From 3d324e7533aeaccca0d55f3a2bfa0b853b4f096b Mon Sep 17 00:00:00 2001
From: David Arnold <dar@xoe.solutions>
Date: Tue, 16 Mar 2021 19:50:38 +0000
Subject: [PATCH] lib/devos: bake devos repo into live cd (#168)

fix #167

This worked for me to bootstrap another machine.
---
 doc/start/iso.md               | 97 ++++++++++++++++++++++++++++++++++
 flake.nix                      | 10 ++--
 hosts/default.nix              |  4 ++
 lib/default.nix                |  8 +--
 lib/devos/devosSystem.nix      | 34 +++++++++++-
 lib/devos/mkHomeActivation.nix |  3 +-
 lib/devos/mkPackages.nix       |  4 +-
 lib/devos/mkPkgs.nix           |  3 +-
 shell/default.nix              |  2 +-
 9 files changed, 147 insertions(+), 18 deletions(-)

diff --git a/doc/start/iso.md b/doc/start/iso.md
index aa089474..1d28e4f9 100644
--- a/doc/start/iso.md
+++ b/doc/start/iso.md
@@ -9,3 +9,100 @@ dd bs=4M if=result/iso/*.iso of=/dev/$your_installation_device \
 ```
 
 This works for any file matching `hosts/*.nix` excluding `default.nix`.
+
+## Remote access to the live installer
+
+The iso live installer comes preconfigured with a network configuration
+which announces it's hostname via [MulticastDNS][mDNS] as `hostname.local`, 
+that is `NixOS.local` in the above example.
+
+In the rare case that [MulticastDNS][mDNS] is not availabe or turned off
+in your network, there is a static link-local IPv6 address configured to
+`fe80::47`(mnemonic from the letter's position in the english alphabet:
+`n=14 i=9 x=24; 47 = n+i+x`).
+
+Provided that you have added your public key to the authorized keys of the
+`nixos` user:
+
+```nix
+{ ... }:
+{
+  users.users.nixos.openssh.authorizedKeys.keyFiles = [
+    ../secrets/path/to/key.pub
+  ];
+}
+```
+
+You can then ssh into the live installer through one of the 
+following options:
+
+```console
+ssh nixos@NixOS.local
+
+ssh nixos@fe80::47%eno1  # where eno1 is your network interface on which you are linked to the target
+```
+
+_Note: the [static link-local IPv6 address][staticLLA] and [MulticastDNS][mDNS] is only
+configured on the live installer. If you wish to enable [MulticastDNS][mDNS]
+for your environment, you ought to configure that in a regular [profile](../../profiles)._
+
+## EUI-64 LLA & Host Identity
+
+The iso's IPv6 Link Local Address (LLA) is configured with a static 64-bit Extended
+Unique Identifiers (EUI-64) that is derived from the host interface's Message
+Authentication Code (MAC) address.
+
+After a little while (a few seconds), you can remotely disvover this unique and host
+specific address over [NDP][NDP] for example with:
+
+```console
+ip -6 neigh show # also shows fe80::47
+```
+
+***This LLA is stable for the host, unless you need to swap that particular network card.*** 
+Under this reservation, though, you may use this EUI-64 to wire up a specific
+(cryptographic) host identity.
+
+## Bootstrap Target Machine
+
+_Note: nothing prevents you from remotely exceuting the boostrapping process._
+
+Once your target host has booted into the live iso, you need to partion
+and format your disk according to the [official manual][manual].
+
+### Mount partitions
+
+Then properly mount the formatted partitions at `/mnt`, so that you can
+install your system to those new partitions.
+
+Mount `nixos` partition to `/mnt` and &mdash; for UEFI &mdash; `boot` 
+partition to `/mnt/boot`:
+
+```console
+$ mount /dev/disk/by-label/nixos /mnt
+$ mkdir -p /mnt/boot && mount /dev/disk/by-label/boot /mnt/boot # UEFI only
+$ swapon /dev/$your_swap_partition
+```
+
+### Install
+
+Install using the `flk` wrapper baked into the iso off of a copy of devos 
+from the time the iso was built:
+
+```console
+$ cd /iso/devos
+$ nix develop
+$ flk install NixOS --impure # use same host as above
+```
+
+<!-- TODO: find out why --impure is necesary / PRs welcome! -->
+
+_Note: You _could_ install another machine than the one your iso was built for,
+but the iso doesn't carry all the necesary build artifacts so the target would
+start to build the missing parts on demand instead of substituting them from
+the iso itself._
+
+[manual]: https://nixos.org/manual/nixos/stable/index.html#sec-installation-partitioning
+[mDNS]: https://en.wikipedia.org/wiki/Multicast_DNS
+[NDP]: https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol
+[staticLLA]: https://tools.ietf.org/html/rfc7404
diff --git a/flake.nix b/flake.nix
index ad399369..e1ff3c4a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -36,7 +36,7 @@
 
       extern = import ./extern { inherit inputs; };
 
-      pkgs' = os.mkPkgs { inherit self; };
+      pkgs' = os.mkPkgs;
 
       outputs =
         let
@@ -57,7 +57,7 @@
           overlay = import ./pkgs;
           overlays = lib.pathsToImportedAttrs (lib.pathsIn ./overlays);
 
-          lib = import ./lib { inherit nixos pkgs; };
+          lib = import ./lib { inherit nixos pkgs self; };
 
           templates.flk.path = ./.;
           templates.flk.description = "flk template";
