nixos

2026-01-28 20:34:48 +00:00
parent 01049996da
commit b4678effc0
8 changed files with 167 additions and 2 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -126,6 +126,11 @@
            version = "13.3.0";
            hash = "sha256-ahYjQLygLt9n4VnIR81gVhinfVC/ggiO5RT4M2nkO4k=";
          };
+
+          # NixOS netboot rescue image
+          # Note: Update URL and hash manually from https://nixos.org/download
+          mrescue-nixos = super.callPackage ./pkgs/mrescue-nixos.nix { };
+
          vanta-agent = super.callPackage ./pkgs/vanta-agent.nix { };
          gcloud-wrapped = super.callPackage ./pkgs/gcloud-wrapped { };
          go-raceless = super.callPackage ./pkgs/go-raceless { inherit (nicer) ; };
@@ -415,6 +420,7 @@
            mrescue-debian-standard
            mrescue-debian-xfce
            mrescue-debian-kde
+            mrescue-nixos
            sentinelone
            ;
        };
--- a/hosts/mtworx/configuration.nix
+++ b/hosts/mtworx/configuration.nix
@@ -20,6 +20,7 @@ let
    item debian-standard Boot Debian Live ${pkgs.mrescue-debian-standard.version} (Standard)
    item debian-xfce Boot Debian Live ${pkgs.mrescue-debian-xfce.version} (XFCE)
    item debian-kde Boot Debian Live ${pkgs.mrescue-debian-kde.version} (KDE)
+    item nixos Boot NixOS ${pkgs.mrescue-nixos.version}
    item netbootxyz Boot netboot.xyz
    item shell iPXE Shell
    choose --default alpine --timeout 10000 selected || goto menu
@@ -45,6 +46,11 @@ let
    initrd http://10.14.143.1/boot/debian-kde/initrd
    boot

+    :nixos
+    kernel http://10.14.143.1/boot/nixos/kernel init=/nix/store/*/init loglevel=4
+    initrd http://10.14.143.1/boot/nixos/initrd
+    boot
+
    :netbootxyz
    isset ''${platform} && iseq ''${platform} pcbios && chain --autofree https://boot.netboot.xyz/ipxe/netboot.xyz.kpxe ||
    chain --autofree https://boot.netboot.xyz/ipxe/netboot.xyz.efi
@@ -69,6 +75,7 @@ let
    mkdir -p $out/debian-standard
    mkdir -p $out/debian-xfce
    mkdir -p $out/debian-kde
+    mkdir -p $out/nixos

    cp ${customIpxeEfi}/ipxe.efi $out/boot.efi
    cp ${customIpxeBios}/undionly.kpxe $out/boot.kpxe
@@ -91,6 +98,10 @@ let
    cp ${pkgs.mrescue-debian-kde}/kernel $out/debian-kde/kernel
    cp ${pkgs.mrescue-debian-kde}/initrd $out/debian-kde/initrd
    cp ${pkgs.mrescue-debian-kde}/filesystem.squashfs $out/debian-kde/filesystem.squashfs
+
+    # NixOS
+    cp ${pkgs.mrescue-nixos}/kernel $out/nixos/kernel
+    cp ${pkgs.mrescue-nixos}/initrd $out/nixos/initrd
  '';
 in
 {
--- a/pkgs/mrescue-alpine.nix
+++ b/pkgs/mrescue-alpine.nix
@@ -9,7 +9,10 @@ stdenv.mkDerivation rec {
  version = "3.23.3";

  src = fetchurl {
-    url = "https://dl-cdn.alpinelinux.org/alpine/v3.23/releases/x86_64/alpine-netboot-${version}-x86_64.tar.gz";
+    urls = [
+      "https://dl-cdn.alpinelinux.org/alpine/v3.23/releases/x86_64/alpine-netboot-${version}-x86_64.tar.gz"
+      "https://dl.jakstys.lt/boot/alpine-netboot-${version}-x86_64.tar.gz"
+    ];
    hash = "sha256-U/tUZvdhLU/2Fr3g9jfwuM0mfX5SrtxwUiD0h+Qx8VA=";
  };

