Initial commit

.editorconfig

@@ -0,0 +1,16 @@
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+# 2 space indentation
+[*.nix]
+indent_style = space
+indent_size = 2
+
+[Makefile]
+indent_style = tab
+

.gitignore

@@ -0,0 +1 @@
+result

Makefile

@@ -0,0 +1,19 @@
+# Special variables
+.DEFAULT_GOAL := help  # Set default target to run
+.SILENT:               # Disable printing recipes at runtime
+.ONESHELL:             # Run target recipes in one shell invocation
+.PHONY: build-image \  # Phony targets
+	clean \
+	help
+
+help: ## Shows this help prompt.
+	egrep -h '\s##\s' $(MAKEFILE_LIST) \
+		| sort \
+		| awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}'
+
+clean:
+	rm -f result
+
+build-image: clean ## Builds Linode campatible NixOS disk image.
+	nix build ".#nixosConfigurations.linode-image.config.system.build.raw"
+

README.md

@@ -0,0 +1,25 @@
+# base-nixos-linode
+
+A repository that builds a base NixOS Linode image. The make build
+tool is used to build the image and also to manage a Linode instance.
+A dotenv file is provided and used to define values to a specific
+Linode instance, such as the IP address and admin account name.
+
+## Basics
+
+All repository commands can be found simply by running the make command,
+like this: ```make``` 
+
+Help text should be displayed on the screen with available commands and
+what they do.
+
+## Build Instructions
+
+Run the following command: ```make build-image```
+
+## Managing a Linode Instance
+
+Two make targets are defined to manage a Linode instance: nixos-switch
+and ssh. Run nixos-switch to build a Linode compatible NixOS image
+from the configuration in /nixos-config.
+

build-image.nix

@@ -0,0 +1,20 @@
+{ config, lib, modulesPath, pkgs, ... }:
+
+{
+    imports = [
+        ./nixos-config
+    ];
+
+    system.build.raw = import "${modulesPath}/../lib/make-disk-image.nix" {
+        inherit config lib pkgs;
+        name = "linode-image";
+        format = "raw";
+        partitionTableType = "none";
+        postVM =
+            ''
+                ${pkgs.gzip}/bin/gzip -6 -c -- $diskImage > \
+                    $out/linode-image.img.gz
+                rm $diskImage
+            '';
+    };
+}

flake.lock

@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1735264675,
+        "narHash": "sha256-MgdXpeX2GuJbtlBrH9EdsUeWl/yXEubyvxM1G+yO4Ak=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "d49da4c08359e3c39c4e27c74ac7ac9b70085966",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-24.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,18 @@
+{
+    description = "A base Linode NixOS image";
+
+    inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
+
+    outputs = { self, nixpkgs }: {
+        nixosConfigurations.linode-image = nixpkgs.lib.nixosSystem {
+            system = "x86_64-linux";
+            modules = [ ./build-image.nix ];
+            specialArgs = {
+              domain = "linode-domain";
+              hostname = "linode-hostname";
+            };
+        };    
+
+        nixosModules.default = ./nixos-config;
+    };
+}

nixos-config/default.nix

@@ -0,0 +1,16 @@
+{ modulesPath, ... }:
+
+{
+    imports = [
+        (modulesPath + "/profiles/qemu-guest.nix")
+
+        ./hardware
+        ./services
+
+        ./nix.nix
+        ./state-version.nix
+        ./system-packages.nix
+        ./timezone.nix
+    ];
+}
+

