feat: use generic installer iso from now on

README.md

@@ -64,28 +64,21 @@ but here's a quick breakdown of the what you will find where.
 
 ... incomplete.
 
-- add <name> to `hosts` in `flake.nix`
-- create hosts/<name>
-- fill net.nix
-- fill fs.nix (you need to know the device by-id paths in advance for formatting to work!)
-- run generate-secrets
+- Add <name> to `hosts` in `flake.nix`
+- Create hosts/<name>
+- Fill net.nix
+- Fill fs.nix (you need to know the device by-id paths in advance for formatting to work!)
+- Run generate-secrets
 
 #### Initial deploy
 
-A. Fresh pre-made installer ISO
-
-- Create a iso disk image for the system with `nix build --print-out-paths --no-link .#installer-image-<host>`
-- dd the resulting image to a stick and boot from it on the target
-- (Optional) ssh into the target (keys are already set up)
-
-B. Reusing any nixos-live iso
-
-- Boot from live-iso and setup ssh access by writing your key to `/root/.ssh/authorized_keys`
-- Copy installer package with `nix copy --to <target> .#installer-package-<host>`
+- Create a bootable iso disk image with `nix build --print-out-paths --no-link .#images.<target-system>.live-iso`, dd it to a stick and boot
+- (Alternative) Use an official NixOS live-iso and setup ssh manually
+- Copy the installer from a local machine to the live system with `nix copy --to <target> .#packages.<target-system>.installer-package.<target>`
 
 Afterwards:
 
-- Run `install-system` and reboot
+- Run `install-system` in the live environment and reboot
 - Retrieve the new host identity by using `ssh-keyscan <host/ip> | grep -o 'ed25519.*' > host/<host>/secrets/host.pub`
 - (If the host has microvms, also retrieve their identities!)
 - Rekey the secrets for the new identity `nix run .#rekey`

flake.nix

@@ -72,12 +72,14 @@
 
   outputs = {
     self,
+    agenix-rekey,
     colmena,
     elewrap,
-    nixpkgs,
-    microvm,
     flake-utils,
-    agenix-rekey,
+    microvm,
+    nixos-generators,
+    nixpkgs,
+    pre-commit-hooks,
     ...
   } @ inputs: let
     inherit (nixpkgs) lib;
@@ -123,12 +125,12 @@
       # to any system via nodes.<name>
       nodes = self.colmenaNodes // self.microvmNodes;
 
-      # For each true NixOS system, we want to expose an installer image that
-      # can be used to do setup on the node.
+      # For each true NixOS system, we want to expose an installer package that
+      # can be used to do the initial setup on the node from a live environment.
       inherit
         (lib.foldl' lib.recursiveUpdate {}
           (lib.mapAttrsToList
-            (import ./nix/generate-installer.nix inputs)
+            (import ./nix/generate-installer-package.nix inputs)
             self.colmenaNodes))
         packages
         ;
@@ -146,11 +148,60 @@
           ];
       };
 
+      # For each major system, we provide a customized installer image that
+      # has ssh and some other convenience stuff preconfigured.
+      # Not strictly necessary for new setups.
+      images.live-iso = nixos-generators.nixosGenerate {
+        inherit pkgs;
+        modules = [
+          ./nix/installer-configuration.nix
+          ./modules/config/ssh.nix
+        ];
+        format =
+          {
+            x86_64-linux = "install-iso";
+            aarch64-linux = "sd-aarch64-installer";
+          }
+          .${system};
+      };
+
+      # Define local apps and apps used for rekeying secrets
+      # `nix run .#<app>`
       apps =
         agenix-rekey.defineApps self pkgs self.nodes
         // import ./apps inputs system;
-      checks = import ./nix/checks.nix inputs system;
-      devShells.default = import ./nix/dev-shell.nix inputs system;
+
+      # `nix flake check`
+      checks.pre-commit-hooks = pre-commit-hooks.lib.${system}.run {
+        src = lib.cleanSource ./.;
+        hooks = {
+          alejandra.enable = true;
+          statix.enable = true;
+          luacheck.enable = true;
+          stylua.enable = true;
+        };
+      };
+
+      # `nix develop`
+      devShells.default = pkgs.mkShell {
+        name = "nix-config";
+        packages = with pkgs; [
+          # Nix
+          alejandra
+          cachix
+          colmena
+          deadnix
+          nix-tree
+          statix
+          update-nix-fetchgit
+        ];
+
+        shellHook = ''
+          ${self.checks.${system}.pre-commit-check.shellHook}
+        '';
+      };
+
+      # `nix fmt`
       formatter = pkgs.alejandra;
     });
 }

hosts/zackbiene/README.md

@@ -1,5 +1,7 @@
 # First Setup
 
+- Install Tow-Boot (version 006 is broken, currently used 005) to SPI flash to be able to use UEFI. <3
+
 - In HomeAssistant, MQTT integration needs to be added
   manually, and the mqtt connection details must be entered
   localhost:1883, user=home_assistant, pass=<see corresponding secret file>

nix/checks.nix

@@ -1,17 +0,0 @@
-{
-  self,
-  pre-commit-hooks,
-  ...
-}: system: {
-  pre-commit-check =
-    pre-commit-hooks.lib.${system}.run
-    {
-      src = self.pkgs.${system}.lib.cleanSource ../.;
-      hooks = {
-        alejandra.enable = true;
-        statix.enable = true;
-        luacheck.enable = true;
-        stylua.enable = true;
-      };
-    };
-}

