util/liveiso: Move NixOS configs to subdirectory

Move the NixOS configuration into a subdirectory so that configurations
for other distros can be added as well.

Change-Id: I0462c1a6541878c973be4302c5c5e9e9bfaed2a6
Signed-off-by: Felix Singer <felix.singer@secunet.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/73684
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>

6 files changed, 285 insertions, 0 deletions

diff --git a/util/liveiso/nixos/README.md b/util/liveiso/nixos/README.md
new file mode 100644
index 0000000000..48420e6f6c
--- /dev/null
+++ b/util/liveiso/nixos/README.md
@@ -0,0 +1,9 @@
+# Live ISO
+
+## What is this?
+
+NixOS configuration files for testing purposes and for working on firmware.
+
+## TODO
+- Generate customized bootloader configs; FILO is WIP
+- Switch to `programs.neovim` when the module is fixed.
diff --git a/util/liveiso/nixos/build.sh b/util/liveiso/nixos/build.sh
new file mode 100755
index 0000000000..e2e1d65672
--- /dev/null
+++ b/util/liveiso/nixos/build.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env sh
+
+config=$1
+
+if [ -z "$config" ] || [ ! -f "$config" ]; then
+	echo "Usage: $0 <config.nix>"
+	echo "No config given. Exiting."
+	exit 1
+fi
+
+nix-build '<nixpkgs/nixos>' \
+	-A config.system.build.isoImage \
+	-I nixos-config=$config \
+	-I nixpkgs=https://github.com/NixOS/nixpkgs/archive/refs/heads/nixos-22.11.tar.gz
diff --git a/util/liveiso/nixos/common.nix b/util/liveiso/nixos/common.nix
new file mode 100644
index 0000000000..93a4168524
--- /dev/null
+++ b/util/liveiso/nixos/common.nix
@@ -0,0 +1,178 @@
+# SPDX-License-Identifier: GPL-2.0-only
+
+{ config, options, pkgs, ... }:
+
+{
+	imports = [
+		<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
+		<nixpkgs/nixos/modules/installer/cd-dvd/iso-image.nix>
+	];
+
+	system.stateVersion = "22.11";
+
+	isoImage = {
+		makeEfiBootable = true;
+		makeUsbBootable = true;
+		isoName = "${config.isoImage.isoBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.iso";
+	};
+
+	environment = {
+		variables = {
+			EDITOR = "nvim";
+			VISUAL = "nvim";
+			# Tell the Nix evaluator to garbage collect more aggressively.
+			# This is desirable in memory-constrained environments that don't
+			# (yet) have swap set up.
+			GC_INITIAL_HEAP_SIZE = "1M";
+		};
+		shellAliases.vim = "nvim";
+	};
+
+	boot = {
+		kernelParams = [
+			"console=ttyS0,115200"
+			"console=tty0"
+			"iomem=relaxed"
+			"intel-spi.writeable=1"
+		];
+		# pkgs.linuxPackages == lts
+		# pkgs.linuxPackages_latest == stable
+		kernelPackages = pkgs.linuxPackages;
+		extraModulePackages = with config.boot.kernelPackages; [
+			acpi_call
+			chipsec
+			zfs
+		];
+		# Make programs more likely to work in low memory
+		# environments. The kernel's overcommit heustistics bite us
+		# fairly often, preventing processes from forking even if
+		# there is plenty of free memory.
+		kernel.sysctl."vm.overcommit_memory" = "1";
+		loader.grub.memtest86.enable = true;
+		postBootCommands = ''
+			mkdir -p /mnt
+		'';
+	};
+
+	console.packages = options.console.packages.default ++ [ pkgs.terminus_font ];
+
+	nixpkgs.config.allowUnfree = true;
+	hardware = {
+		cpu.intel.updateMicrocode = true;
+		cpu.amd.updateMicrocode = true;
+		enableAllFirmware = true;
+		bluetooth = {
+			enable = true;
+			powerOnBoot = false;
+			package = pkgs.bluezFull;
+		};
+	};
+
+	services = {
+		fwupd.enable = true;
+		udev.packages = with pkgs; [
+			rfkill_udev
+		];
+		openssh = {
+			enable = true;
+			permitRootLogin = "yes";
+		};
+	};
+
+	networking = {
+		hostName = "devsystem";
+		networkmanager.enable = true;
