Add hash-util, add iso generation

bin/hash-util.sh

@@ -0,0 +1,64 @@
+#!/usr/bin/env sh
+
+# Function to display usage information
+usage() {
+    echo "Usage: $0 --path <file_path> --hash <sha256_hash>"
+    echo
+    echo "Options:"
+    echo "  --path    Path to the file to be hashed."
+    echo "  --hash    The expected SHA256 hash."
+    echo "  --help    Display this help message."
+    exit 1
+}
+
+# Parse command-line arguments
+while [[ "$#" -gt 0 ]]; do
+    case "$1" in
+        --path)
+            FILE_PATH="$2"
+            shift
+            ;;
+        --hash)
+            EXPECTED_HASH="$2"
+            shift
+            ;;
+        --help)
+            usage
+            ;;
+        *)
+            echo "Unknown option: $1"
+            usage
+            ;;
+    esac
+    shift
+done
+
+# Check if both file path and hash are provided
+if [ -z "${FILE_PATH}" ] || [ -z "${EXPECTED_HASH}" ]; then
+    echo "Error: Both --path and --hash arguments are required."
+    usage
+fi
+
+# Check if the file exists
+if [ ! -f "${FILE_PATH}" ]; then
+    echo "Error: File not found at '${FILE_PATH}'"
+    exit 1
+fi
+
+# Calculate the SHA256 hash of the file
+CALCULATED_HASH=$(sha256sum "${FILE_PATH}" | awk '{print $1}')
+
+# Compare the calculated hash with the expected hash
+if [ "${CALCULATED_HASH}" == "${EXPECTED_HASH}" ]; then
+    echo "✅ Success: Hashes match."
+    echo "File: ${FILE_PATH}"
+    echo "Hash: ${CALCULATED_HASH}"
+else
+    echo "❌ Error: Hashes do not match."
+    echo "File:            ${FILE_PATH}"
+    echo "Expected Hash:   ${EXPECTED_HASH}"
+    echo "Calculated Hash: ${CALCULATED_HASH}"
+    exit 1
+fi
+
+exit 0

flake.nix

@@ -119,6 +119,26 @@
 
         format = "proxmox";
       };
+
+      izanami-iso = nixos-generators.nixosGenerate {
+        system = "x86_64-linux";
+        modules = [
+          home-manager.nixosModules.home-manager
+
+          ./iso/iso
+        ];
+
+        specialArgs = {
+          inherit inputs;
+
+          username = "izanami";
+          extraHomeModules = [
+            ./hm-modules
+          ];
+        };
+
+        format = "iso";
+      };
     };
 
     devShells = {

iso/iso/default.nix

@@ -0,0 +1,117 @@
+{ config, pkgs, extraHomeModules, inputs, lib, username, ... }:
+
+let flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
+in {
+  imports = [ # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+  ];
+
+  nixpkgs = {
+    # You can add overlays here
+    overlays = [ ];
+    # Configure your nixpkgs instance
+    config = {
+      # Disable if you don't want unfree packages
+      allowUnfree = true;
+    };
+  };
+
+  nix = {
+    settings = {
+      # Enable flakes and new 'nix' command
+      experimental-features = "nix-command flakes";
+      # Opinionated: disable global registry
+      flake-registry = "";
+      # Workaround for https://github.com/NixOS/nix/issues/9574
+      nix-path = config.nix.nixPath;
+
+      # Allow user to reubild nixos without sudo
+      trusted-users = [ "root" username ];
+    };
+    # Opinionated: disable channels
+    channel.enable = false;
+
+    # Opinionated: make flake registry and nix path match flake inputs
+    registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs;
+    nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
+  };
+
+  networking = {
+    hostName = username;
+    networkmanager.enable = true;
+  };
+
+  # Set your time zone.
+  time.timeZone = "Europe/Warsaw";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_GB.UTF-8";
+    LC_IDENTIFICATION = "en_GB.UTF-8";
+    LC_MEASUREMENT = "en_GB.UTF-8";
+    LC_MONETARY = "en_GB.UTF-8";
+    LC_NAME = "en_GB.UTF-8";
+    LC_NUMERIC = "en_GB.UTF-8";
+    LC_PAPER = "en_GB.UTF-8";
+    LC_TELEPHONE = "en_GB.UTF-8";
+    LC_TIME = "en_GB.UTF-8";
+  };
+
+  security = {
+    rtkit.enable = true;
+    sudo.extraRules = [{
+      users = [ username ];
+      commands = [{
+        command = "ALL";
+        options =
+          [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
+      }];
+    }];
+  };
+
+  users.users.${username} = {
+    isNormalUser = true;
+    description = "NixOS Proxmox Base Image";
+    hashedPassword =
+      "$6$YhcYhZA4dn.DKxfg$PFUomdcTMxM6wQx5indT9paO7TQAoT/a85NZ2.T2wR5OtRhsRgFnySQSlAp5qSjzrwsAY2T40Js7gHkGe5chZ/";
+    extraGroups = [ "networkmanager" "wheel" ];
+    packages = with pkgs; [ ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBcGhVpjmWEw1GEw0y/ysJPa2v3+u/Rt/iES/Se2huH2 alexander0derevianko@gmail.com"
+    ];
+
+    shell = pkgs.zsh;
+  };
+
+  environment.systemPackages = with pkgs; [ vim wget ripgrep ];
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      # Opinionated: forbid root login through SSH.
+      PermitRootLogin = "no";
+      # Opinionated: use keys only.
+      # Remove if you want to SSH using passwords
+      PasswordAuthentication = false;
+    };
+  };
+
+  programs = { zsh.enable = true; };
+
+  ###
+  # Home Manger configuration
+  ###
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    backupFileExtension = "backup";
+    extraSpecialArgs = { inherit inputs username; };
+
+    users."${username}" = { imports = [ ./home.nix ] ++ extraHomeModules; };
+  };
+
+  # DO NOT CHANGE AT ANY POINT!
+  system.stateVersion = "25.05";
+}

iso/iso/hardware-configuration.nix

@@ -0,0 +1,28 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  # fileSystems."/" =
+  #   { device = "/dev/disk/by-uuid/301d5990-7186-4a90-94aa-997044007358";
+  #     fsType = "ext4";
+  #   };
+
+  # swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

iso/iso/home.nix

@@ -0,0 +1,29 @@
+{ config, lib, pkgs, username, ... }:
+
+{
+  home = {
+    inherit username;
+    stateVersion = "25.05";
+    homeDirectory = "/home/${username}";
+  };
+
+  dov = {
+    shell = {
+      zsh = {
+        enable = true;
+        shellAliases = {
+          ll = "eza -al";
+          sc = "source $HOME/.zshrc";
+          psax = "ps ax | grep";
+          cp = "rsync -ah --progress";
+        };
+      };
+    };
+  };
+
+  programs.home-manager.enable = true;
+
+  home.packages = with pkgs; [
+    eza
+  ];
+}