feat: add iso POC

iso/README.md

@@ -0,0 +1,31 @@
+# ISO Image builds
+
+A minimal NixOS install iso build.
+
+Mainly useful for force-enabling `sshd` with my public key to allow headless deployments.
+
+> https://nixos.wiki/wiki/Creating_a_NixOS_live_CD
+
+## Building
+
+```
+cd iso
+nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix
+```
+
+# Checking image contents
+
+```
+$ mkdir mnt
+$ sudo mount -o loop result/iso/nixos-*.iso mnt
+$ ls mnt
+boot  EFI  isolinux  nix-store.squashfs  version.txt
+$ umount mnt
+```
+
+# Testing image in QEMU
+
+```
+$ nix-shell -p qemu
+$ qemu-system-x86_64 -enable-kvm -m 256 -cdrom result/iso/nixos-*.iso
+```

iso/iso.nix

@@ -0,0 +1,26 @@
+{ config, pkgs, ... }:
+{
+  imports = [
+    <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
+
+    # Provide an initial copy of the NixOS channel so that the user
+    # doesn't need to run "nix-channel --update" first.
+    # <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
+  ];
+
+  environment.systemPackages = [
+    pkgs.jq
+    pkgs.yq
+    pkgs.unixtools.top
+    pkgs.vim
+    pkgs.git
+    pkgs.dnsutils
+
+  ];
+
+  systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW truxnell@home"
+  ];
+
+}