Try to make cloud hosts work.

Make impermanence reset work on unencrypted hosts.
Update install docs to preserve installer ssh keys.
2025-10-24 14:58:00 +01:00 · 2025-10-24 14:49:32 +01:00 · 2025-10-24 14:47:45 +01:00
6 changed files with 36 additions and 6 deletions
--- a/common/impermanence.nix
+++ b/common/impermanence.nix
@@ -64,7 +64,7 @@ in
    # Note `lib.mkBefore` is used instead of `lib.mkAfter` here.
    boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
      mkdir /mnt
-      mount /dev/mapper/luksroot /mnt
+      mount ${config.fileSystems."/".device} /mnt
      if [[ -e /mnt/root ]]; then
          mkdir -p /mnt/old_roots
          timestamp=$(date --date="@$(stat -c %Y /mnt/root)" "+%Y-%m-%-d_%H:%M:%S")
--- a/flake.nix
+++ b/flake.nix
@@ -71,6 +71,7 @@
            if profile == "server" then ./common/server-node.nix
            else if profile == "workstation" then ./common/workstation-node.nix
            else if profile == "desktop" then ./common/desktop-node.nix
+            else if profile == "cloud" then ./common/cloud-node.nix
            else null;
        in
        nixpkgs.lib.nixosSystem {
@@ -138,7 +139,7 @@
        c1 = mkHost "x86_64-linux" "server" [ ./hosts/c1 ];
        c2 = mkHost "x86_64-linux" "server" [ ./hosts/c2 ];
        c3 = mkHost "x86_64-linux" "server" [ ./hosts/c3 ];
-        alo-cloud-1 = mkHost "aarch64-linux" "server" [ ./hosts/alo-cloud-1 ];
+        alo-cloud-1 = mkHost "aarch64-linux" "cloud" [ ./hosts/alo-cloud-1 ];
        zippy = mkHost "x86_64-linux" "workstation" [
          ethereum-nix.nixosModules.default
          ./hosts/zippy
--- a/home/profiles/cloud.nix
+++ b/home/profiles/cloud.nix
@@ -0,0 +1,22 @@
+{ pkgs }:
+let
+  corePkgs = with pkgs; [
+    direnv
+    fzf
+    git
+    mosh
+    ripgrep
+    tmux
+    zsh
+  ];
+
+  fishPkgs = with pkgs.fishPlugins; [
+    pure
+    # don't add failed commands to history
+    sponge
+    transient-fish
+  ];
+in
+{
+  packages = corePkgs ++ fishPkgs;
+}
--- a/home/programs/cloud.nix
+++ b/home/programs/cloud.nix
@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+{
+  imports = [ ./server.nix ];
+
+  # Cloud-specific home-manager programs
+  # Currently uses server profile's minimal CLI setup
+  # Add cloud-specific customizations here if needed in the future
+}
--- a/hosts/alo-cloud-1/default.nix
+++ b/hosts/alo-cloud-1/default.nix
@@ -2,7 +2,6 @@
 {
  imports = [
    ../../common/global
-    ../../common/cloud-node.nix
    ./hardware.nix
    ./reverse-proxy.nix
  ];
--- a/setup-host.txt
+++ b/setup-host.txt
@@ -7,7 +7,7 @@
 * copy key.bin to hosts/<target>/
 * use the generated config to create new config in hosts/<target>
 * set the actual device IDs in hosts/<target>/default.nix
-* on base host: nix run github:nix-community/nixos-anywhere -- --flake '.#<target>' nixos@<target IP>
+* set or update key for target in .sops.yaml with the output from "ssh-keyscan <host> | ssh-to-age" then "sops updatekeys secrets/*.yaml"
+* if new machine, add a secrets/<machine>.yaml for it
+* on base host: nix run github:nix-community/nixos-anywhere -- --copy-host-keys --flake '.#<target>' nixos@<target IP>
 * after confirmed working, update hosts/<target>/default.nix to set keyFile to /dev/sdX (otherwise when the USB drive fails it's harder to replace)
-* if replacing failed host in place, update key in .sops.yaml with the output from "ssh-keyscan <host> | ssh-to-age" then "sops updatekeys secrets/*.yaml"
-** if installing new host, do the same for install then again after the first reboot (the installer key is not persisted)
Author	SHA1	Message	Date
Petru Paler	f918ff5df2	Try to make cloud hosts work.	2025-10-24 14:58:00 +01:00
Petru Paler	4921679140	Make impermanence reset work on unencrypted hosts.	2025-10-24 14:49:32 +01:00
Petru Paler	ce7b3bbe16	Update install docs to preserve installer ssh keys.	2025-10-24 14:47:45 +01:00