summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--config/container.nix7
-rw-r--r--data/yubikey_rsa.pub2
-rw-r--r--machines/generic-container.nix11
-rw-r--r--release.nix49
4 files changed, 68 insertions, 1 deletions
diff --git a/config/container.nix b/config/container.nix
index f4508f5..4cf3c17 100644
--- a/config/container.nix
+++ b/config/container.nix
@@ -2,8 +2,13 @@
{
boot.isContainer = true;
networking.firewall.allowedTCPPorts = [ 22 ];
- services.openssh.enable = lib.mkDefault true;
+ services = {
+ openssh.enable = lib.mkDefault true;
+ openssh.passwordAuthentication = false;
+ };
system.activationScripts.installInitScript = ''
ln -fs $systemConfig/init /init
+ mkdir -p /sbin/init
+ ln -fs $systemConfig/init /sbin/init
'';
}
diff --git a/data/yubikey_rsa.pub b/data/yubikey_rsa.pub
new file mode 100644
index 0000000..35c89d5
--- /dev/null
+++ b/data/yubikey_rsa.pub
@@ -0,0 +1,2 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+jJRMPLi62JJLZ1+jFmJk5uouPIoRVntUU7K4MVKwTCh7kJfRjcu79ebbsi7NpgyH4yAU7Xexq07iGSGOU0z2WDzXV6yLWcHWMYrlrhP0ITSVYhPWJRCbF99bU3Tc3n9fkt2SkCUib5NQeG+Ya1v73ForJfOZQDHNoyGUazLmwOF8mXfjUeMWrGcxjE0FM3970OHlw87ScBMeQTq+TJz40tKe00IYsW0RWVpMKNAS5GGTLXzrTF4op76qgdOVyyfBCx5u/gQKZ1K2gud0aT6RIel6wSr60Ee4mpr+eGhieM+7FMA4427lCnIqevtDILx6FjYpDCXMDh9dDd7R3oJ1 /home/orbekk/.ssh/id_rsa
+
diff --git a/machines/generic-container.nix b/machines/generic-container.nix
new file mode 100644
index 0000000..6c6c332
--- /dev/null
+++ b/machines/generic-container.nix
@@ -0,0 +1,11 @@
+{ config, lib, pkgs, ... }:
+{
+ imports = [
+ ../config/container.nix
+ ../config/users.nix
+ ];
+
+ networking = {
+ hostName = lib.mkForce "new-container";
+ };
+}
diff --git a/release.nix b/release.nix
index a4a1746..4fd73d8 100644
--- a/release.nix
+++ b/release.nix
@@ -1,9 +1,58 @@
{ nixpkgs ? (import <nixpkgs> {}) }:
+with nixpkgs.pkgs;
+let
+ pkgs2storeContents = l : map (x: { object = x; symlink = "none"; }) l;
+ makeSystemTarball =
+ { module, maintainers ? ["viric"], system }:
+
+ let
+ versionModule = {
+ system.nixosVersionSuffix = "orbekk";
+ system.nixosRevision = "master";
+ };
+
+ config = (import <nixpkgs/nixos/lib/eval-config.nix> {
+ inherit system;
+ modules = [ module versionModule ];
+ }).config;
+
+ tarball = import <nixpkgs/nixos/lib/make-system-tarball.nix> {
+ inherit (pkgs) stdenv perl xz pathsFromGraph;
+ contents = [];
+ extraArgs = "--owner=0";
+
+ # Add init script to image
+ storeContents = [
+ { object = config.system.build.toplevel + "/init";
+ symlink = "/init";
+ }
+ ] ++ (pkgs2storeContents [ pkgs.stdenv ]);
+
+ # Some container managers like lxc need these
+ extraCommands = writeScript "setup.sh" ''
+ mkdir -p proc sys dev sbin
+ ln -s init sbin/init
+ '';
+ };
+ in
+ tarball //
+ { meta = {
+ description = "NixOS system tarball for ${system} - ${stdenv.platform.name}";
+ maintainers = map (x: lib.maintainers.${x}) maintainers;
+ };
+ inherit config;
+ };
+in
{
containerTarball = (import <nixpkgs/nixos/release.nix> {})
.containerTarball.x86_64-linux;
+ orbekkContainerTarball = makeSystemTarball {
+ module = ./machines/generic-container.nix;
+ system = "x86_64-linux";
+ };
+
tests = {
common = import tests/common.nix;
desktop = import tests/desktop.nix;
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-28 17:59:25 +0000