From 9bd163a32c9ae32fd73b8c978f0320faecd17431 Mon Sep 17 00:00:00 2001 From: Alexander Derevianko Date: Fri, 1 Aug 2025 13:59:58 +0200 Subject: [PATCH] Add hash-util, add iso generation --- bin/hash-util.sh | 64 ++++++++++++++++ flake.nix | 20 +++++ iso/iso/default.nix | 117 +++++++++++++++++++++++++++++ iso/iso/hardware-configuration.nix | 28 +++++++ iso/iso/home.nix | 29 +++++++ 5 files changed, 258 insertions(+) create mode 100755 bin/hash-util.sh create mode 100644 iso/iso/default.nix create mode 100644 iso/iso/hardware-configuration.nix create mode 100644 iso/iso/home.nix diff --git a/bin/hash-util.sh b/bin/hash-util.sh new file mode 100755 index 0000000..b0ba6dc --- /dev/null +++ b/bin/hash-util.sh @@ -0,0 +1,64 @@ +#!/usr/bin/env sh + +# Function to display usage information +usage() { + echo "Usage: $0 --path --hash " + echo + echo "Options:" + echo " --path Path to the file to be hashed." + echo " --hash The expected SHA256 hash." + echo " --help Display this help message." + exit 1 +} + +# Parse command-line arguments +while [[ "$#" -gt 0 ]]; do + case "$1" in + --path) + FILE_PATH="$2" + shift + ;; + --hash) + EXPECTED_HASH="$2" + shift + ;; + --help) + usage + ;; + *) + echo "Unknown option: $1" + usage + ;; + esac + shift +done + +# Check if both file path and hash are provided +if [ -z "${FILE_PATH}" ] || [ -z "${EXPECTED_HASH}" ]; then + echo "Error: Both --path and --hash arguments are required." + usage +fi + +# Check if the file exists +if [ ! -f "${FILE_PATH}" ]; then + echo "Error: File not found at '${FILE_PATH}'" + exit 1 +fi + +# Calculate the SHA256 hash of the file +CALCULATED_HASH=$(sha256sum "${FILE_PATH}" | awk '{print $1}') + +# Compare the calculated hash with the expected hash +if [ "${CALCULATED_HASH}" == "${EXPECTED_HASH}" ]; then + echo "✅ Success: Hashes match." + echo "File: ${FILE_PATH}" + echo "Hash: ${CALCULATED_HASH}" +else + echo "❌ Error: Hashes do not match." + echo "File: ${FILE_PATH}" + echo "Expected Hash: ${EXPECTED_HASH}" + echo "Calculated Hash: ${CALCULATED_HASH}" + exit 1 +fi + +exit 0 diff --git a/flake.nix b/flake.nix index 815b69d..37bee85 100644 --- a/flake.nix +++ b/flake.nix @@ -119,6 +119,26 @@ format = "proxmox"; }; + + izanami-iso = nixos-generators.nixosGenerate { + system = "x86_64-linux"; + modules = [ + home-manager.nixosModules.home-manager + + ./iso/iso + ]; + + specialArgs = { + inherit inputs; + + username = "izanami"; + extraHomeModules = [ + ./hm-modules + ]; + }; + + format = "iso"; + }; }; devShells = { diff --git a/iso/iso/default.nix b/iso/iso/default.nix new file mode 100644 index 0000000..6d4a3da --- /dev/null +++ b/iso/iso/default.nix @@ -0,0 +1,117 @@ +{ config, pkgs, extraHomeModules, inputs, lib, username, ... }: + +let flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; +in { + imports = [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + nixpkgs = { + # You can add overlays here + overlays = [ ]; + # Configure your nixpkgs instance + config = { + # Disable if you don't want unfree packages + allowUnfree = true; + }; + }; + + nix = { + settings = { + # Enable flakes and new 'nix' command + experimental-features = "nix-command flakes"; + # Opinionated: disable global registry + flake-registry = ""; + # Workaround for https://github.com/NixOS/nix/issues/9574 + nix-path = config.nix.nixPath; + + # Allow user to reubild nixos without sudo + trusted-users = [ "root" username ]; + }; + # Opinionated: disable channels + channel.enable = false; + + # Opinionated: make flake registry and nix path match flake inputs + registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs; + nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; + }; + + networking = { + hostName = username; + networkmanager.enable = true; + }; + + # Set your time zone. + time.timeZone = "Europe/Warsaw"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_GB.UTF-8"; + LC_IDENTIFICATION = "en_GB.UTF-8"; + LC_MEASUREMENT = "en_GB.UTF-8"; + LC_MONETARY = "en_GB.UTF-8"; + LC_NAME = "en_GB.UTF-8"; + LC_NUMERIC = "en_GB.UTF-8"; + LC_PAPER = "en_GB.UTF-8"; + LC_TELEPHONE = "en_GB.UTF-8"; + LC_TIME = "en_GB.UTF-8"; + }; + + security = { + rtkit.enable = true; + sudo.extraRules = [{ + users = [ username ]; + commands = [{ + command = "ALL"; + options = + [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea + }]; + }]; + }; + + users.users.${username} = { + isNormalUser = true; + description = "NixOS Proxmox Base Image"; + hashedPassword = + "$6$YhcYhZA4dn.DKxfg$PFUomdcTMxM6wQx5indT9paO7TQAoT/a85NZ2.T2wR5OtRhsRgFnySQSlAp5qSjzrwsAY2T40Js7gHkGe5chZ/"; + extraGroups = [ "networkmanager" "wheel" ]; + packages = with pkgs; [ ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBcGhVpjmWEw1GEw0y/ysJPa2v3+u/Rt/iES/Se2huH2 alexander0derevianko@gmail.com" + ]; + + shell = pkgs.zsh; + }; + + environment.systemPackages = with pkgs; [ vim wget ripgrep ]; + + services.openssh = { + enable = true; + settings = { + # Opinionated: forbid root login through SSH. + PermitRootLogin = "no"; + # Opinionated: use keys only. + # Remove if you want to SSH using passwords + PasswordAuthentication = false; + }; + }; + + programs = { zsh.enable = true; }; + + ### + # Home Manger configuration + ### + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + backupFileExtension = "backup"; + extraSpecialArgs = { inherit inputs username; }; + + users."${username}" = { imports = [ ./home.nix ] ++ extraHomeModules; }; + }; + + # DO NOT CHANGE AT ANY POINT! + system.stateVersion = "25.05"; +} diff --git a/iso/iso/hardware-configuration.nix b/iso/iso/hardware-configuration.nix new file mode 100644 index 0000000..c760612 --- /dev/null +++ b/iso/iso/hardware-configuration.nix @@ -0,0 +1,28 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # fileSystems."/" = + # { device = "/dev/disk/by-uuid/301d5990-7186-4a90-94aa-997044007358"; + # fsType = "ext4"; + # }; + + # swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/iso/iso/home.nix b/iso/iso/home.nix new file mode 100644 index 0000000..c551006 --- /dev/null +++ b/iso/iso/home.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, username, ... }: + +{ + home = { + inherit username; + stateVersion = "25.05"; + homeDirectory = "/home/${username}"; + }; + + dov = { + shell = { + zsh = { + enable = true; + shellAliases = { + ll = "eza -al"; + sc = "source $HOME/.zshrc"; + psax = "ps ax | grep"; + cp = "rsync -ah --progress"; + }; + }; + }; + }; + + programs.home-manager.enable = true; + + home.packages = with pkgs; [ + eza + ]; +}