-password",
+    ]
+  }
+
+  post-processors {
+    post-processor "vagrant" {
+      vagrantfile_template = "Vagrantfile"
+      include = [
+        "${path.root}/ovmf/OVMF_CODE.4m.fd",
+        "${path.root}/output-${source.name}/efivars.fd",
+        "${path.root}/ovmf/edk2.License.txt",
+        "${path.root}/ovmf/OvmfPkg.License.txt",
+      ]
+    }
+
+    post-processor "vagrant-registry" {
+      box_tag = "gnome-shell-box/nixos"
+      version = local.version
+    }
+  }
+}
diff --git a/renovate.json b/renovate.json
@@ -86,6 +86,17 @@
       "datasourceTemplate": "custom.html",
       "depNameTemplate": "debian-amd64-netinst",
       "extractVersionTemplate": "(^|/)debian-(?<version>\\d+\\.\\d+\\.\\d+)-amd64-netinst\\.iso$"
+    },
+    {
+      "customType": "regex",
+      "fileMatch": [
+        "\\.pkr\\.hcl$"
+      ],
+      "matchStrings": [
+        "variable\\s+\"nixos_channel\"\\s*\\{[^}]*default\\s*=\\s*\"(?<currentValue>[^\"]+)"
+      ],
+      "datasourceTemplate": "endoflife-date",
+      "packageNameTemplate": "NixOS"
     }
   ],
   "packageRules": [