nixos-config/hardware/boot.nix

@@ -0,0 +1,39 @@
+{ lib, ... }:
+
+{
+    boot = {
+        # Enable LISH and Linode Booting w/ GRUB
+        loader = {
+            # Increase Timeout to Allow LISH Connection
+            # NOTE: The image generator tries to set a timeout of 0, so we must force
+            timeout = lib.mkDefault 10;
+
+            grub = {
+                enable = true;
+                forceInstall = true;
+                device = "nodev";
+                fsIdentifier = "label";
+
+                # Allow serial connection for GRUB to be able to use LISH
+                extraConfig = ''
+                  serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
+                  terminal_input serial;
+                  terminal_output serial
+                '';
+            };
+        };
+
+        # Add Required Kernel Modules
+        # NOTE: These are not documented in the install guide
+        initrd.availableKernelModules = [
+            "virtio_pci"
+            "virtio_scsi"
+            "ahci"
+            "sd_mod"
+        ];
+
+        # Set Up LISH Serial Connection
+        kernelParams = [ "console=ttyS0,19200n8" ];
+        kernelModules = [ "virtio_net" ];
+    };
+}

nixos-config/hardware/cpu.nix

@@ -0,0 +1,3 @@
+{
+    hardware.cpu.amd.updateMicrocode = true;
+}

nixos-config/hardware/default.nix

@@ -0,0 +1,10 @@
+{
+    imports = [
+        ./boot.nix
+        ./cpu.nix
+        ./file-systems.nix
+        ./networking.nix
+        ./swap-devices.nix
+    ];
+}
+

nixos-config/hardware/file-systems.nix

@@ -0,0 +1,9 @@
+{
+    fileSystems = {
+        "/" = {
+            device = "/dev/sda";
+            fsType = "ext4";
+            autoResize = true;
+        };
+    };
+}

nixos-config/hardware/networking.nix

@@ -0,0 +1,26 @@
+{ lib
+, domain ? "linode-domain"
+, hostname ? "linode-hostname"
+, ... }:
+
+{
+    networking = {
+        useDHCP = lib.mkForce false;
+        usePredictableInterfaceNames = false;
+
+        interfaces.eth0 = {
+            useDHCP = true;
+            
+            # Linode expects IPv6 privacy extensions to be disabled, so disable them
+            # See: https://www.linode.com/docs/guides/manual-network-configuration/#static-vs-dynamic-addressing
+            tempAddress = "disabled";
+        };
+
+        domain = domain;
+        hostName = hostname;
+
+        firewall = {
+            enable = true;
+        };
+    };
+}

nixos-config/hardware/swap-devices.nix

@@ -0,0 +1,3 @@
+{
+    swapDevices = [ { device = "/dev/sdb"; } ];
+}

nixos-config/nix.nix

@@ -0,0 +1,15 @@
+{
+    nix = {
+        optimise = {
+            automatic = true;
+            dates = [ "weekly" ];
+        };
+
+
+        gc = {
+            automatic = true;
+            options = "--delete-older-than 7d";
+            dates = "weekly";
+        };
+    };
+}

nixos-config/services/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./openssh.nix
+  ];
+}

nixos-config/services/openssh.nix

@@ -0,0 +1,12 @@
+{
+    services.openssh = {
+        enable = true;
+        openFirewall = true;
+
+        settings = {
+            PermitRootLogin = "prohibit-password";
+            KbdInteractiveAuthentication = false;
+            PasswordAuthentication = false;
+        };
+    };
+}

nixos-config/state-version.nix

@@ -0,0 +1,3 @@
+{
+    system.stateVersion = "24.11";
+}

nixos-config/system-packages.nix

@@ -0,0 +1,30 @@
+{ pkgs, ... }:
+
+{
+    environment.systemPackages = with pkgs;
+        [
+            # Install diagnostic tools for Linode support
+            inetutils
+            mtr
+            sysstat
+
+            # Base image packages
+            busybox
+            gnumake
+            neovim
+            wget
+        ];
+
+
+    programs.zsh =
+        {
+            enable = true;
+
+            vteIntegration = true;
+
+            autosuggestions.enable = true;
+            enableCompletion = true;
+            ohMyZsh.enable = true;
+            syntaxHighlighting.enable = true;
+        };
+}

nixos-config/timezone.nix

@@ -0,0 +1,3 @@
+{
+    time.timeZone = "America/New_York";
+}