1# To build the installer for your system's architecture:
 2#
 3#   nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix
 4#
 5# To build a 32-bit installer, overrride the value of the `system` parameter:
 6#
 7#   nix-build <SAME AS BEFORE> --argStr system i686-linux
 8#
 9
10{ lib, pkgs, ... }:
11
12with lib;
13let
14  secretPath = ../../secrets/machines.nix;
15  secretCondition = builtins.pathExists secretPath;
16
17  isAuthorized = p: builtins.isAttrs p && p.authorized or false;
18  authorizedKeys = lists.optionals secretCondition (
19    attrsets.mapAttrsToList (_name: value: value.key) (
20      attrsets.filterAttrs (_name: isAuthorized) (import secretPath).ssh
21    )
22  );
23in
24{
25  imports = [
26    # https://nixos.wiki/wiki/Creating_a_NixOS_live_CD
27    <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
28    <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
29  ];
30
31  systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
32  users = {
33    mutableUsers = false;
34    users.root.openssh.authorizedKeys.keys = authorizedKeys;
35  };
36
37  environment.etc = {
38    "install.sh" = {
39      source = ./install.sh;
40      mode = "0700";
41    };
42
43    "configuration.nix" = {
44      source = ./installer_configuration.nix;
45      mode = "0600";
46    };
47  };
48}