Creating a NixOS live CD: Difference between revisions

From NixOS Wiki
← Older edit
VisualWikitext
imported>Makefu
remove old code
m →‎Static IP Address: Changed networking.interfaces.eth0.ip4 to networking.interfaces.eth0.ipv4.addresses to be consistent with the current proper usage ( as of 24.05 )
 
(38 intermediate revisions by 15 users not shown)
Line 1: Line 1:
<translate>
== Motivation == <!--T:19-->


== motivation ==
<!--T:33-->
creating a modified NIXOS live CD out of a working nixos installation gives you the benefits:
Creating a modified NixOS LiveCD out of an existing working NixOS installation has a number of benefits:
* verify what is included
* no need to download it
* it is easy to add your own programs to the image


== how to build such an image ==
<!--T:34-->
we will use the NIXREPOS variable, which points to the nixpkgs/nixos checkouts, see [[Create and debug nix packages]]
* Ensures authenticity.


just run this command (for 64 bit):
<!--T:35-->
export NIX_PATH=$NIXREPOS
* No need for internet access.
nix-build -A iso_graphical.x86_64-linux $NIXREPOS/nixos/release.nix


for 32 bit:
<!--T:36-->
export NIX_PATH=$NIXREPOS
* It is easy to add your own packages and configuration changes to the image.
nix-build -A iso_graphical.i686-linux $NIXREPOS/nixos/release.nix
once the building process is over, you should see multiple nix distributions built (for multiple archs). See contents to find iso image path:


$ cat /nix/store/2y4bivmrzg4d2dgby2b7prvfj7445088-nixos-iso-0.1pre1234/nix-support/hydra-build-products
== Building == <!--T:20-->
file iso /nix/store/94rrfklbk2hcqhkr4627vsrlprlyva50-iso9660-image/iso/nixos-minimal-0.1pre1234-i686-linux-test.iso


and copy the new image from there to your USB drive (or use unetbootin).
<!--T:37-->
Building minimal NixOS installation CD with the <code>nix-build</code> command by creating this <code>iso.nix</code>-file. In this example with [[Neovim]] preinstalled.  


== adding additional software to the image ==
</translate>
the basic script '''/etc/nixos/nixos/release.nix''' contains several entry points for custom images. as we are using '''-A iso_minimal''' have a look at: iso_minimal which will redirect us to:
<syntaxhighlight lang="nix">
{ config, pkgs, ... }:
{
  imports = [
    <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>


* ./modules/installer/cd-dvd/installation-cd-minimal.nix -> /etc/nixos/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix
    # Provide an initial copy of the NixOS channel so that the user
# This module defines a small NixOS installation CD.  It does not
    # doesn't need to run "nix-channel --update" first.
# contain any graphical stuff.
    <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
{config, pkgs, ...}:
  ];
{
  environment.systemPackages = [ pkgs.neovim ];
  require = [
}
    ./installation-cd-base.nix
</syntaxhighlight>
    ../../profiles/minimal.nix
<translate>
  ];
}


=== Start SSH with your SSH key
<!--T:21-->
Build the image via:


In your configuration.nix:
</translate>
<syntaxhighlight lang="bash">
nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix
</syntaxhighlight>
<translate>


<code>
<!--T:22-->
   services.openssh = {
Alternatively, use Nix [[Flakes]] to generate a ISO installation image, using the <code>nixos-24.05</code> branch as nixpkgs source:
    enable = true;
 
     hostKeys = [
</translate>
       { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
{{file|flake.nix|nix|<nowiki>
     ];
{
  description = "Minimal NixOS installation media";
   inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
  outputs = { self, nixpkgs }: {
     nixosConfigurations = {
       exampleIso = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [
          ({ pkgs, modulesPath, ... }: {
            imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ];
            environment.systemPackages = [ pkgs.neovim ];
          })
        ];
      };
     };
   };
   };
   # enable ssh in the iso boot process
}
   systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
</nowiki>}}
   users.users.root.openssh.authorizedKeys.keys [
<translate>
     "ssh-rsa AAAAB3NzaC1y...== me@my-laptop"
 
<!--T:23-->
The following commands will generate the iso-image:
 
</translate>
<syntaxhighlight lang="console">
# git init
# git add flake.nix
# nix build .#nixosConfigurations.exampleIso.config.system.build.isoImage
</syntaxhighlight>
<translate>
 
<!--T:24-->
The resulting image can be found in <code>result</code>:
 
</translate>
<syntaxhighlight lang="console">
$ ls result/iso/
nixos-24.05.20240721.63d37cc-x86_64-linux.iso
</syntaxhighlight>
<translate>
 
=== Testing the image === <!--T:7-->
 
<!--T:38-->
To inspect the contents of the ISO image:
 
</translate>
<syntaxhighlight lang="console">
$ mkdir mnt
$ sudo mount -o loop result/iso/nixos-*.iso mnt
$ ls mnt
boot  EFI  isolinux  nix-store.squashfs  version.txt
$ umount mnt
</syntaxhighlight>
<translate>
 
<!--T:25-->
To boot the ISO image in an emulator:
 
</translate>
<syntaxhighlight lang="console">
$ nix-shell -p qemu
$ qemu-system-x86_64 -enable-kvm -m 256 -cdrom result/iso/nixos-*.iso
</syntaxhighlight>
<translate>
 
===SSH=== <!--T:26-->
 
<!--T:39-->
In your <tt>iso.nix</tt>:
 
