No description

Nix 100%

Find a file

John Schmidt c97023ca84 Ensure the built ISO file name is what we want. Signed-off-by: John Schmidt <john@schmidthaus.rocks>		2026-05-03 09:38:27 -07:00
.gitignore	Ignore nix build results.	2026-05-03 09:37:40 -07:00
AGENTS.md	Not a service. Moved the options into nixos-rescue namespace	2026-05-02 19:16:35 -07:00
flake.lock	Initial commit.	2026-05-01 17:50:23 -07:00
flake.nix	Ensure modulesPath uses this flake's nixpkgs	2026-05-02 22:51:20 -07:00
module.nix	Ensure the built ISO file name is what we want.	2026-05-03 09:38:27 -07:00
README.md	Not a service. Moved the options into nixos-rescue namespace	2026-05-02 19:16:35 -07:00

README.md

nixos-rescue

A NixOS rescue ISO modeled after SystemRescue, built from the minimal installation CD profile.

Features

ZFS support with auto-detection
Additional filesystems: bcachefs, nilfs2, f2fs, jfs
XFCE desktop — start manually via startx from console
nftables firewall
OpenSSH server with root login enabled
PulseAudio sound server
200+ rescue tools covering disk partitioning, filesystem repair, data recovery, networking, VPN, encryption, backup, and hardware diagnostics

Usage

As a standalone build

nix build .#nixosConfigurations.rescue.config.system.build.isoImage

As a module in your own flake

{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    nixos-rescue.url = "github:youruser/nixos-rescue";
  };

  outputs = { self, nixpkgs, nixos-rescue }: {
    nixosConfigurations.my-rescue = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
        nixos-rescue.nixosModules.nixos-rescue
        {
          nixos-rescue = {
            rootSshAuthorizedKeys = [ "ssh-ed25519 AAAA... you@host" ];
            rootHashedPassword = null;
          };
        }
      ];
    };
  };
}

Then build:

nix build .#nixosConfigurations.my-rescue.config.system.build.isoImage

Module Options

Option	Type	Default	Description
`nixos-rescue.rootSshAuthorizedKeys`	list of str	`[]`	SSH authorized keys for the root user
`nixos-rescue.rootHashedPassword`	null or str	`null`	Hashed password for root. Generate with `mkpasswd -m sha-512`. If `null`, no password is set.

Generating a hashed password

mkpasswd -m sha-512

Included Tools

Category	Key Tools
Disk/Partition	parted, gparted, gptfdisk, lvm2, dmraid, mdadm, qemu, growpart
Filesystems	e2fsprogs, xfsprogs, btrfs-progs, ntfs3g, dosfstools, exfatprogs, f2fs-tools, jfsutils, nilfs-utils, bcachefs-tools, dislocker, ecryptfs-utils
Recovery	ddrescue, dd_rescue, testdisk, photorec, foremost, sleuthkit, fsarchiver, partclone, partimage, whdd
Backup	clonezilla, drbl, timeshift, rdiff-backup, borg, rsync, grsync, rclone
Network	nmap, tcpdump, iperf3, iftop, mtr, dnsmasq, bind, socat, lftp, elinks, irssi
VPN	wireguard-tools, openvpn, openconnect, vpnc, pptpclient, xl2tpd
Remote	remmina, rdesktop, x11vnc, minicom, picocom, screen, tmux
Security	cryptsetup, gnupg, keepassxc, chntpw, rkhunter, yubikey tools, pam_u2f
System	htop, atop, nmon, iotop-c, strace, smartmontools, hwinfo, inxi, nvme-cli, flashrom
Archival	zip, p7zip, unrar, xz, zstd, lz4, lzip, pigz, pixz, lrzip, wimlib
CD/DVD	cdrtools, dvdplusrwtools, libisoburn, xfburn
Editors	vim, nano, geany, featherpad, ghex, hexedit, joe
Languages	python3, perl, ruby, lua, tcl/tk, bash, zsh (grml config)
Boot/UEFI	grub2, efibootmgr, efitools, refind, syslinux
Testing	memtester, stress, stressapptest, stress-ng
Misc	git, pv, pwgen, darkhttpd, cloud-utils, ipmitool, tpm2-tss, ntp