nix-live-disk/flake.nix

{
  description = "Live Disk";

  inputs = {
    nixpkgs.url = "nixpkgs/nixos-23.11";
    fudo-pkgs.url = "git+https://fudo.dev/nix/pkgs.git";
    fudo-home = {
      url = "git+https://fudo.dev/nix/home.git";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    fudo-lib = {
      url = "git+https://fudo.dev/nix/lib.git";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { self, nixpkgs, fudo-pkgs, fudo-lib, fudo-home, ... }:
    let
      system = "x86_64-linux";

      pkgs = import nixpkgs {
        inherit system;
        config = {
          allowUnfree = true;
          # permittedInsecurePackages = [ "openssh-with-gssapi-8.4p1" ];
        };
        overlays = [ fudo-pkgs.overlay ];
      };

      configModule = { pkgs, lib, ... }:
        with lib; {
          config = {
            hardware.enableAllFirmware = true;
            nixpkgs.config.allowUnfree = true;

            environment.systemPackages = with pkgs; [
              btrfs-progs
              git
              gparted
              nix-prefetch-scripts
              wget
            ];

            users.users = {
              niten = {
                isNormalUser = true;
                createHome = true;
                hashedPassword =
                  "$6$uZZg5FFfgeXCaU18$zxp0YItRBl39mBAv8AxfwH2aTfbrSCrc0f/1GwfrPzAfJJDpe0p54850cqROxZYWKM.CG70OVnjiSxf.JjhTV/";
                extraGroups = [ "wheel" ];
                openssh.authorizedKeys.keys = [
                  "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0= niten@socrates"
                  "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyFFV286npHAsnA1OCprLSZgdx/auUaldnNxB2MFE0iJX7R8ps1M9VkaxXdxIKB8x4PkKRTEkroouu+UmRBfKh3/QebRrKlvrElkc/d7CfIOJmssz4jRGa4t8rQEeB02ccl8Zb5ree2b3d6lbQl1QjyIwsrwpkqqw5znhD7N7fcfxg3PWnqyR2p0sy5CS5g76br6cwpD5Lk8nO0RhKR9mD5vW3kWSORCM+lNshfIilYqDwQtvsj9WcbhDKzgcY25t4tfgsjzOoPq/1+9LRluk2aoqe98QuVov0RANnzrsQhIgs8Ye9C39G8Lvcjusidy3ZSBcBiiq2R0Rvk8eA/gjMkXZ79ASPO8JwoNWum2DVn3ogz6rt+EaoI/yFqqs7d8gSRIjHklQDLXL1/6jH0jnyNxHH0hWJ8Vx41DKAaASObYRCb6eN4gYrrR3c+ZtQe7wQTxouEnZrAjHJG9pZxi39PXvB0TPXzmXxjBwzuFGQdczfLTn5fQtVVYPhv0yAzJk= niten@system3"
                ];
              };

              root = {
                openssh.authorizedKeys.keys = [
                  "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0= niten@socrates"
                ];
              };
            };

            services.openssh = {
              enable = true;
              startWhenNeeded = true;
              permitRootLogin = mkDefault "prohibit-password";
            };

            i18n.defaultLocale = "en_US.UTF-8";
            console.useXkbConfig = true;
            services.xserver = {
              layout = "us";
              xkbVariant = "dvp";
              xkbOptions = "ctrl:nocaps";
            };

            nix = {
              package = pkgs.nixFlakes;
              extraOptions = "experimental-features = nix-command flakes";
            };

            programs = {
              ssh = {
                startAgent = true;
                # package = pkgs.openssh_gssapi;
                extraConfig = ''
                  GSSAPIAuthentication yes
                  GSSAPIDelegateCredentials yes
                '';
              };
            };

            krb5.libdefaults.default_realm = "FUDO.ORG";

            fudo.home-manager = {
              enable-gui = false;
              enable-kitty-term = false;
              local-domain = "fudo.org";

              users.niten.user-email = "niten@fudo.org";
            };
          };

        };

      builder = pkgs.writeShellScriptBin "build-image.sh" ''
        nix build ".#nixosConfigurations.liveDisk.config.system.build.isoImage"'';

    in {
      nixosConfigurations = {
        liveDisk = with pkgs.lib;
          nixpkgs.lib.nixosSystem {
            inherit system pkgs;
            modules = [
              "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
              fudo-home.nixosModules.live-disk
              configModule
            ];
          };
      };

      apps.x86_64-linux = rec {
        builder-app = {
          type = "app";
          program = "${builder}/bin/build-image.sh";
        };

        default = builder-app;
      };

      packages.x86_64-linux = {
        inherit builder;
        default = builder;
      };

      devShells.x86_64-linux.default =
        pkgs.mkShell { buildInputs = with pkgs; [ builder nix ]; };
    };

}