+	};
+
+	security.sudo.wheelNeedsPassword = false;
+
+	users = {
+		groups.user = {};
+		users = {
+			root.initialHashedPassword = "";
+			user = {
+				isNormalUser = true;
+				group = "user";
+				extraGroups = [ "users" "wheel" "networkmanager" "uucp" "flashrom" ];
+				initialHashedPassword = "";
+			};
+		};
+	};
+
+	programs.flashrom.enable = true;
+
+	environment.systemPackages = with pkgs; [
+		acpica-tools
+		btrfs-progs
+		bzip2
+		ccrypt
+		chipsec
+		coreboot-utils
+		cryptsetup
+		curl
+		ddrescue
+		devmem2
+		dmidecode
+		dosfstools
+		e2fsprogs
+		efibootmgr
+		efivar
+		exfat
+		f2fs-tools
+		fuse
+		fuse3
+		fwts
+		gptfdisk
+		gitAndTools.gitFull
+		gitAndTools.tig
+		gzip
+		hdparm
+		hexdump
+		htop
+		i2c-tools
+		intel-gpu-tools
+		inxi
+		iotools
+		jfsutils
+		jq
+		mdadm
+		minicom
+		mkpasswd
+		ms-sys
+		msr-tools
+		mtdutils
+		neovim
+		nixos-install-tools
+		ntfsprogs
+		nvme-cli
+		openssl
+		p7zip
+		pacman
+		parted
+		pcimem
+		pciutils
+		phoronix-test-suite
+		powertop
+		psmisc
+		python3Full
+		rsync
+		screen
+		sdparm
+		smartmontools
+		socat
+		sshfs-fuse
+		testdisk
+		tmate
+		tmux
+		uefitool
+		uefitoolPackages.old-engine
+		unzip
+		upterm
+		usbutils
+		wget
+		xfsprogs.bin
+		zfs
+		zip
+		zstd
+	];
+}
diff --git a/util/liveiso/nixos/console.nix b/util/liveiso/nixos/console.nix
new file mode 100644
index 0000000000..9bd75971fb
--- /dev/null
+++ b/util/liveiso/nixos/console.nix
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: GPL-2.0-only
+
+{
+	imports = [
+		./common.nix
+	];
+
+	services.getty.autologinUser = "user";
+}
diff --git a/util/liveiso/nixos/description.md b/util/liveiso/nixos/description.md
new file mode 100644
index 0000000000..fb4b89d280
--- /dev/null
+++ b/util/liveiso/nixos/description.md
@@ -0,0 +1,2 @@
+A script and NixOS configuration files to create an ISO image for
+testing purposes and for working on firmware. `Bash`
diff --git a/util/liveiso/nixos/graphical.nix b/util/liveiso/nixos/graphical.nix
new file mode 100644
index 0000000000..8d51caf071
--- /dev/null
+++ b/util/liveiso/nixos/graphical.nix
@@ -0,0 +1,73 @@
+# SPDX-License-Identifier: GPL-2.0-only
+
+{ pkgs, lib, ... }:
+
+{
+	imports = [
+		./common.nix
+	];
+
+	hardware.pulseaudio = {
+		enable = true;
+		package = pkgs.pulseaudioFull;
+	};
+
+	security.polkit = {
+		enable = true;
+		extraConfig = ''
+			polkit.addRule(function(action, subject) {
+				if (subject.isInGroup("wheel")) {
+					return polkit.Result.YES;
+				}
+			});
+		'';
+	};
+
+	services.xserver = {
+		enable = true;
+		displayManager = {
+			gdm = {
+				enable = true;
+				autoSuspend = false;
+			};
+			autoLogin = {
+				enable = true;
+				user = "user";
+			};
+		};
+		desktopManager.gnome.enable = true;
+	};
+
+	users.users.user.extraGroups = [ "audio" "video" "input" ];
+
+	environment.systemPackages = with pkgs; [
+		firefox
+		gparted
+		pavucontrol
+	];
+
+	# Remove unnecessary stuff
+	services = {
+		gnome = {
+			evolution-data-server.enable = lib.mkForce false;
+			gnome-online-accounts.enable = lib.mkForce false;
+			gnome-online-miners.enable = lib.mkForce false;
+			gnome-initial-setup.enable = lib.mkForce false;
+			gnome-browser-connector.enable = lib.mkForce false;
+		};
+		telepathy.enable = lib.mkForce false;
+		dleyna-renderer.enable = lib.mkForce false;
+		dleyna-server.enable = lib.mkForce false;
+	};
+
+	programs.geary.enable = lib.mkForce false;
+
+	environment.gnome.excludePackages = with pkgs; [
+		gnome.gnome-weather
+		gnome.epiphany
+		gnome.gnome-contacts
+		gnome-photos
+		gnome.gnome-music
+		yelp
+	];
+}