How to build, install and update a nixos iso/system from a single (remote) flake?

Help
4

I managed to reach my goal of a self updating nixos laptop but I failed with the self contained installation medium.

The auto update mechanism works via a systemd service nixos-upgrade.service that can be configured with

system.autoUpgrade = {
  enable = true;
  allowReboot = true;
  dates = "03:00";
  flake = "github:<user>/<flake-repo>";
  flags = [ "-L" "--verbose" "--show-trace" ]; # to get extended build logs
  randomizedDelaySec = "30min";
};

The nixos hostname (networking.hostname = "laptop2") and the flake outputs target name (outputs.nixosConfigurations.laptop2) should be in identical, otherwise the flake = "github..." parameter needs an appended #<target name>, to tell nixos-rebuild the desired nixos configuration. This flake parameter connects a local nixos instance to the central repository.

My attempts at a self contained offline installer ran into several problems:

  • You cannot build a target nixos and its nixos live-usb installer from the same flake output, since there are conflicting boot settings. You need 2 flake outputs laptop2 and laptop2-installer.

  • To copy all the sources of the flakes repository, the best I could do was

    isoImage.contents = [{
  source = self.sourceInfo.outPath;
  target = "/flake_source";
}];

    This copies all git-tracked files into the ISO but unfortunately not the .git directory itself, making it only a current snapshot without any remote ties. This is fine for now and still good progress towards a complete offline installer but works against the spirit of having a complete backup installation medium.

  • In any case, nixos-install tries to resolve https://cache.nixos.org/nix-cache-info and fails with with error: unable to download 'https://.../nixpkgs/archive/...tar.gz'.
    At this point, I am not sure if its even possible to create a fully offline nixos installer.

  • When network access is given, nixos-install copies artifacts from local as from the remote nixos cache. To reduce these remote cache hits, I tried isoImage.storeContents = [ outputs.nixosConfigurations.laptop2 ]; which failed, because JSON was expected.

I didn’t try an further. Maybe some day I will have another shot at the installer.

1 Like