From 3ee64199ffcd428af606515e46014f1811c8250c Mon Sep 17 00:00:00 2001 From: Aleksandr Mezin Date: Sun, 2 Feb 2025 12:40:52 +0200 Subject: [PATCH] Add NixOS --- .github/workflows/build.yml | 1 + configuration.nix | 74 ++++++++++++++++++++++++++ nixos.pkr.hcl | 102 ++++++++++++++++++++++++++++++++++++ renovate.json | 11 ++++ 4 files changed, 188 insertions(+) create mode 100644 configuration.nix create mode 100644 nixos.pkr.hcl diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0e68109..95dd39f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -50,6 +50,7 @@ jobs: - ubuntu2204 - ubuntu2404 - ubuntu2410 + - nixos runs-on: ubuntu-24.04 timeout-minutes: 45 diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..effb4f3 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,74 @@ +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "nixos"; + + networking.networkmanager.enable = true; + + services.xserver.enable = true; + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + + services.printing.enable = true; + + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + users.users.vagrant = { + initialPassword = "vagrant"; + isNormalUser = true; + description = "Vagrant"; + extraGroups = [ "networkmanager" "wheel" ]; + packages = with pkgs; [ + ]; + openssh.authorizedKeys.keys = [ + ${join("\n", formatlist("\"%s\"", compact(split("\n", file("${path.root}/keys/vagrant.pub")))))} + ]; + }; + + security.sudo.extraRules = [ + { + users = [ "vagrant" ]; + commands = [ + { + command = "ALL"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; + + environment.systemPackages = with pkgs; [ + ]; + + services.openssh = { + enable = true; + settings.PasswordAuthentication = true; + settings.KbdInteractiveAuthentication = true; + settings.PermitRootLogin = "yes"; + }; + + services.qemuGuest.enable = true; + services.spice-vdagentd.enable = true; + services.spice-webdavd.enable = true; + + system.stateVersion = "${state_version}"; +} diff --git a/nixos.pkr.hcl b/nixos.pkr.hcl new file mode 100644 index 0000000..6c903ee --- /dev/null +++ b/nixos.pkr.hcl @@ -0,0 +1,102 @@ +variable "nixos_channel" { + type = string + default = "24.11" +} + +data "http" "nixos_iso_checksum" { + url = "https://channels.nixos.org/nixos-${var.nixos_channel}/latest-nixos-minimal-x86_64-linux.iso.sha256" +} + +local "nixos_iso_checksum_split" { + expression = compact(split(" ", data.http.nixos_iso_checksum.body)) +} + +local "nixos_iso_checksum" { + expression = trimspace(local.nixos_iso_checksum_split[0]) +} + +local "nixos_iso_name" { + expression = trimspace(local.nixos_iso_checksum_split[1]) +} + +local "nixos_iso_dir" { + expression = regex_replace(local.nixos_iso_name, "nixos-minimal-(.*)-x86_64-linux.iso", "nixos-$1") +} + +source "qemu" "nixos" { + iso_url = "https://releases.nixos.org/nixos/${var.nixos_channel}/${local.nixos_iso_dir}/${local.nixos_iso_name}" + iso_checksum = "sha256:${local.nixos_iso_checksum}" + vga = "virtio" + cpus = 2 + memory = 4096 + headless = var.headless + shutdown_command = "sudo shutdown -P now" + qmp_enable = true + disk_discard = "unmap" + ssh_timeout = "1h" + ssh_username = "root" + ssh_password = "nixos" + boot_wait = "1m" + boot_command = [ + "sudo passwd root", + "nixos", + "nixos", + ] + efi_firmware_code = "${path.root}/ovmf/OVMF_CODE.4m.fd" + efi_firmware_vars = "${path.root}/ovmf/OVMF_VARS.4m.fd" + qemuargs = [["-serial", "stdio"]] + machine_type = var.machine_type +} + +build { + sources = [ + "source.qemu.nixos" + ] + + provisioner "shell" { + inline = [ + "parted /dev/vda -- mklabel gpt", + "parted /dev/vda -- mkpart primary 512MB -8GB", + "parted /dev/vda -- mkpart primary linux-swap -8GB 100%", + "parted /dev/vda -- mkpart ESP fat32 1MB 512MB", + "parted /dev/vda -- set 3 esp on", + + "mkfs.btrfs -L nixos /dev/vda1", + "mkswap -L swap /dev/vda2", + "swapon /dev/vda2", + "mkfs.fat -F 32 -n boot /dev/vda3", + "mount -o discard /dev/disk/by-label/nixos /mnt", + "mkdir -p /mnt/boot", + "mount /dev/disk/by-label/boot /mnt/boot", + "nixos-generate-config --root /mnt", + ] + } + + provisioner "file" { + content = templatefile("${path.root}/configuration.nix", { path = path, state_version = var.nixos_channel }) + destination = "/mnt/etc/nixos/configuration.nix" + } + + provisioner "shell" { + inline = [ + "nixos-install --no-root-password", + ] + } + + post-processors { + post-processor "vagrant" { + vagrantfile_template = "Vagrantfile" + include = [ + "${path.root}/ovmf/OVMF_CODE.4m.fd", + "${path.root}/output-${source.name}/efivars.fd", + "${path.root}/ovmf/edk2.License.txt", + "${path.root}/ovmf/OvmfPkg.License.txt", + ] + } + + post-processor "vagrant-registry" { + box_tag = "gnome-shell-box/nixos" + version = local.version + } + } +} diff --git a/renovate.json b/renovate.json index a865813..f064c0c 100644 --- a/renovate.json +++ b/renovate.json @@ -86,6 +86,17 @@ "datasourceTemplate": "custom.html", "depNameTemplate": "debian-amd64-netinst", "extractVersionTemplate": "(^|/)debian-(?\\d+\\.\\d+\\.\\d+)-amd64-netinst\\.iso$" + }, + { + "customType": "regex", + "fileMatch": [ + "\\.pkr\\.hcl$" + ], + "matchStrings": [ + "variable\\s+\"nixos_channel\"\\s*\\{[^}]*default\\s*=\\s*\"(?[^\"]+)" + ], + "datasourceTemplate": "endoflife-date", + "packageNameTemplate": "NixOS" } ], "packageRules": [