nix/dev-shell.nix

@@ -1,26 +0,0 @@
-{self, ...}: system:
-with self.pkgs.${system};
-  mkShell {
-    name = "nix-config";
-    packages = [
-      # Nix
-      cachix
-      colmena
-      alejandra
-      statix
-      update-nix-fetchgit
-
-      # Lua
-      stylua
-      (luajit.withPackages (p: with p; [luacheck]))
-
-      # Misc
-      shellcheck
-      pre-commit
-      rage
-    ];
-
-    shellHook = ''
-      ${self.checks.${system}.pre-commit-check.shellHook}
-    '';
-  }

nix/generate-installer-package.nix

@@ -0,0 +1,34 @@
+{self, ...}: nodeName: nodeAttrs: let
+  inherit (self.hosts.${nodeName}) system;
+  pkgs = self.pkgs.${system};
+
+  disko-script = pkgs.writeShellScriptBin "disko-script" "${nodeAttrs.config.system.build.diskoScript}";
+  disko-mount = pkgs.writeShellScriptBin "disko-mount" "${nodeAttrs.config.system.build.mountScript}";
+  disko-format = pkgs.writeShellScriptBin "disko-format" "${nodeAttrs.config.system.build.formatScript}";
+
+  install-system = pkgs.writeShellScriptBin "install-system" ''
+    set -euo pipefail
+
+    echo "Formatting disks..."
+    ${disko-script}/bin/disko-script
+
+    echo "Installing system..."
+    nixos-install --no-root-password --system ${nodeAttrs.config.system.build.toplevel}
+
+    echo "Done!"
+  '';
+
+  installer-package = pkgs.symlinkJoin {
+    name = "installer-package-${nodeName}";
+    paths = with pkgs; [
+      disko-script
+      disko-mount
+      disko-format
+      install-system
+    ];
+  };
+in {
+  # Everything required for the installer as a single package,
+  # so it can be used from an existing live system by copying the derivation.
+  packages.${system}.installer-package.${nodeName} = installer-package;
+}

nix/generate-installer.nix

@@ -1,90 +0,0 @@
-{
-  self,
-  nixos-generators,
-  ...
-}: nodeName: nodeAttrs: let
-  inherit (self.hosts.${nodeName}) system;
-
-  pkgs = self.pkgs.${system};
-
-  disko-script = pkgs.writeShellScriptBin "disko-script" "${nodeAttrs.config.system.build.diskoScript}";
-  disko-mount = pkgs.writeShellScriptBin "disko-mount" "${nodeAttrs.config.system.build.mountScript}";
-  disko-format = pkgs.writeShellScriptBin "disko-format" "${nodeAttrs.config.system.build.formatScript}";
-
-  install-system = pkgs.writeShellScriptBin "install-system" ''
-    set -euo pipefail
-
-    echo "Formatting disks..."
-    ${disko-script}/bin/disko-script
-
-    echo "Installing system..."
-    nixos-install --no-root-password --system ${nodeAttrs.config.system.build.toplevel}
-
-    echo "Done!"
-  '';
-
-  installer-package = pkgs.symlinkJoin {
-    name = "installer-package-${nodeName}";
-    paths = with pkgs; [
-      disko-script
-      disko-mount
-      disko-format
-      install-system
-    ];
-  };
-
-  configuration = {
-    pkgs,
-    lib,
-    ...
-  }: {
-    isoImage.isoName = lib.mkForce "nixos-image-${nodeName}.iso";
-    system.stateVersion = nodeAttrs.system.stateVersion;
-    nix.extraOptions = ''
-      experimental-features = nix-command flakes
-    '';
-
-    console.keyMap = "de-latin1-nodeadkeys";
-
-    users.users.root = {
-      password = "nixos";
-      openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5Uq+CDy5Pmt3If5M6d8K/Q7HArU6sZ7sgoj3T521Wm"];
-    };
-
-    environment = {
-      variables.EDITOR = "nvim";
-      systemPackages = with pkgs; [
-        installer-package
-
-        neovim
-        git
-        tmux
-        parted
-        ripgrep
-        fzf
-        wget
-        curl
-      ];
-    };
-  };
-in {
-  packages.${system} = {
-    # Everything required for the installer as a single package,
-    # so it can be used from an existing live system by copying the derivation.
-    # TODO can we use a unified installer iso? does that work regarding size of this package?
-    "installer-package-${nodeName}" = installer-package;
-    "installer-image-${nodeName}" = nixos-generators.nixosGenerate {
-      inherit pkgs;
-      modules = [
-        configuration
-        ../hosts/common/core/ssh.nix
-      ];
-      format =
-        {
-          x86_64-linux = "install-iso";
-          aarch64-linux = "sd-aarch64-installer";
-        }
-        .${system};
-    };
-  };
-}

nix/installer-configuration.nix

@@ -0,0 +1,38 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  isoImage.isoName = lib.mkForce "nixos.iso";
+  system.stateVersion = "23.11";
+  nix.extraOptions = ''
+    experimental-features = nix-command flakes
+  '';
+
+  console.keyMap = "de-latin1-nodeadkeys";
+
+  users.users.root = {
+    password = "nixos";
+    openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5Uq+CDy5Pmt3If5M6d8K/Q7HArU6sZ7sgoj3T521Wm"];
+  };
+
+  environment = {
+    variables.EDITOR = "nvim";
+    systemPackages = with pkgs; [
+      neovim
+      git
+      tmux
+      parted
+      ripgrep
+      fzf
+      wget
+      curl
+    ];
+
+    etc.issue.text = ''
+      \d  \t
+      This is \e{cyan}\n\e{reset} [\e{lightblue}\l\e{reset}] (\s \m \r)
+      \e{halfbright}\4\e{reset} \e{halfbright}\6\e{reset}
+    '';
+  };
+}