Creating a NixOS live CD
Motivation
Creating a modified NixOS LiveCD out of an existing working NixOS installation has a number of benefits:
- Ensures authenticity.
- No need for internet access.
- It is easy to add your own packages and configuration changes to the image.
Building
Building minimal NixOS installation CD with the nix-build command by creating this iso.nix-file. In this example with Neovim preinstalled.
{ config, pkgs, ... }:
{
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
# Provide an initial copy of the NixOS channel so that the user
# doesn't need to run "nix-channel --update" first.
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
];
environment.systemPackages = [ pkgs.neovim ];
}
Build the image via:
nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix
Alternativley, use Nix Flakes to generate a ISO installation image, using the 23.11-beta branch as nixpkgs source:
flake.nix
{
description = "Minimal NixOS installation media";
inputs.nixos.url = "nixpkgs/23.11-beta";
outputs = { self, nixos }: {
nixosConfigurations = {
exampleIso = nixos.lib.nixosSystem {
system = "x86_64-linux";
modules = [
"${nixos}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
({ pkgs, ... }: {
environment.systemPackages = [ pkgs.neovim ];
})
];
};
};
};
}
The following commands will generate the iso-image
# git init
# git add flake.nix
# nix build .#nixosConfigurations.exampleIso.config.system.build.isoImage
The resulting image can be found in result:
$ ls result/iso/
nixos-17.09.git.158ec57-x86_64-linux.iso
Testing the image
To inspect the contents of the ISO image:
$ mkdir mnt
$ sudo mount -o loop result/iso/nixos-*.iso mnt
$ ls mnt
boot EFI isolinux nix-store.squashfs version.txt
$ umount mnt
To boot the ISO image in an emulator:
$ nix-shell -p qemu
$ qemu-system-x86_64 -enable-kvm -m 256 -cdrom result/iso/nixos-*.iso
SSH
In your iso.nix:
{
...
# Enable SSH in the boot process.
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AaAeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee username@host"
];
...
}
Static IP Address
Static IP addresses can be set in the image itself. This can be useful for VPS installation.
{
...
networking = {
usePredictableInterfaceNames = false;
interfaces.eth0.ip4 = [{
address = "64.137.201.46";
prefixLength = 24;
}];
defaultGateway = "64.137.201.1";
nameservers = [ "8.8.8.8" ];
};
...
}
Building faster
The build process is slow because of compression.
Here are some timings for nix-build:
| squashfsCompression | Time | Size |
|---|---|---|
lz4 |
100s | 59% |
gzip -Xcompression-level 1 |
105s | 52% |
gzip |
210s | 49% |
xz -Xdict-size 100% (default) |
450s | 43% |
See also: mksquashfs benchmarks
If you don't care about file size, you can use a faster compression
by adding this to your iso.nix:
{
isoImage.squashfsCompression = "gzip -Xcompression-level 1";
}