--- a/pkgs/mrescue-debian.nix
+++ b/pkgs/mrescue-debian.nix
@@ -14,7 +14,10 @@ stdenv.mkDerivation rec {
  inherit version;

  src = fetchurl {
-    url = "https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-${version}-amd64-${flavor}.iso";
+    urls = [
+      "https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-${version}-amd64-${flavor}.iso"
+      "https://dl.jakstys.lt/boot/debian-live-${version}-amd64-${flavor}.iso"
+    ];
    inherit hash;
  };

--- a/pkgs/mrescue-nixos.nix
+++ b/pkgs/mrescue-nixos.nix
@@ -0,0 +1,55 @@
+{
+  pkgs,
+  stdenv,
+  fetchurl,
+}:
+
+let
+  # NixOS netboot files from nix-community/nixos-images
+  # Source: https://github.com/nix-community/nixos-images/releases
+  version = "25.11";
+
+  kernel = fetchurl {
+    urls = [
+      "https://dl.jakstys.lt/boot/nixos-${version}-bzImage-x86_64-linux"
+      "https://github.com/nix-community/nixos-images/releases/download/nixos-${version}/bzImage-x86_64-linux"
+    ];
+    hash = "sha256-ClUTxNU8YQfA8yo0vKx32fxl5Q3atXDXvGyIJP2OTpU=";
+  };
+
+  initrd =
+    (fetchurl {
+      urls = [
+        "https://dl.jakstys.lt/boot/nixos-${version}-initrd-x86_64-linux"
+        "https://github.com/nix-community/nixos-images/releases/download/nixos-${version}/initrd-x86_64-linux"
+      ];
+      hash = "sha256-0nLNJVrjxIKQCTPB3iz4N3j6OyQEJ2G0JTluhHOTpPU=";
+    }).overrideAttrs
+      (_: {
+        __structuredAttrs = true;
+        unsafeDiscardReferences.out = true;
+      });
+in
+stdenv.mkDerivation rec {
+  pname = "mrescue-nixos";
+  inherit version;
+
+  dontUnpack = true;
+  dontBuild = true;
+
+  installPhase = ''
+    runHook preInstall
+
+    mkdir -p $out
+    install -Dm644 ${kernel} $out/kernel
+    install -Dm644 ${initrd} $out/initrd
+
+    runHook postInstall
+  '';
+
+  meta = with pkgs.lib; {
+    description = "NixOS minimal netboot files for rescue purposes";
+    homepage = "https://github.com/nix-community/nixos-images";
+    platforms = platforms.linux;
+  };
+}
--- a/scripts/update-alpine.sh
+++ b/scripts/update-alpine.sh
@@ -42,3 +42,17 @@ HASH_SRI=$(nix-hash --type sha256 --to-sri "$HASH_HEX")
 # Output version and hash
 echo "version: $VERSION"
 echo "hash: $HASH_SRI"
+echo ""
+
+# Check mirror availability
+echo "Checking mirror availability..." >&2
+MIRROR_URL="https://dl.jakstys.lt/boot/alpine-netboot-${VERSION}-x86_64.tar.gz"
+if curl -sI "$MIRROR_URL" | head -1 | grep -q "200"; then
+  echo "✓ File available on mirror" >&2
+else
+  echo "⚠ Warning: File not found on mirror!" >&2
+  echo ""
+  echo "To upload to mirror, run:" >&2
+  echo "  ssh fwminex sh -c 'cd /var/www/dl/boot && wget https://dl-cdn.alpinelinux.org/alpine/${LATEST_MINOR}/releases/x86_64/alpine-netboot-${VERSION}-x86_64.tar.gz'" >&2
+  echo ""
+fi
--- a/scripts/update-debian.sh
+++ b/scripts/update-debian.sh
@@ -58,3 +58,16 @@ cat <<EOF
            hash = "${HASH_SRI}";
          };
