# Runner Images (NixOS)

This repo exports reproducible NixOS runner configurations via flake outputs:

- `nixosConfigurations.ec-runner-aarch64`
- `nixosConfigurations.ec-runner-x86_64`
- `nixosConfigurations.ec-runner-aarch64-netboot`
- `nixosConfigurations.ec-runner-x86_64-netboot`
- `nixosConfigurations.ec-runner-x86_64-iso`
- `nixosConfigurations.ec-runner-aarch64-sdimage`

The runner OS exposes this repo's flake source inside the system at:

- `/etc/every-channel/flake`

This allows a runner to self-build and verify artifacts from the same flake definition.

## Read-Only Root + tmpfs Writes

The base runner profile enables an initrd overlay that:

- remounts the real `/` read-only, and
- provides a tmpfs-backed writable overlay upperdir.

For reliable upgrades and operation, mount persistent filesystems for:

- `/boot` (so new boot entries persist)
- `/nix` (so store contents persist across reboots)
- `/var` or selected `/var/lib/*` paths (for any state you care about)

## Build (OrbStack / Linux)

These commands should be run inside a Linux environment with Nix enabled (e.g. OrbStack VM).

Build netboot artifacts (iPXE/PXE):

```sh
nix build .#nixosConfigurations.ec-runner-aarch64-netboot.config.system.build.netboot
```

Build an installer ISO (x86_64):

```sh
nix build .#nixosConfigurations.ec-runner-x86_64-iso.config.system.build.isoImage
```

Build an aarch64 SD image:

```sh
nix build .#nixosConfigurations.ec-runner-aarch64-sdimage.config.system.build.sdImage
```

## Outputs

After building, artifacts will be in `./result` (a symlink into the Nix store).

Common netboot outputs include:

- `kernel`
- `initrd`
- `netboot.ipxe`

Exact filenames may vary across NixOS releases.