Creating a NixOS live CD: Difference between revisions

Revision as of 14:54, 31 August 2022

Motivation

Creating a modified NixOS LiveCD out of an existing working NixOS installation has a number of benefits:

Ensures authenticity.
No need for internet access.
It is easy to add your own packages and configuration changes to the image.

Building

Create a file iso.nix:

# This module defines a small NixOS installation CD.  It does not
# contain any graphical stuff.
{ config, pkgs, ... }:
{
  imports = [
    <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>

    # Provide an initial copy of the NixOS channel so that the user
    # doesn't need to run "nix-channel --update" first.
    <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
  ];
}

Build the image via:

nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix

The resulting image can be found in result:

$ ls result/iso/
nixos-17.09.git.158ec57-x86_64-linux.iso

Testing the image

To inspect the contents of the ISO image:

$ mkdir mnt
$ sudo mount -o loop result/iso/nixos-*.iso mnt
$ ls mnt
boot  EFI  isolinux  nix-store.squashfs  version.txt
$ umount mnt

To boot the ISO image in an emulator:

$ nix-shell -p qemu
$ qemu-system-x86_64 -cdrom result/iso/nixos-*.iso

SSH

In your iso.nix:

{
  ...
  # Enable SSH in the boot process.
  systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AaAeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee username@host"
  ];
  ...
}

Static IP Address

Static IP addresses can be set in the image itself. This can be useful for VPS installation.

{
  ...
  networking = {
    usePredictableInterfaceNames = false;
    interfaces.eth0.ip4 = [{
      address = "64.137.201.46";
      prefixLength = 24;
    }];
    defaultGateway = "64.137.201.1";
    nameservers = [ "8.8.8.8" ];
  };
  ...
}

Building faster

The build process is slow because of compression.

Here are some timings for nix-build:

Compression results
squashfsCompression	Time	Size
`lz4`	100s	59%
`gzip -Xcompression-level 1`	105s	52%
`gzip`	210s	49%
`xz -Xdict-size 100%` (default)	450s	43%

@@ Line 11: / Line 11: @@
 # This module defines a small NixOS installation CD.  It does not
 # contain any graphical stuff.
-{config, pkgs, ...}:
+{ config, pkgs, ... }:
 {
    imports = [
@@ Line 36: / Line 36: @@
 </syntaxhighlight>
+=== Testing the image ===
+To inspect the contents of the ISO image:
+<syntaxhighlight lang="console">
+$ mkdir mnt
+$ sudo mount -o loop result/iso/nixos-*.iso mnt
+$ ls mnt
+boot  EFI  isolinux  nix-store.squashfs  version.txt
+$ umount mnt
+</syntaxhighlight>
+To boot the ISO image in an emulator:
+<syntaxhighlight lang="console">
+$ nix-shell -p qemu
+$ qemu-system-x86_64 -cdrom result/iso/nixos-*.iso
+</syntaxhighlight>
 ===SSH===
@@ Line 72: / Line 90: @@
 </syntaxhighlight>
+=== Building faster ===
+The build process is slow because of compression.
+Here are some timings for <code>nix-build</code>:
+{| class="wikitable" style="margin:auto"
+|+ Compression results
+|-
+! squashfsCompression !! Time !! Size
+|-
+| <code>lz4</code> || 100s || 59%
+|-
+| <code>gzip -Xcompression-level 1</code> || 105s || 52%
+|-
+| <code>gzip</code> || 210s || 49%
+|-
+| <code>xz -Xdict-size 100%</code> (default) || 450s || 43%
+|}
+See also: [https://gist.github.com/baryluk/70a99b5f26df4671378dd05afef97fce mksquashfs benchmarks]
+If you don't care about file size, you can use a faster compression
+by adding this to your <code>iso.nix</code>:
+<syntaxhighlight lang="nix">
+{
+  isoImage.squashfsCompression = "gzip -Xcompression-level 1";
+}
+</syntaxhighlight>
 ==See also==