feat: add nix server provision

2026-03-18 02:44:54 +01:00
parent 6f55289ca4
commit 19f9b0594a
19 changed files with 3114 additions and 30 deletions
--- a/pkgs/helpers/templates/configuration.nix.tmpl
+++ b/pkgs/helpers/templates/configuration.nix.tmpl
@@ -0,0 +1,23 @@
+{ lib, ... }:
+{
+  # Generated by nodeiwest host init.
+  imports = [
+    ./disko.nix
+    ./hardware-configuration.nix
+  ];
+
+  networking.hostName = "@@HOST_NAME@@";
+  networking.useDHCP = lib.mkDefault true;
+
+  time.timeZone = "@@TIMEZONE@@";
+
+@@BOOT_LOADER_BLOCK@@
+
+  nodeiwest.ssh.userCAPublicKeys = @@SSH_CA_KEYS@@;
+
+  nodeiwest.tailscale.openbao = {
+    enable = @@TAILSCALE_OPENBAO_ENABLE@@;
+  };
+
+  system.stateVersion = "@@STATE_VERSION@@";
+}
--- a/pkgs/helpers/templates/disko-bios-ext4.nix
+++ b/pkgs/helpers/templates/disko-bios-ext4.nix
@@ -0,0 +1,41 @@
+{
+  lib,
+  ...
+}:
+{
+  # Generated by nodeiwest host init.
+  # Replace the disk only if the provider exposes a different primary device.
+  disko.devices = {
+    disk.main = {
+      type = "disk";
+      device = lib.mkDefault "@@DISK_DEVICE@@";
+      content = {
+        type = "gpt";
+        partitions = {
+          BIOS = {
+            priority = 1;
+            name = "BIOS";
+            start = "1MiB";
+            end = "2MiB";
+            type = "EF02";
+          };
+          swap = {
+            size = "@@SWAP_SIZE@@";
+            content = {
+              type = "swap";
+              resumeDevice = true;
+            };
+          };
+          root = {
+            size = "100%";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/pkgs/helpers/templates/disko-uefi-ext4.nix
+++ b/pkgs/helpers/templates/disko-uefi-ext4.nix
@@ -0,0 +1,47 @@
+{
+  lib,
+  ...
+}:
+{
+  # Generated by nodeiwest host init.
+  # Replace the disk only if the provider exposes a different primary device.
+  disko.devices = {
+    disk.main = {
+      type = "disk";
+      device = lib.mkDefault "@@DISK_DEVICE@@";
+      content = {
+        type = "gpt";
+        partitions = {
+          ESP = {
+            priority = 1;
+            name = "ESP";
+            start = "1MiB";
+            end = "512MiB";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+              mountOptions = [ "umask=0077" ];
+            };
+          };
+          swap = {
+            size = "@@SWAP_SIZE@@";
+            content = {
+              type = "swap";
+              resumeDevice = true;
+            };
+          };
+          root = {
+            size = "100%";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/pkgs/helpers/templates/hardware-configuration.placeholder.nix
+++ b/pkgs/helpers/templates/hardware-configuration.placeholder.nix
@@ -0,0 +1,5 @@
+{ ... }:
+{
+  # Placeholder generated by nodeiwest host init.
+  # nixos-anywhere will replace this with the generated hardware config.
+}
--- a/pkgs/helpers/templates/openbao-policy.hcl.tmpl
+++ b/pkgs/helpers/templates/openbao-policy.hcl.tmpl
@@ -0,0 +1,3 @@
+path "@@POLICY_PATH@@" {
+  capabilities = ["read"]
+}