Add write-installer-iso-to-usb-on-server.sh; build script SSH key fix; doc

Made-with: Cursor

scripts/build-installer-iso-on-server.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+# Build the NixOS installer ISO on sunken-ship (x86_64-linux) and copy it back.
+# Run from your Mac when sunken-ship is reachable (same network).
+# Usage: ./scripts/build-installer-iso-on-server.sh [host] [output_dir]
+#   host: SSH host (default: sunken-ship)
+#   output_dir: where to save the ISO on your Mac (default: .)
+# Override SSH key: SSH_KEY=~/.ssh/my_key ./scripts/build-installer-iso-on-server.sh
+set -euo pipefail
+
+HOST="${1:-sunken-ship}"
+OUT="${2:-.}"
+
+# Use sunken-ship key if not set (AGENTS.md)
+if [[ -n "${SSH_KEY:-}" ]]; then
+  SSH_OPTS=(-i "$SSH_KEY")
+elif [[ "$HOST" == "sunken-ship" ]] && [[ -f ~/.ssh/id_ed25519_sunken_ship ]]; then
+  SSH_OPTS=(-i ~/.ssh/id_ed25519_sunken_ship)
+else
+  SSH_OPTS=()
+fi
+
+echo "Pushing branch so server can pull..."
+git push origin server-installer-usb 2>/dev/null || true
+
+echo "On $HOST: clone branch, build ISO..."
+ssh "${SSH_OPTS[@]}" "$HOST" 'set -e
+  BUILD_DIR=~/dotfiles-iso-build
+  rm -rf "$BUILD_DIR"
+  git clone --branch server-installer-usb https://github.com/DannyDannyDanny/dotfiles.git "$BUILD_DIR"
+  cd "$BUILD_DIR/nixos"
+  nix build .#installer-iso
+  ls -la result/iso/
+'
+
+ISO_NAME=$(ssh "${SSH_OPTS[@]}" "$HOST" 'ls ~/dotfiles-iso-build/nixos/result/iso/*.iso 2>/dev/null | head -1')
+ISO_NAME=$(basename "$ISO_NAME")
+
+echo "Copying $ISO_NAME to $OUT ..."
+scp "${SSH_OPTS[@]}" "$HOST:~/dotfiles-iso-build/nixos/result/iso/$ISO_NAME" "$OUT/"
+echo "Done. ISO at $OUT/$ISO_NAME"
+echo "Write to USB: diskutil unmountDisk diskN && sudo dd if=$OUT/$ISO_NAME of=/dev/rdiskN bs=4m"

scripts/write-installer-iso-to-usb-on-server.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+# Run this script ON the server (sunken-ship) with the USB stick plugged in.
+# It finds the USB device, unmounts it, and writes the installer ISO to it.
+# Usage: sudo ./scripts/write-installer-iso-to-usb-on-server.sh [path_to_iso]
+#   path_to_iso: default is ~/dotfiles-iso-build/nixos/result/iso/*.iso from the build
+set -euo pipefail
+
+if [[ "$EUID" -ne 0 ]]; then
+  echo "Run as root: sudo $0 [$*]"
+  exit 1
+fi
+
+ISO="${1:-}"
+if [[ -z "$ISO" ]]; then
+  for base in /home/danny ~; do
+    ISO=$(ls "$base/dotfiles-iso-build/nixos/result/iso/"*.iso 2>/dev/null | head -1)
+    [[ -n "$ISO" ]] && break
+  done
+fi
+if [[ -z "$ISO" || ! -f "$ISO" ]]; then
+  echo "ISO not found. Pass path: sudo $0 /path/to/nixos-minimal-*.iso"
+  exit 1
+fi
+
+echo "Block devices:"
+lsblk -d -o NAME,SIZE,MODEL,TRAN
+echo ""
+echo "Identify the USB (usually the smaller removable disk, e.g. sdb or nvme1n1)."
+read -r -p "Device to overwrite (e.g. sdb, no /dev/): " dev
+dev="/dev/${dev#/dev/}"
+if [[ ! -b "$dev" ]]; then
+  echo "Not a block device: $dev"
+  exit 1
+fi
+
+# Unmount any partitions on the device
+for part in "${dev}"*; do
+  [[ "$part" == "$dev" ]] && continue
+  if mountpoint -q "$part" 2>/dev/null || mount | grep -q "$part"; then
+    umount "$part" 2>/dev/null || true
+  fi
+done
+
+echo "About to write $ISO to $dev (all data on $dev will be destroyed)."
+read -r -p "Type YES to continue: " confirm
+if [[ "$confirm" != "YES" ]]; then
+  echo "Aborted."
+  exit 0
+fi
+
+echo "Writing..."
+dd if="$ISO" of="$dev" bs=4M status=progress
+sync
+echo "Done. Safe to remove the USB."