Initial commit

.gitignore

@@ -0,0 +1,3 @@
+*.swp
+result
+flake.lock

README.md

@@ -0,0 +1,16 @@
+# Building
+## Flake (Nix)
+```
+git clone https://git.mlaga97.space/mlaga97/persistent-live-docker-flake
+cd persistent-live-docker-flake
+
+nix build -L
+```
+
+## Without Flake (Nix)
+```
+git clone https://git.mlaga97.space/mlaga97/persistent-live-docker-flake
+cd persistent-live-docker-flake
+
+nixos-generate -f iso -c configuration.nix
+```

configuration.nix

@@ -0,0 +1,127 @@
+{ pkgs, lib, ... }: {
+  networking.hostName = ""; # Allows overriding via DHCP
+
+  system.stateVersion = "24.11";
+
+  users.mutableUsers = false;
+  nixpkgs.config.allowUnfree = true;
+  services.automatic-timezoned.enable = true;
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  networking.wireless.enable = false;
+
+  # Basic Utilities
+  environment.systemPackages = with pkgs; [
+    # Basic Utilities
+    bc pv killall unzip
+
+    # System Monitoring / TUI QoL Tools
+    btop iotop tmux byobu
+
+    # Applications
+    vim_configurable
+
+    # File Systems
+    nfs-utils cifs-utils exfatprogs
+  ];
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Services
+
+  services.uptimed.enable = true;
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = lib.mkForce "no";
+      PasswordAuthentication = false;
+    };
+  };
+
+  virtualisation.docker.enable = true;
+  virtualisation.containers.enable = true;
+
+  zramSwap = {
+    enable = true;
+    algorithm = "zstd";
+    memoryPercent = 200;
+  };
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Disable Default User
+
+  services.getty.autologinUser = lib.mkForce null;
+
+  users.groups.nixos = {};
+  users.users.nixos.group = "nixos";
+  users.users.nixos.isSystemUser = lib.mkForce true;
+  users.users.nixos.isNormalUser = lib.mkForce false;
+  users.users.nixos.initialHashedPassword = lib.mkForce "!";
+
+  # Disable root as well
+  users.users.root.initialHashedPassword = lib.mkForce "!";
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Users
+
+  users.users.lauren_lagarde = {
+    isNormalUser = true;
+    description = "Lauren Lagarde";
+    extraGroups = [ "docker" "wheel" "libvirtd" "disks" ];
+    initialHashedPassword = "$y$j9T$KqTFvSj9TYmRXugVbiSgj.$RbvxcGlY/DbLFioa64ntY5RO4Ym0CMswhegeQj5qHyD";
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCl881A1gvgCx+4ECrmJnO2QCTiqjaOLfAegKAAkvWNFKL0rDfsj8tZULUcyn87HYsRrdmqCOQ62GOjQyK803azq7QTxwY4vjczkJxico4LnIToTobcz+JkgF6Rf/h74bs9dHk4ZU853FRBz3wi/14rI10Iwckt37B1ayJacpELuzFobKYip2FjiL1vNH3tiAFR131z+YBByvNX+uJYEhpsI0xry9zbsSUWUq5/YFpmjezblzYRokfsReYiKJeQBeROSeRC/xFBSnikECSylNI4sw5VIpGXFIxL5xhss+s+3dnb+LFQ+zInOYxkVRydYc/In9Wz6Tu7v07K8bjvE7nQwHenoGtRW590Xu0rJApS+k8Cu16sCO2QFj/aI+gCrhU0ymM0aicr0hFAME6Y7j9HcR6PxYxnXZjI7cfqhO5TG8jot25SPzJcvH3EV5oPKtAkw9XA+8+nAI9czFlUgHnuMJAqw1IGOD3qozwqZ5yn1+kG7FZJRpvaPc5pK2HtqaAKJmnRuVaWcFuNALh86gr7Qn8IEp8Q+YyKmDqrMZ4KLJUMnVqn4y0HVS1eB5nVujaJZUGJWA4q3og0FE/2kH74WEp2ZtuJAoEPcgfZ6Ns7BmmXIZU7qu4kQoQ73b3mn6hCi5xlQ/sClzwHYkRPo4tST64ED/UIRPCYe1byNUWSww== lauren@lagarde.dev"
+    ];
+  };
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Persistent Docker
+
+  systemd.mounts = [
+    {
+      type = "ext4";
+      options = "rw";
+      what = "/dev/sda";
+      where = "/persistent";
+    }
+  ];
+
+  systemd.automounts = [
+    {
+      wantedBy = [ "multi-user.target" ];
+      where = "/persistent";
+    }
+  ];
+
+  virtualisation.docker.daemon.settings = {
+    data-root = "/persistent/docker-root";
+  };
+
+  virtualisation.oci-containers.backend = "docker";
+  virtualisation.oci-containers.containers = {
+    dockge = {
+      image = "louislam/dockge";
+      ports = [
+        "5001:5001"
+      ];
+      volumes = [
+        "/var/run/docker.sock:/var/run/docker.sock"
+        "/persistent/stacks/dockge/data:/app/data"
+        "/root/.docker/:/root/.docker"
+        "/persistent/stacks:/persistent/stacks"
+      ];
+      environment = {
+        DOCKGE_STACKS_DIR = "/persistent/stacks";
+      };
+    };
+  };
+}

flake.nix

@@ -0,0 +1,31 @@
+{
+  description = "Live Server Iso with persistent docker storage";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
+
+    home-manager.url = "github:nix-community/home-manager/release-24.11";
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+
+    nixos-generators.url = "github:nix-community/nixos-generators/7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565";
+    nixos-generators.inputs.nixpkgs.follows = "nixpkgs";
+  };
+
+  outputs = { self, nixpkgs, home-manager, nixos-generators, ... }@inputs: let
+    system = "x86_64-linux";
+    timezone = "America/Chicago";
+    locale = "en_US.UTF-8";
+  in {
+    packages.x86_64-linux = {
+      persistent-live-docker-iso = nixos-generators.nixosGenerate {
+        system = "x86_64-linux";
+        modules = [
+          ./configuration.nix
+        ];
+        format = "install-iso";
+      };
+
+      default = self.packages.x86_64-linux.persistent-live-docker-iso;
+    };
+  };
+}