Closed kratochvil-jan closed 1 month ago
I'm unsure if there is a better way, but the way I've done it is using sdImage.populateRootCommands
. You can see an example of my flake.nix
here, and in secrets.nix
I have:
{
config,
self,
pkgs,
...
}: let
populateRootCommands =
if config.raspberry-pi-nix.uboot.enable
then ''
mkdir -p ./files/boot
${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
''
else ''
mkdir -p ./files/sbin
content="$(
echo "#!${pkgs.bash}/bin/bash"
echo "exec ${config.system.build.toplevel}/init"
)"
echo "$content" > ./files/sbin/init
chmod 744 ./files/sbin/init
'';
in {
sdImage.populateRootCommands = ''
${populateRootCommands}
mkdir -p ./files/etc/nixos
cp -r --no-clobber ${self}/. ./files/etc/nixos/ || true
rm ./files/etc/nixos/.age-key || true
mkdir -p ./files/root/.config/sops/age/
cp --no-clobber ${self}/.age-key ./files/root/.config/sops/age/keys.txt || true
'';
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
# This will add secrets.yml to the nix store
# You can avoid this by adding a string to the full path instead, i.e.
# sops.defaultSopsFile = "/root/.sops/secrets/example.yaml";
sops.defaultSopsFile = ./secrets/bootstrap.yaml;
# This will automatically import SSH keys as age keys
# sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
}
Note that the populateRootCommands
in the let
comes from this repo: https://github.com/nix-community/raspberry-pi-nix/blob/b4ad649630c596dde5007b18604fe37300c242ec/sd-image/default.nix#L42
My resulting image only produces the directories
nix
,sbin
and a filenix-path-registration
. Is there a way to generate full-fletched system, along with aconfiguration.nix
file (not sure how about the hw part), so I could continue tuning the system after it has been flashed? Or am I missing something here? Thanks