1  # To build the installer for your system's architecture:
 2  #
 3  #   nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix
 4  #
 5  # To build a 32-bit installer, overrride the value of the `system` parameter:
 6  #
 7  #   nix-build <SAME AS BEFORE> --argStr system i686-linux
 8  #
 9  
10  { config, lib, pkgs, system ? builtins.currentSystem, ... }:
11  
12  with lib;
13  let
14    secretPath = ../../secrets/machines.nix;
15    secretCondition = (builtins.pathExists secretPath);
16  
17    isAuthorized = p: builtins.isAttrs p && p.authorized or false;
18    authorizedKeys = lists.optionals secretCondition (
19      attrsets.mapAttrsToList
20        (name: value: value.key)
21        (attrsets.filterAttrs (name: value: isAuthorized value) (import secretPath).ssh)
22    );
23  in
24  {
25    imports = [
26      # https://nixos.wiki/wiki/Creating_a_NixOS_live_CD
27      <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
28      <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
29    ];
30  
31    systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
32    users = {
33      mutableUsers = false;
34      users.root.openssh.authorizedKeys.keys = authorizedKeys;
35    };
36  
37    environment.etc = {
38      "install.sh" = {
39        source = ./install.sh;
40        mode = "0700";
41      };
42  
43      "configuration.nix" = {
44        source = ./installer_configuration.nix;
45        mode = "0600";
46      };
47    };
48  }