feat: add nix server provision

This commit is contained in:
eric
2026-03-18 02:44:54 +01:00
parent 6f55289ca4
commit 19f9b0594a
19 changed files with 3114 additions and 30 deletions

View File

@@ -0,0 +1,23 @@
{ lib, ... }:
{
# Generated by nodeiwest host init.
imports = [
./disko.nix
./hardware-configuration.nix
];
networking.hostName = "@@HOST_NAME@@";
networking.useDHCP = lib.mkDefault true;
time.timeZone = "@@TIMEZONE@@";
@@BOOT_LOADER_BLOCK@@
nodeiwest.ssh.userCAPublicKeys = @@SSH_CA_KEYS@@;
nodeiwest.tailscale.openbao = {
enable = @@TAILSCALE_OPENBAO_ENABLE@@;
};
system.stateVersion = "@@STATE_VERSION@@";
}

View File

@@ -0,0 +1,41 @@
{
lib,
...
}:
{
# Generated by nodeiwest host init.
# Replace the disk only if the provider exposes a different primary device.
disko.devices = {
disk.main = {
type = "disk";
device = lib.mkDefault "@@DISK_DEVICE@@";
content = {
type = "gpt";
partitions = {
BIOS = {
priority = 1;
name = "BIOS";
start = "1MiB";
end = "2MiB";
type = "EF02";
};
swap = {
size = "@@SWAP_SIZE@@";
content = {
type = "swap";
resumeDevice = true;
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
}

View File

@@ -0,0 +1,47 @@
{
lib,
...
}:
{
# Generated by nodeiwest host init.
# Replace the disk only if the provider exposes a different primary device.
disko.devices = {
disk.main = {
type = "disk";
device = lib.mkDefault "@@DISK_DEVICE@@";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
start = "1MiB";
end = "512MiB";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
swap = {
size = "@@SWAP_SIZE@@";
content = {
type = "swap";
resumeDevice = true;
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
}

View File

@@ -0,0 +1,5 @@
{ ... }:
{
# Placeholder generated by nodeiwest host init.
# nixos-anywhere will replace this with the generated hardware config.
}

View File

@@ -0,0 +1,3 @@
path "@@POLICY_PATH@@" {
capabilities = ["read"]
}