</translate>
<syntaxhighlight lang="nix">
{
  ...
   # Enable SSH in the boot process.
   systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
   users.users.root.openssh.authorizedKeys.keys = [
     "ssh-ed25519 AaAeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee username@host"
   ];
   ];
  ...
}
</syntaxhighlight>
<translate>
===Static IP Address=== <!--T:11-->
<!--T:40-->
Static IP addresses can be set in the image itself. This can be useful for VPS installation.
</translate>
<syntaxhighlight lang="nix" line="1">
{
  ...
  networking = {
    usePredictableInterfaceNames = false;
    interfaces.eth0.ipv4.addresses = [{
      address = "64.137.201.46";
      prefixLength = 24;
    }];
    defaultGateway = "64.137.201.1";
    nameservers = [ "8.8.8.8" ];
  };
  ...
}
</syntaxhighlight>
<translate>
=== Building faster === <!--T:27-->
<!--T:41-->
The build process is slow because of compression.
<!--T:28-->
Here are some timings for <code>nix-build</code>:
<!--T:29-->
{| class="wikitable" style="margin:auto"
|+ Compression results
|-
! squashfsCompression !! Time !! Size
|-
| <code>lz4</code> || 100s || 59%
|-
| <code>gzip -Xcompression-level 1</code> || 105s || 52%
|-
| <code>gzip</code> || 210s || 49%
|-
| <code>xz -Xdict-size 100%</code> (default) || 450s || 43%
|}
<!--T:30-->
See also: [https://gist.github.com/baryluk/70a99b5f26df4671378dd05afef97fce mksquashfs benchmarks]
<!--T:31-->
If you don't care about file size, you can use a faster compression
by adding this to your <code>iso.nix</code>:


</code>
</translate>
<syntaxhighlight lang="nix">
{
  isoImage.squashfsCompression = "gzip -Xcompression-level 1";
}
</syntaxhighlight>
<translate>


== software installation inside the 'once' deployed and booted image ==
==See also== <!--T:32-->
in case you have booted from your image you can add software as described here:
* [[install/remove software]]


== references ==
<!--T:42-->
* See also section "Building your own NixOS CD" of the [https://nixos.org/nixos/manual/index.html#sec-building-cd NixOS manual].
* [https://nixos.org/manual/nixos/stable/index.html#sec-building-image NixOS Manual: Building a NixOS (Live) ISO].
</translate>


[[Category:NixOS]]
[[Category:NixOS]]
[[Category:Installation]]
[[Category:Deployment]]
[[Category:Deployment]]
[[Category:HOW-TO]]
[[Category:Cookbook]]

Latest revision as of 21:33, 1 August 2024

Motivation

Creating a modified NixOS LiveCD out of an existing working NixOS installation has a number of benefits:

  • Ensures authenticity.
  • No need for internet access.
  • It is easy to add your own packages and configuration changes to the image.

Building

Building minimal NixOS installation CD with the nix-build command by creating this iso.nix-file. In this example with Neovim preinstalled. 

{ config, pkgs, ... }:
{
  imports = [
    <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>

    # Provide an initial copy of the NixOS channel so that the user
    # doesn't need to run "nix-channel --update" first.
    <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
  ];
  environment.systemPackages = [ pkgs.neovim ];
}

Build the image via: 

nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix

Alternatively, use Nix Flakes to generate a ISO installation image, using the nixos-24.05 branch as nixpkgs source: 

flake.nix

{
  description = "Minimal NixOS installation media";
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
  outputs = { self, nixpkgs }: {
    nixosConfigurations = {
      exampleIso = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [
          ({ pkgs, modulesPath, ... }: {
            imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ];
            environment.systemPackages = [ pkgs.neovim ];
          })
        ];
      };
    };
  };
}

The following commands will generate the iso-image: 

# git init
# git add flake.nix
# nix build .#nixosConfigurations.exampleIso.config.system.build.isoImage

The resulting image can be found in result: 

$ ls result/iso/
nixos-24.05.20240721.63d37cc-x86_64-linux.iso

Testing the image

To inspect the contents of the ISO image: 

$ mkdir mnt
$ sudo mount -o loop result/iso/nixos-*.iso mnt
$ ls mnt
boot  EFI  isolinux  nix-store.squashfs  version.txt
$ umount mnt

To boot the ISO image in an emulator: 

$ nix-shell -p qemu
$ qemu-system-x86_64 -enable-kvm -m 256 -cdrom result/iso/nixos-*.iso

SSH

In your iso.nix: 

{
  ...
  # Enable SSH in the boot process.
  systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AaAeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee username@host"
  ];
  ...
}

Static IP Address

Static IP addresses can be set in the image itself. This can be useful for VPS installation. 

{
  ...
  networking = {
    usePredictableInterfaceNames = false;
    interfaces.eth0.ipv4.addresses = [{
      address = "64.137.201.46";
      prefixLength = 24;
    }];
    defaultGateway = "64.137.201.1";
    nameservers = [ "8.8.8.8" ];
  };
  ...
}

Building faster

The build process is slow because of compression.

Here are some timings for nix-build:

Compression results
squashfsCompression Time Size
lz4 100s 59%
gzip -Xcompression-level 1 105s 52%
gzip 210s 49%
xz -Xdict-size 100% (default) 450s 43%

See also: mksquashfs benchmarks

If you don't care about file size, you can use a faster compression by adding this to your iso.nix: 

{
  isoImage.squashfsCompression = "gzip -Xcompression-level 1";
}

See also

Retrieved from "https://wiki.nixos.org/w/index.php?title=Creating_a_NixOS_live_CD&oldid=16149"