Automatically build (netboot) images for NixOS [maintainer=@Mic92]
Find a file
github-actions[bot] f702705e1c flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-2311':
    'github:NixOS/nixpkgs/2ba1b9dceb7120a73801f41a2b9bcbc6bc13d64c' (2024-03-17)
  → 'github:NixOS/nixpkgs/f091af045dff8347d66d186a62d42aceff159456' (2024-03-20)
• Updated input 'nixos-unstable':
    'github:NixOS/nixpkgs/f471be9644f3ab2f3cb868de1787ab70a537b0e7' (2024-03-17)
  → 'github:NixOS/nixpkgs/66e2e75c671f9a674a28d340e59a0157efb6f905' (2024-03-20)
2024-03-21 02:11:02 +00:00
.github build(deps): bump cachix/install-nix-action from 25 to 26 2024-03-11 10:40:58 +00:00
nix kexec-run: Get pubkeys for DOAS_USER. 2024-02-28 19:11:52 +00:00
.mergify.yml mergify: upgrade for buildbot 2023-12-23 02:20:46 +01:00
build-images.sh no longer delete existing assets 2023-11-02 12:42:50 +01:00
flake.lock flake.lock: Update 2024-03-21 02:11:02 +00:00
flake.nix change to numtide as binary cache 2023-12-24 07:07:56 +00:00
garnix.yaml garnix: enable aarch64-linux 2023-06-11 07:51:31 +02:00
LICENSE Initial commit 2021-06-10 05:52:46 +01:00
README.md README: drop experimental flag for static ips 2024-01-13 08:55:55 +00:00

nixos-images

Automatically weekly updated images for NixOS. This project is intended to extend the images created by hydra.nixos.org. We are currently creating the images listed below:

Netboot images

You can boot the netboot image using this ipxe script. It consists of the kernel image and initrd.

Kexec tarballs

These images are used for unattended remote installation in nixos-anywhere.

Kexec is a mechanism in Linux to load a new kernel from a running Linux to replace the current kernel. This is useful for booting the Nixos installer from existing Linux distributions, such as server provider that do not offer a NixOS option. After running kexec, the NixOS installer exists only in memory. At the time of writing, this requires at least 1.5GB of physical RAM (swap does not count) in the system. If not enough RAM is available, the initrd cannot be loaded. Because the NixOS runs only in RAM, users can reformat all the system's discs to prepare for a new NixOS installation.

It can be booted as follows by running these commands as root:

curl -L https://github.com/nix-community/nixos-images/releases/download/nixos-unstable/nixos-kexec-installer-noninteractive-x86_64-linux.tar.gz | tar -xzf- -C /root
/root/kexec/run

The kexec installer comes with the following features:

  • Re-uses ssh host keys from the sshd to not break .ssh/known_hosts
  • Authorized ssh keys are read from /root/.ssh/authorized_keys, /root/.ssh/authorized_keys2 and /etc/ssh/authorized_keys.d/root
  • Static ip addresses and routes are restored after reboot. Interface that had dynamic addresses before are configured with DHCP and to accept prefixes from ipv6 router advertisement

The actual kexec happens with a slight delay (6s). This allows for easier integration into automated nixos installation scripts, since you can cleanly disconnect from the running machine before the kexec takes place. The tarball is also designed to be run from NixOS, which can be useful for new installations