Initial commit

2025-12-12 03:24:02 +00:00 · 2025-07-23 01:59:06 +02:00 · 2025-07-23 01:59:06 +02:00 · 5fab1dceed
commit 5fab1dceed
9 changed files with 598 additions and 0 deletions
--- a/postinstall/auto.sh
+++ b/postinstall/auto.sh
@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+set -xe
+
+if [ -z "$1" ] || [ -z "$2" ]; then
+    echo "Usage: $0 <ip-address> <ssh-pubkey-path>"
+    exit 1
+fi
+
+IP=$1
+SSHKEYPATH=$2
+
+TMPDIR=$(mktemp -d)
+
+cleanup() {
+    rm -rf "$TMPDIR"
+}
+
+trap cleanup EXIT
+
+cp configuration.nix "$TMPDIR/configuration.nix"
+sed -i.bak "s|# REPLACEME|\"$(cat "$SSHKEYPATH" | tr -d '\n')\"|" "$TMPDIR/configuration.nix"
+
+echo "$TMPDIR/configuration.nix"
+
+ssh "root@$IP" "nixos-generate-config"
+scp "$TMPDIR/configuration.nix" "root@$IP:/etc/nixos/configuration.nix"
+scp flake.nix "root@$IP:/etc/nixos/flake.nix"
+if [ -f flake.lock ]; then
+    scp flake.lock "root@$IP:/etc/nixos/flake.lock"
+fi
+ssh "root@$IP" "nixos-rebuild switch"
+
+# Copy the lockfile back.
+# This will create a dirty git state but the lock file may be desirable when
+# deploying to multiple servers to keep things in sync and reuse more cache.
+scp "root@$IP:/etc/nixos/flake.lock" flake.lock
--- a/postinstall/configuration.nix
+++ b/postinstall/configuration.nix
@ -0,0 +1,58 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page, on
+# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
+
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  boot.loader.grub = {
+    efiSupport = true;
+    device = "nodev";
+    efiInstallAsRemovable = true;
+  };
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  networking.hostName = "nixos";
+  networking.networkmanager.enable = true;
+
+  # Set your time zone.
+  time.timeZone = "UTC";
+
+  environment.systemPackages = with pkgs; [
+    vim
+    git
+    curl
+    ghostty.terminfo
+    wget
+  ];
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  # users.users.alice = {
+  #   isNormalUser = true;
+  #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+  #   packages = with pkgs; [
+  #     tree
+  #   ];
+  # };
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  users.users.root.openssh.authorizedKeys.keys = [
+    # REPLACEME
+  ];
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # Never change this
+  system.stateVersion = "25.05";
+}
+
--- a/postinstall/flake.nix
+++ b/postinstall/flake.nix
@ -0,0 +1,17 @@
+{
+  description = "System configuration";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
+  };
+
+  outputs = { self, nixpkgs, ... }@inputs: {
+    nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
+      system = "aarch64-linux";
+      modules = [
+        { nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; }
+        ./configuration.nix
+      ];
+    };
+  };
+}