feat: add nixos-anywhare installer

2025-10-09 18:18:07 +02:00
parent bb959dae3a
commit 88a72088f1
7 changed files with 210 additions and 0 deletions
--- a/install-anywhere/configuration.templ.nix
+++ b/install-anywhere/configuration.templ.nix
@@ -0,0 +1,66 @@
+{ pkgs, config, ...}:
+{
+  networking = {
+    hostName = "nixos";
+    domain = "oceanbox.io";
+    search = [ "oceanbox.io" ];
+    firewall.allowedTCPPorts = [];
+    firewall.extraCommands = '' '';
+    interfaces.@iface@ = {
+        useDHCP = false;
+        ipv4.addresses = [ {
+          address = "@address@";
+          prefixLength = 24;
+        } ];
+    };
+    defaultGateway = "172.16.239.1";
+    nameservers = [ "8.8.8.8" "1.1.1.1" ];
+  };
+
+  boot = {
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+  };
+
+  services.openssh.enable = true;
+
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+    extraLocaleSettings = {
+      LC_CTYPE="en_DK.UTF-8";
+      LC_TIME="en_DK.UTF-8";
+      LC_PAPER="en_DK.UTF-8";
+      LC_NAME="en_DK.UTF-8";
+      LC_ADDRESS="en_DK.UTF-8";
+      LC_TELEPHONE="en_DK.UTF-8";
+      LC_MEASUREMENT="en_DK.UTF-8";
+      LC_IDENTIFICATION="en_DK.UTF-8";
+    };
+  };
+
+  time.timeZone = "Europe/Oslo";
+
+  users.users.root = {
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas-3"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII77Aa2MFZMTha8PdkNg32UR8y6Hwb4R0aR9Ad9qifNq mrtz@wurst"
+    ];
+    hashedPassword = "$y$j9T$fNWL6dq9Q6k/RhoCQQkqA0$zI5217vjE2s6C75NlyHKO7btVXDUi..VKCMRjcH46b6";
+  };
+
+  nixpkgs.config.allowUnfreee = true;
+
+  imports = [
+    ./disk-config.nix
+    # ./hardware-configuration.nix
+    #./kernel.nix
+    #"${builtins.fetchGit { url = "https://github.com/NixOS/nixos-hardware.git"; }}/lenovo/thinkpad/x1/7th-gen"
+  ];
+
+}
+
--- a/install-anywhere/disk-config.nix
+++ b/install-anywhere/disk-config.nix
@@ -0,0 +1,33 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        device = "/dev/sda";
+        type = "disk";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              type = "EF00";
+              size = "500M";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/install-anywhere/flake.lock
+++ b/install-anywhere/flake.lock
@@ -0,0 +1,48 @@
+{
+  "nodes": {
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1750903843,
+        "narHash": "sha256-Ng9+f0H5/dW+mq/XOKvB9uwvGbsuiiO6HrPdAcVglCs=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "83c4da299c1d7d300f8c6fd3a72ac46cb0d59aae",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1751180975,
+        "narHash": "sha256-BKk4yDiXr4LdF80OTVqYJ53Q74rOcA/82EClXug8xsY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "a48741b083d4f36dd79abd9f760c84da6b4dc0e5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "disko": "disko",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/install-anywhere/flake.nix
+++ b/install-anywhere/flake.nix
@@ -0,0 +1,24 @@
+{
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-25.05";
+  inputs.disko.url = "github:nix-community/disko";
+  inputs.disko.inputs.nixpkgs.follows = "nixpkgs";
+
+  outputs =
+    {
+      nixpkgs,
+      disko,
+      ...
+    }:
+    {
+      # Use this for all other targets
+      # nixos-anywhere --flake .#generic --generate-hardware-config nixos-generate-config ./hardware-configuration.nix <hostname>
+      nixosConfigurations.generic = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          disko.nixosModules.disko
+          ./configuration.nix
+          ./hardware-configuration.nix
+        ];
+      };
+    };
+}
--- a/install-anywhere/hardware-configuration.nix
+++ b/install-anywhere/hardware-configuration.nix
@@ -0,0 +1,29 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp33s0np0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp65s0f0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp65s0f1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp65s0f2.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp65s0f3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/install-anywhere/hosts.list
+++ b/install-anywhere/hosts.list
@@ -0,0 +1,3 @@
+172.16.239.111,enp65s0f0
+172.16.239.117,enp65s0f0
+172.16.239.122,enp65s0f0
--- a/install-anywhere/install.sh
+++ b/install-anywhere/install.sh
@@ -0,0 +1,7 @@
+for i in $(cat hosts.lists); do IFS=","; set -- $i;
+ sed "s/@iface@/$2/; s/@address@/$1/" configuration.templ.nix > configuration.nix
+ nix run github:nix-community/nixos-anywhere -- --flake .#generic \
+  --generate-hardware-config nixos-generate-config ./hardware-configuration.nix \
+  --target-host root@$1
+ rm configuration.nix
+done