 EOF
+
+echo ""
+echo "Checking mirror availability..." >&2
+MIRROR_URL="https://dl.jakstys.lt/boot/debian-live-${VERSION}-amd64-${FLAVOR}.iso"
+if curl -sI "$MIRROR_URL" | head -1 | grep -q "200"; then
+  echo "✓ File available on mirror" >&2
+else
+  echo "⚠ Warning: File not found on mirror!" >&2
+  echo ""
+  echo "To upload to mirror, run:" >&2
+  echo "  ssh fwminex sh -c 'cd /var/www/dl/boot && wget https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-${VERSION}-amd64-${FLAVOR}.iso'" >&2
+  echo ""
+fi
--- a/scripts/update-nixos.sh
+++ b/scripts/update-nixos.sh
@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Script to get latest NixOS netboot file hashes from nix-community/nixos-images
+# Usage: ./update-nixos.sh [version]
+#   version: 25.11, unstable, etc. (default: 25.11)
+
+VERSION="${1:-25.11}"
+BASE_URL="https://github.com/nix-community/nixos-images/releases/download/nixos-${VERSION}"
+MIRROR_BASE="https://dl.jakstys.lt/boot"
+
+echo "Fetching NixOS netboot files for version: ${VERSION}" >&2
+
+# Fetch kernel hash
+KERNEL_URL="${BASE_URL}/bzImage-x86_64-linux"
+echo "Downloading kernel from: $KERNEL_URL" >&2
+KERNEL_HASH_B32=$(nix-prefetch-url "$KERNEL_URL" 2>/dev/null)
+KERNEL_HASH_HEX=$(nix-hash --type sha256 --to-base16 "$KERNEL_HASH_B32")
+KERNEL_HASH_SRI=$(nix-hash --type sha256 --to-sri "$KERNEL_HASH_HEX")
+
+# Fetch initrd hash
+INITRD_URL="${BASE_URL}/initrd-x86_64-linux"
+echo "Downloading initrd from: $INITRD_URL" >&2
+INITRD_HASH_B32=$(nix-prefetch-url "$INITRD_URL" 2>/dev/null)
+INITRD_HASH_HEX=$(nix-hash --type sha256 --to-base16 "$INITRD_HASH_B32")
+INITRD_HASH_SRI=$(nix-hash --type sha256 --to-sri "$INITRD_HASH_HEX")
+
+echo ""
+echo "Update pkgs/mrescue-nixos.nix with:"
+echo ""
+echo "  version = \"${VERSION}\";"
+echo ""
+echo "  kernel hash = \"${KERNEL_HASH_SRI}\";"
+echo "  initrd hash = \"${INITRD_HASH_SRI}\";"
+echo ""
+
+# Check mirror availability
+KERNEL_MIRROR="${MIRROR_BASE}/nixos-${VERSION}-bzImage-x86_64-linux"
+INITRD_MIRROR="${MIRROR_BASE}/nixos-${VERSION}-initrd-x86_64-linux"
+
+echo "Checking mirror availability..." >&2
+KERNEL_EXISTS=$(curl -sI "$KERNEL_MIRROR" | head -1 | grep -q "200" && echo "yes" || echo "no")
+INITRD_EXISTS=$(curl -sI "$INITRD_MIRROR" | head -1 | grep -q "200" && echo "yes" || echo "no")
+
+if [[ "$KERNEL_EXISTS" == "no" ]] || [[ "$INITRD_EXISTS" == "no" ]]; then
+  echo ""
+  echo "⚠ Warning: Files not found on mirror!" >&2
+  echo ""
+  echo "To upload to mirror, run:" >&2
+  echo ""
+  if [[ "$KERNEL_EXISTS" == "no" ]]; then
+    echo "  ssh fwminex sh -c 'cd /var/www/dl/boot && wget -O nixos-${VERSION}-bzImage-x86_64-linux ${KERNEL_URL}'" >&2
+  fi
+  if [[ "$INITRD_EXISTS" == "no" ]]; then
+    echo "  ssh fwminex sh -c 'cd /var/www/dl/boot && wget -O nixos-${VERSION}-initrd-x86_64-linux ${INITRD_URL}'" >&2
+  fi
+  echo ""
+else
+  echo "✓ All files available on mirror" >&2
+fi