{ description = "Minimal NixOS installation media"; inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; outputs = { self, nixpkgs, }: { packages.x86_64-linux.default = self.nixosConfigurations.chaos.config.system.build.isoImage; nixosConfigurations.chaos = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ ( { config, lib, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ]; boot.kernelParams = [ "console=ttyS0,115200n8" ]; boot.loader.grub.extraConfig = '' serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1 terminal_input serial terminal_output serial ''; nix.settings.experimental-features = [ "nix-command" "flakes" ]; programs.git = { enable = true; config.user = { name = "Root user of ${config.networking.hostName}"; email = "root@${config.networking.hostName}"; }; }; networking = { hostName = "chaos"; networkmanager.enable = lib.mkForce false; wireless = { enable = true; networks.Quentinternational.pskRaw = "ext:hotspot"; networks.Quentintranet.pskRaw = "ext:home"; secretsFile = "/run/wpa_supplicant.secrets"; }; }; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4wGbl3++lqCjLUhoRyABBrVEeNhIXYO4371srkRoyq qaristote@latitude-7490" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEvPsKWQXX/QsFQjJU0CjG4LllvUVZme45d9JeS/yhLt qaristote@precision-3571" ]; time.timeZone = "Europe/Paris"; i18n = { defaultLocale = "fr_FR.UTF-8"; extraLocaleSettings.LANG = "en_US.UTF-8"; }; console = { "font" = "Lat2-Terminus32"; keyMap = "fr"; }; environment.systemPackages = with pkgs; [ vim (pkgs.writeShellApplication { name = "connect-wifi"; text = '' vim ${config.networking.wireless.secretsFile} systemctl restart wpa_supplicant.service journalctl -xfeu wpa_supplicant.service ''; }) (pkgs.writeShellApplication { name = "format-disk"; text = '' DISK=/dev/"$1" # create crypt cryptsetup luksFormat "$DISK"2 cryptsetup luksOpen "$DISK"2 crypt until [ -e /dev/nixos ] do sleep 1 done # split into logical volumes pvcreate /dev/mapper/crypt vgcreate nixos /dev/mapper/crypt echo '===================================================================' echo '===================================================================' echo ' lsmem' echo '===================================================================' lsmem echo '===================================================================' echo 'Input swapsize:' read -r SWAPSIZE lvcreate -L "$SWAPSIZE" --name swap nixos lvcreate -l 100%FREE --name root nixos # mount mkswap /dev/nixos/swap mkfs.ext4 /dev/nixos/root mount /dev/nixos/root /mnt # create luks keys mkdir --parents /mnt/etc/luks/keys && pushd "$_" dd bs=1k count=4 if=/dev/random of=master dd bs=1k count=4 if=/dev/random of=tmp chmod 400 master tmp cryptsetup luksAddKey "$DISK"2 popd ''; }) (pkgs.writeShellApplication { name = "mount-system"; text = '' DISK=/dev/"$1" cryptsetup open "$DISK"2 crypt until [ -e /dev/nixos ] do sleep 1 done mount /dev/nixos/root /mnt swapon /dev/nixos/swap mount "$DISK"1 /mnt/boot ''; }) (pkgs.writeShellApplication { name = "write-secrets"; text = '' for SERVICE in wpa_supplicant msmtp do DIR=/mnt/etc/"$SERVICE" mkdir --parents "$DIR" vim "$DIR"/secrets chmod 500 "$DIR"/secrets || true rm --dir "$DIR" || true done ''; }) ]; } ) ]; }; }; }