Minimal nixos-config with disko (#1)

* init: minimal nixos config with disko

* use qemu-guest and not-detected module; readme: add install instructions

qemu-guest module is common configuration for VMs (imp. for kexec)
not-detected module is for non-free devices not detected by `nixos-generate-config` (might not be necessary in our case)

* readme: use host/guest instead of target/host

* CI: add disko VM test

* CI: install qemu-kvm

* CI: why qemu-kvm?

* CI: use sudo to install qemu-kvm

* CI: enable KVM system-feature in nix.conf

* CI: fmt

* CI: modify /etc/nix/nix.conf instead of ~/.config/nix/nix.conf

* CI: use extra-conf with DetSys/nix-installer-action

* remove modules not needed for minimal config

* set root password in case IP changes; readme: add disclaimer about IP change

* readme: clarify terminology ahead

* clarify `stop the Step 4`

* remind user to add SSH key to flake.nix

* how to find `<ip-address>`?

---------

Co-authored-by: Sridhar Ratnakumar <[email protected]>

.github/workflows/ci.yaml

@@ -0,0 +1,20 @@
+name: "CI"
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@main
+        # disko VM test requires a system with support for: {kvm, nixos-test}
+        # See https://github.com/nix-community/nixos-generators/issues/83#issuecomment-973294478
+        with:
+          extra-conf: "system-features = nixos-test benchmark big-parallel kvm"
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      # Run disko VM test (test partition creation and whether the VM boots up later)
+      - run: nix build .#nixosConfigurations.office.config.system.build.installTest

README.md

@@ -1,2 +1,20 @@
 # remote-development
 NixOS configuration for shared remote development via SSH
+
+## Getting started
+
+Terminology:
+
+- **Host**: The machine you are installing NixOS on.
+  - It must already be running Linux (which could even be booted off a rescue image)
+- **Guest**: Your current machine, from which you are remotely doing the install.
+
+| Step | Host | Guest |
+| ---- | ------ | ---- |
+| 1.   | Add your SSH key to `authorized_keys` file in `/root/.ssh` | Add the same key in your configuration (here, `flake.nix`) under: `users.users.root.openssh.authorizedKeys.keys = [ "<your-ssh-key>" ];` |
+| 2.   | Run `lsblk` to find the `<device-name>` of the disk to partition. For example, `nvme0n1` is the device here: <br><pre>❯ lsblk<br>NAME        MAJ:MIN RM  SIZE RO TYPE<br>nvme0n1     259:0    0  1.9T  0 disk</pre> | |
+| 3.   | | In `disk-config.nix`, set `disko.devices.disk.main.device = "/dev/<device-name>";` |
+| 4.   | | `nix run github:nix-community/nixos-anywhere -- --flake .#office root@<ip-address>` | 
+
+**Disclaimer**: The `<ip-address>`[^1] might change in kexec mode or post-installation, in which case `SSH connection will timeout`, the solution is to `Ctrl-C` and rerun `Step 4` with updated `<ip-address>`.
+[^1]: Find the `<ip-address>` using `ifconfig` or `ip a`. Under the device name you will find a line that looks like: `inet <ip-address>  ...`

disk-config.nix

@@ -0,0 +1,37 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/nvme0n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
+

flake.nix

@@ -0,0 +1,41 @@
+{
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+    disko.url = "github:nix-community/disko";
+    disko.inputs.nixpkgs.follows = "nixpkgs";
+  };
+  outputs = { nixpkgs, disko, ... }:
+    {
+      nixosConfigurations.office = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          disko.nixosModules.disko
+          ({ modulesPath, ... }: {
+            imports = [
+              ./disk-config.nix
+            ];
+            services.openssh.enable = true;
+            users.users = {
+              root = {
+                # Post-installation, the IP might change if MAC is not the
+                # only identifier used by DHCP server to lease an IP, by setting a
+                # password you can find the changed IP.
+                initialHashedPassword = "";
+                openssh.authorizedKeys.keys = [
+                  "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFN5Ov2zDIG59/DaYKjT0sMWIY15er1DZCT9SIak07vK"
+                ];
+              };
+            };
+            boot.loader.grub = {
+              # adding devices is managed by disko
+              # devices = [ ];
+              efiSupport = true;
+              efiInstallAsRemovable = true;
+            };
+            system.stateVersion = "23.11";
+          }
+          )
+        ];
+      };
+    };
+}