From f625f778290ead9b6c895c3d817efe6729ecebbe Mon Sep 17 00:00:00 2001
From: truxnell <19149206+truxnell@users.noreply.github.com>
Date: Sun, 17 Mar 2024 21:44:59 +1100
Subject: [PATCH] feat: add iso POC

---
 iso/README.md | 31 +++++++++++++++++++++++++++++++
 iso/iso.nix   | 26 ++++++++++++++++++++++++++
 2 files changed, 57 insertions(+)
 create mode 100644 iso/README.md
 create mode 100644 iso/iso.nix

diff --git a/iso/README.md b/iso/README.md
new file mode 100644
index 0000000..b4153ed
--- /dev/null
+++ b/iso/README.md
@@ -0,0 +1,31 @@
+# ISO Image builds
+
+A minimal NixOS install iso build.
+
+Mainly useful for force-enabling `sshd` with my public key to allow headless deployments.
+
+> https://nixos.wiki/wiki/Creating_a_NixOS_live_CD
+
+## Building
+
+```
+cd iso
+nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix
+```
+
+# Checking image contents
+
+```
+$ mkdir mnt
+$ sudo mount -o loop result/iso/nixos-*.iso mnt
+$ ls mnt
+boot  EFI  isolinux  nix-store.squashfs  version.txt
+$ umount mnt
+```
+
+# Testing image in QEMU
+
+```
+$ nix-shell -p qemu
+$ qemu-system-x86_64 -enable-kvm -m 256 -cdrom result/iso/nixos-*.iso
+```
diff --git a/iso/iso.nix b/iso/iso.nix
new file mode 100644
index 0000000..fbe3680
--- /dev/null
+++ b/iso/iso.nix
@@ -0,0 +1,26 @@
+{ config, pkgs, ... }:
+{
+  imports = [
+    <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
+
+    # Provide an initial copy of the NixOS channel so that the user
+    # doesn't need to run "nix-channel --update" first.
+    # <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
+  ];
+
+  environment.systemPackages = [
+    pkgs.jq
+    pkgs.yq
+    pkgs.unixtools.top
+    pkgs.vim
+    pkgs.git
+    pkgs.dnsutils
+
+  ];
+
+  systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW truxnell@home"
+  ];
+
+}