Add NixOS server installer USB (disko LUKS + WiFi, hostname prompt)

- disko-server.nix: LUKS + ESP + ext4 root layout for disko-install
- server-install: minimal NixOS config for new servers (hostname/WiFi via --system-config)
- installer-iso: custom minimal ISO with iwlwifi; build with nix build .#installer-iso
- scripts/nixos-server-install.sh: prompt hostname/disk, run disko-install
- docs/server-installer-usb.md: build, write USB, optional live/installed WiFi
- .gitignore: nixos/installer-wifi.nix; AGENTS.md + README.md notes

Made-with: Cursor

nixos/disko-server.nix

@@ -0,0 +1,39 @@
+# Declarative disk layout for server installs via disko-install.
+# Device is injected at install time: disko-install --disk main /dev/sda
+# LUKS passphrase is prompted interactively (no keyFile).
+{
+  disko.devices = {
+    disk.main = {
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          ESP = {
+            size = "512M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+              mountOptions = [ "fmask=0022" "dmask=0022" ];
+            };
+          };
+          luks = {
+            size = "100%";
+            content = {
+              type = "luks";
+              name = "crypted";
+              settings.allowDiscards = true;
+              # No keyFile/passwordFile => interactive passphrase at install
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

nixos/flake.lock

@@ -1,5 +1,25 @@
 {
   "nodes": {
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1772867152,
+        "narHash": "sha256-RIFgZ4O6Eg+5ysZ8Tqb3YvcqiRaNy440GEY22ltjRrs=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "eaafb89b56e948661d618eefd4757d9ea8d77514",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -164,6 +184,7 @@
     },
     "root": {
       "inputs": {
+        "disko": "disko",
         "home-manager": "home-manager",
         "nix-darwin": "nix-darwin",
         "nixos-wsl": "nixos-wsl",

nixos/flake.nix

@@ -15,6 +15,9 @@
 
     zen-browser.url = "github:0xc000022070/zen-browser-flake";
     zen-browser.inputs.nixpkgs.follows = "nixpkgs";
+
+    disko.url = "github:nix-community/disko";
+    disko.inputs.nixpkgs.follows = "nixpkgs";
   };
 
   outputs = {
@@ -25,6 +28,7 @@
     self,
     home-manager,
     zen-browser,
+    disko,
     ...
   }: {
     nixosConfigurations = {
@@ -61,8 +65,28 @@
         system = "x86_64-linux";
         modules = [ ./hosts/sunken-ship.nix ];
       };
+
+      # For disko-install: LUKS + WiFi; hostname/WiFi via --system-config.
+      server-install = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          disko.nixosModules.disko
+          ./disko-server.nix
+          ./hosts/server-install.nix
+        ];
+      };
+
+      # Custom minimal installer ISO (build with: nix build .#installer-iso).
+      # Optional: add ./installer-wifi.nix (gitignored) to modules for live WiFi.
+      installer-iso = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [ ./installer-iso.nix ];
+      };
     };
 
+    packages.x86_64-linux.installer-iso =
+      self.nixosConfigurations.installer-iso.config.system.build.isoImage;
+
     # macOS (nix-darwin) configuration
     darwinConfigurations."Daniel-Macbook-Air" = nix-darwin.lib.darwinSystem {
       specialArgs = { inherit zen-browser; };

nixos/hosts/server-install.nix

@@ -0,0 +1,35 @@
+# Minimal NixOS config for disko-install (new servers).
+# Hostname and WiFi networks are overridden at install time via:
+#   disko-install --system-config '{"networking":{"hostName":"my-server"},...}'
+# No host-specific hardware import; filesystems and LUKS come from disko-server.nix.
+{ config, lib, pkgs, ... }:
+
+{
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "nixos";  # Override with --system-config at install
+  networking.wireless.enable = true;
+  # networks."SSID".psk set via --system-config or imperative.conf after boot
+
+  time.timeZone = "Europe/Copenhagen";
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  system.stateVersion = "24.11";
+
+  users.users.danny = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    # SSH keys: scp pubkey to server after install, then cat >> ~/.ssh/authorized_keys
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+    };
+  };
+
+  security.sudo.wheelNeedsPassword = false;
+  environment.systemPackages = [ pkgs.git ];
+}

nixos/installer-iso.nix

@@ -0,0 +1,14 @@
+# Custom minimal NixOS installer ISO for server installs (disko-install).
+# Optional: add nixos/installer-wifi.nix (gitignored) to the flake modules to
+# preconfigure live-system WiFi so the installer can reach the network.
+{ config, pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
+  ];
+
+  # Kernel modules for typical server WiFi (Intel). Add others if needed for your hardware.
+  boot.kernelModules = [ "iwlwifi" ];
+  boot.extraModulePackages = [ ];
+}