/** Convert a NixOS configuration to one for a minimal installer ISO WARNING: Running this installer will format the target disk! */ { nixpkgs, hostKeys ? {} }: machine: let inherit (builtins) concatStringsSep attrValues mapAttrs; installer = { config, pkgs, lib, ... }: let bootstrap = pkgs.writeShellApplication { name = "bootstrap"; runtimeInputs = with pkgs; [ nixos-install-tools ]; text = '' ${machine.config.system.build.diskoScript} nixos-install --no-root-password --no-channel-copy --system ${machine.config.system.build.toplevel} ${ concatStringsSep "\n" ( attrValues ( mapAttrs (kind: keys: '' cp ${keys.private} /mnt/etc/ssh/ssh_host_${kind}_key chmod 600 /mnt/etc/ssh/ssh_host_${kind}_key cp ${keys.public} /mnt/etc/ssh/ssh_host_${kind}_key.pub chmod 644 /mnt/etc/ssh/ssh_host_${kind}_key.pub '') hostKeys ) ) } poweroff ''; }; in { imports = [ "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" ]; nixpkgs.hostPlatform = "x86_64-linux"; services.getty.autologinUser = lib.mkForce "root"; programs.bash.loginShellInit = nixpkgs.lib.getExe bootstrap; isoImage = { compressImage = false; squashfsCompression = "lz4"; isoName = lib.mkForce "installer.iso"; ## ^^ FIXME: Use a more interesting name or keep the default name and ## use `isoImage.isoName` in the tests. }; }; in (nixpkgs.lib.nixosSystem { modules = [installer]; }).config.system.build.isoImage