Try to make cloud hosts work.

common/impermanence.nix

@@ -64,7 +64,7 @@ in
     # Note `lib.mkBefore` is used instead of `lib.mkAfter` here.
     boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
       mkdir /mnt
-      mount /dev/mapper/luksroot /mnt
+      mount ${config.fileSystems."/".device} /mnt
       if [[ -e /mnt/root ]]; then
           mkdir -p /mnt/old_roots
           timestamp=$(date --date="@$(stat -c %Y /mnt/root)" "+%Y-%m-%-d_%H:%M:%S")

flake.nix

@@ -71,6 +71,7 @@
             if profile == "server" then ./common/server-node.nix
             else if profile == "workstation" then ./common/workstation-node.nix
             else if profile == "desktop" then ./common/desktop-node.nix
+            else if profile == "cloud" then ./common/cloud-node.nix
             else null;
         in
         nixpkgs.lib.nixosSystem {
@@ -138,7 +139,7 @@
         c1 = mkHost "x86_64-linux" "server" [ ./hosts/c1 ];
         c2 = mkHost "x86_64-linux" "server" [ ./hosts/c2 ];
         c3 = mkHost "x86_64-linux" "server" [ ./hosts/c3 ];
-        alo-cloud-1 = mkHost "aarch64-linux" "server" [ ./hosts/alo-cloud-1 ];
+        alo-cloud-1 = mkHost "aarch64-linux" "cloud" [ ./hosts/alo-cloud-1 ];
         zippy = mkHost "x86_64-linux" "workstation" [
           ethereum-nix.nixosModules.default
           ./hosts/zippy

home/profiles/cloud.nix

@@ -0,0 +1,22 @@
+{ pkgs }:
+let
+  corePkgs = with pkgs; [
+    direnv
+    fzf
+    git
+    mosh
+    ripgrep
+    tmux
+    zsh
+  ];
+
+  fishPkgs = with pkgs.fishPlugins; [
+    pure
+    # don't add failed commands to history
+    sponge
+    transient-fish
+  ];
+in
+{
+  packages = corePkgs ++ fishPkgs;
+}

home/programs/cloud.nix

@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+{
+  imports = [ ./server.nix ];
+
+  # Cloud-specific home-manager programs
+  # Currently uses server profile's minimal CLI setup
+  # Add cloud-specific customizations here if needed in the future
+}

hosts/alo-cloud-1/default.nix

@@ -2,7 +2,6 @@
 {
   imports = [
     ../../common/global
-    ../../common/cloud-node.nix
     ./hardware.nix
     ./reverse-proxy.nix
   ];

setup-host.txt

@@ -7,7 +7,7 @@
 * copy key.bin to hosts/<target>/
 * use the generated config to create new config in hosts/<target>
 * set the actual device IDs in hosts/<target>/default.nix
-* on base host: nix run github:nix-community/nixos-anywhere -- --flake '.#<target>' nixos@<target IP>
+* set or update key for target in .sops.yaml with the output from "ssh-keyscan <host> | ssh-to-age" then "sops updatekeys secrets/*.yaml"
+* if new machine, add a secrets/<machine>.yaml for it
+* on base host: nix run github:nix-community/nixos-anywhere -- --copy-host-keys --flake '.#<target>' nixos@<target IP>
 * after confirmed working, update hosts/<target>/default.nix to set keyFile to /dev/sdX (otherwise when the USB drive fails it's harder to replace)
-* if replacing failed host in place, update key in .sops.yaml with the output from "ssh-keyscan <host> | ssh-to-age" then "sops updatekeys secrets/*.yaml"
-** if installing new host, do the same for install then again after the first reboot (the installer key is not persisted)