@@ -79,16 +79,14 @@
         let pkgs = pkgs'.${system}; in
         {
           packages = utils.lib.flattenTreeSystem system
-            (os.mkPackages {
-              inherit self pkgs;
-            });
+            (os.mkPackages { inherit pkgs; });
 
           devShell = import ./shell {
             inherit self system;
           };
 
           legacyPackages.hmActivationPackages =
-            os.mkHomeActivation { inherit self; };
+            os.mkHomeActivation;
         }
       );
     in
diff --git a/hosts/default.nix b/hosts/default.nix
index 3ff999cc..ef2f559e 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -72,6 +72,10 @@ let
         ];
 
         networking = { inherit hostName; };
+
+        _module.args = {
+          inherit self;
+        };
       };
     in
     dev.os.devosSystem {
diff --git a/lib/default.nix b/lib/default.nix
index cda082e3..df85f4e7 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -1,14 +1,14 @@
-args@{ nixos, pkgs, ... }:
+args@{ nixos, pkgs, self, ... }:
 let inherit (nixos) lib; in
-lib.makeExtensible (self:
+lib.makeExtensible (final:
   let callLibs = file: import file
     ({
       inherit lib;
 
-      dev = self;
+      dev = final;
     } // args);
   in
-  with self;
+  with final;
   {
     inherit callLibs;
 
diff --git a/lib/devos/devosSystem.nix b/lib/devos/devosSystem.nix
index b46b355b..78b7f363 100644
--- a/lib/devos/devosSystem.nix
+++ b/lib/devos/devosSystem.nix
@@ -1,4 +1,4 @@
-{ lib, nixos, ... }:
+{ lib, nixos, self, ... }:
 
 { modules, ... } @ args:
 lib.nixosSystem (args // {
@@ -13,11 +13,43 @@ lib.nixosSystem (args // {
             "${nixos}/${modpath}/${cd}"
             ({ config, ... }: {
               isoImage.isoBaseName = "nixos-" + config.networking.hostName;
+              isoImage.contents = [{
+                source = self;
+                target = "/devos/";
+              }];
               # confilcts with networking.wireless which might be slightly
               # more useful on a stick
               networking.networkmanager.enable = lib.mkForce false;
               # confilcts with networking.wireless
               networking.wireless.iwd.enable = lib.mkForce false;
+              # Set up a link-local boostrap network
+              # See also: https://github.com/NixOS/nixpkgs/issues/75515#issuecomment-571661659
+              networking.usePredictableInterfaceNames = lib.mkForce true; # so prefix matching works
+              networking.useNetworkd = lib.mkForce true;
+              networking.useDHCP = lib.mkForce false;
+              networking.dhcpcd.enable = lib.mkForce false;
+              systemd.network = {
+                # https://www.freedesktop.org/software/systemd/man/systemd.network.html
+                networks."boostrap-link-local" = {
+                  matchConfig = {
+                    Name = "en* wl* ww*";
+                  };
+                  networkConfig = {
+                    Description = "Link-local host bootstrap network";
+                    MulticastDNS = true;
+                    LinkLocalAddressing = "ipv6";
+                    DHCP = "yes";
+                  };
+                  address = [
+                    # fall back well-known link-local for situations where MulticastDNS is not available
+                    "fe80::47" # 47: n=14 i=9 x=24; n+i+x
+                  ];
+                  extraConfig = ''
+                    # Unique, yet stable. Based off the MAC address.
+                    IPv6LinkLocalAddressGenerationMode = "eui64"
+                  '';
+                };
+              };
             })
           ];
         })).config;
diff --git a/lib/devos/mkHomeActivation.nix b/lib/devos/mkHomeActivation.nix
index c8808240..6b7176a3 100644
--- a/lib/devos/mkHomeActivation.nix
+++ b/lib/devos/mkHomeActivation.nix
@@ -1,6 +1,5 @@
-{ lib, ... }:
+{ lib, self, ... }:
 
-{ self }:
 let hmConfigs =
   lib.mapAttrs
     (_: config: config.config.home-manager.users)
diff --git a/lib/devos/mkPackages.nix b/lib/devos/mkPackages.nix
index 44209f00..a876ea0b 100644
--- a/lib/devos/mkPackages.nix
+++ b/lib/devos/mkPackages.nix
@@ -1,6 +1,6 @@
-{ lib, dev, ... }:
+{ lib, dev, self, ... }:
 
-{ self, pkgs }:
+{ pkgs }:
 let
   inherit (self) overlay overlays;
   packagesNames = lib.attrNames (overlay null null)
diff --git a/lib/devos/mkPkgs.nix b/lib/devos/mkPkgs.nix
index f9e53e71..9b76e6df 100644
--- a/lib/devos/mkPkgs.nix
+++ b/lib/devos/mkPkgs.nix
@@ -1,6 +1,5 @@
-{ lib, dev, nixos, ... }:
+{ lib, dev, nixos, self, ... }:
 
-{ self }:
 let inherit (self) inputs;
 in
 (inputs.utils.lib.eachDefaultSystem
diff --git a/shell/default.nix b/shell/default.nix
index d6b48833..0d1da514 100644
--- a/shell/default.nix
+++ b/shell/default.nix
@@ -2,7 +2,7 @@
 , system ? builtins.currentSystem
 }:
 let
-  pkgs = (self.lib.os.mkPkgs { inherit self; }).${system};
+  pkgs = (self.lib.os.mkPkgs).${system};
 
   inherit (pkgs) lib;