feat: add box appliance images (iso, qcow2 and raw)#12
Open
phorcys420 wants to merge 13 commits into
Open
Conversation
Adds a live 'Box' ISO that boots the same configured system as a disk install (KDE, Coder server, k3s, Podman, bundled templates) entirely from RAM, with admin bootstrap + template deploy on first boot. - nixos/live-iso.nix: imports nixpkgs iso-image.nix + all-hardware; forces off systemd-boot/EFI-var writes (ISO carries its own loader); bakes the flake at /etc/nixos-repo so Coder bootstrap finds coderd/ templates; autologin + Coder admin defaults. BIOS boot gated to x86 (syslinux) so the module also builds for aarch64 (EFI-only). - hosts/live/default.nix: new 'live' host (nixosConfigurations.live), imports only nixos/live-iso.nix; no disko/facter/hardware-config. Independent of the install.sh flow. - Makefile: 'make live-iso' (native) and 'make live-iso/<arch>' (overrides nixpkgs.hostPlatform via extendModules). - README.md/agents.md: document the live ISO and build targets. Closes #5
- Rename Makefile target live-iso -> live-ephemeral-iso (and /<arch>). - Add hosts/persistent-disk: a disko-image-builder host that produces a persistent disk image sharing disko-standard.nix's GPT layout (state survives reboots, unlike the ephemeral live ISO). - Add Makefile targets persistent-disk/qcow2 and persistent-disk/raw, each with optional /<arch> suffix. raw is dd-able to a drive; qcow2 boots in QEMU/libvirt. - Extract the shared turn-key bits (all-hardware, baked /etc/nixos-repo, autologin, Coder admin bootstrap) into nixos/box-turnkey.nix, imported by both nixos/live-iso.nix and hosts/persistent-disk. Makefile uses one extendModules helper for all targets (per-arch + imageFormat overrides). - Update README.md/agents.md. Verified: all four nixosConfigurations eval; coder-thinkcentre drv unchanged; live ISO + persistent-disk qcow2/raw eval to derivations on x86_64 and aarch64; raw disk image full build plan resolves via nix build --dry-run.
Rename Makefile targets to a single 'appliance' namespace: live-ephemeral-iso -> appliance/iso persistent-disk/qcow2 -> appliance/qcow2 persistent-disk/raw -> appliance/raw Each keeps the optional /<arch> suffix (e.g. appliance/iso/aarch64-linux). The underlying hosts (live, persistent-disk) and modules are unchanged; this is target naming + docs only. Update README.md/agents.md.
Set image.baseName = coder-box-appliance (was coder-box-live) so the live appliance ISO is emitted as coder-box-appliance-<version>-<arch>.iso. Update the filename in the doc/comment examples too.
The live/persistent-disk hosts inherit configuration.nix's nixpkgs.hostPlatform = lib.mkOptionDefault "x86_64-linux", so a bare 'make appliance/iso' (no /<arch> suffix) always evaluated as x86_64 even on an aarch64 host. Pin nixpkgs.hostPlatform in the box_build helper to builtins.currentSystem when no arch is given (--impure already set), so the default tracks the builder's native architecture. Explicit /<arch> targets are unchanged.
- box_build now passes --out-link out/<target> so each build plants a GC-root
symlink under ./out (e.g. out/appliance-iso, out/appliance-raw-aarch64-linux)
pointing straight at the store path. Native Nix, no copying; the image still
lives in /nix/store (unavoidable) but is surfaced in the repo and won't be
garbage-collected. ./out is gitignored.
- Name the disko disk image coder-box-appliance.{raw,qcow2} (imageName) to
match the ISO's image.baseName.
- README: document the out/ paths and update the dd example.
Verified: --out-link creates the symlink (selftest build); persistent-disk
still evals with imageName override (resolves to coder-box-appliance).
isoName derives from image.baseName; the previous bare "coder-box-appliance"
dropped the arch upstream normally carries. Append ${hostPlatform.system} so
the file is coder-box-appliance-<arch>.iso (e.g. -x86_64-linux / -aarch64-linux),
making the arch visible and avoiding collisions between arches in ./out.
Match the ISO: set disko imageName to coder-box-appliance-<arch> so disk
images are coder-box-appliance-<arch>.{raw,qcow2} (e.g. -x86_64-linux /
-aarch64-linux). Arch is visible and the two arches don't collide in ./out.
Update README paths.
Set isoImage.appendToMenuLabel = " - Coder Box Appliance" (replaces the default " Installer"), so both the BIOS/isolinux and EFI/grub boot entries read 'NixOS <version> - Coder Box Appliance' instead of '... Installer'.
…s/_appliance-disk
- git mv hosts/live -> hosts/_appliance_iso, hosts/persistent-disk ->
hosts/_appliance-disk (flake auto-discovers them as nixosConfigurations
._appliance_iso / ._appliance-disk).
- flake.nix derives networking.hostName from the folder name, but a leading
underscore is an invalid hostname (must start alphanumeric), so each host now
sets networking.hostName = mkForce "appliance-iso" / "appliance-disk".
- Update Makefile host args and README/agents.md references. Build targets
(appliance/iso, appliance/{qcow2,raw}[/<arch>]) are unchanged.
Verified: all four nixosConfigurations eval; ISO + raw disk derivations build;
existing hosts unaffected.
- configuration.nix sets networking.hostName = mkOverride 1250 "coder-box" as the central default. Priority 1250 sits between mkDefault (1000) and mkOptionDefault (1500): it overrides nixpkgs' own mkOptionDefault "nixos" (which would otherwise tie and error) but still loses to flake.nix's folder-name mkDefault on install hosts. - flake.nix injects the folder-name hostname only for non-underscore hosts; underscore-prefixed image hosts (_appliance_iso, _appliance-disk) skip it and inherit coder-box. - Remove the custom hostName overrides from the appliance hosts (no longer set in the appliance nix files). - coder-thinkcentre and qemu-arm64 keep their folder-name hostnames. - Docs updated. Verified: _appliance_iso/_appliance-disk -> coder-box; coder-thinkcentre -> coder-thinkcentre; qemu-arm64 -> qemu-arm64; thinkcentre toplevel drv hash unchanged; ISO + raw disk drvs build.
…rom /etc/nixos-repo) Root cause: environment.etc."nixos-repo".source = self.outPath bakes the flake source into the image. On a DIRTY working tree, nix copies untracked files into self.outPath even when gitignored — including the Makefile's ./out (built images land there) and stray *.iso/*.qcow2/*.raw. So each build embedded the previous image into /etc/nixos-repo -> squashfs -> the next image, growing the ISO on every rebuild (verified: a 300MB out/ file inflated self.outPath to 206MB). Fix: wrap the baked source in lib.cleanSourceWith, filtering out out/, result, result-*, and *.iso/*.qcow2/*.raw. The baked /etc/nixos-repo is now content- stable regardless of build artifacts (verified: source hash unchanged when out/ grows 300MB->600MB), while still shipping the full tree (coderd/ etc.) for nixos-rebuild / coder-reset. Verified: baked source 5.5MB (no out/, no stray.iso, coderd/ kept); ISO + raw disk drvs evaluate; coder-thinkcentre toplevel drv hash unchanged.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a live 'Box' ISO that boots the same configured system as a disk
install (KDE, Coder server, k3s, Podman, bundled templates) entirely from
RAM, with admin bootstrap + template deploy on first boot.
Closes #5