feat(nixos): add phantom-ship host and streamline server installer ✨

- New host config: phantom-ship.nix (SSH, auto-rebuild, nix-ld, Ethernet) - Hardware stub: phantom-ship-hardware.nix (replaced by install script) - Add phantom-ship to flake.nix with home-manager - Install script now auto-provisions post-install: - Clones dotfiles to /etc/dotfiles - Installs SSH public key (SSH_PUBKEY_FILE env var) - Generates hardware config - Supports INSTALLER_HOSTNAME and INSTALLER_DISK env vars - Fix bootstrap-install.sh default branch to main - Update CLAUDE.md and server-installer-usb.md
2026-03-31 11:37:15 +02:00 · 2026-03-31 11:37:15 +02:00 · d4dbd73a8c
commit d4dbd73a8c
parent 2c9cf1e8b4
7 changed files with 314 additions and 183 deletions
--- a/nixos/flake.nix
+++ b/nixos/flake.nix
@ -72,6 +72,26 @@
        ];
      };

+      phantom-ship = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          ./hosts/phantom-ship.nix
+
+          # Home Manager on NixOS
+          home-manager.nixosModules.home-manager
+          ({ lib, ... }: {
+            home-manager.useGlobalPkgs = true;
+            home-manager.useUserPackages = true;
+            home-manager.backupFileExtension = "backup";
+            home-manager.users.danny = { ... }: {
+              home.username = "danny";
+              home.homeDirectory = lib.mkForce "/home/danny";
+              home.stateVersion = "25.11";
+            };
+          })
+        ];
+      };
+
      # For disko-install: LUKS + WiFi; hostname/WiFi via --system-config.
      server-install = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
--- a/nixos/hosts/phantom-ship-hardware.nix
+++ b/nixos/hosts/phantom-ship-hardware.nix
@ -0,0 +1,17 @@
+# STUB — replace with output of: nixos-generate-config --show-hardware-config
+# The install script saves the real config here automatically.
+# Filesystems are managed by disko during install; only boot/initrd config here.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
+  boot.kernelModules = [ "kvm-intel" ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/nixos/hosts/phantom-ship.nix
+++ b/nixos/hosts/phantom-ship.nix
@ -0,0 +1,65 @@
+# NixOS server: bare config with SSH, auto-rebuild, Ethernet.
+# Services (OpenClaw, etc.) to be added later.
+{ config, lib, pkgs, ... }:
+
+let
+  dotfilesDir = "/etc/dotfiles";
+  flakeRef = "${dotfilesDir}/nixos#phantom-ship";
+in
+{
+  imports = [ ./phantom-ship-hardware.nix ];
+
+  networking.hostName = "phantom-ship";
+  networking.useDHCP = lib.mkDefault true;  # Ethernet; no wireless
+  time.timeZone = "Europe/Copenhagen";
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  programs.nix-ld.enable = true;  # run dynamically linked binaries (e.g. Claude Code remote CLI)
+  system.stateVersion = "24.11";
+
+  users.users.danny = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+  };
+
+  # Key-only auth; no password or keyboard-interactive.
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+    };
+  };
+
+  # Passwordless sudo for wheel.
+  security.sudo.wheelNeedsPassword = false;
+  environment.systemPackages = with pkgs; [
+    git  # clone/bootstrap and dotfiles-rebuild timer
+  ];
+
+  # Pull dotfiles and rebuild if the repo has new commits.
+  systemd.services.dotfiles-rebuild = {
+    description = "Pull dotfiles and run nixos-rebuild if repo changed";
+    path = with pkgs; [ git nix ];
+    environment.GIT_CONFIG_COUNT = "1";
+    environment.GIT_CONFIG_KEY_0 = "safe.directory";
+    environment.GIT_CONFIG_VALUE_0 = dotfilesDir;
+    script = ''
+      set -euo pipefail
+      cd ${dotfilesDir}
+      git fetch origin
+      if [ "$(git rev-parse HEAD)" = "$(git rev-parse origin/main)" ]; then
+        exit 0
+      fi
+      git pull origin main
+      exec nixos-rebuild switch --flake ${flakeRef}
+    '';
+    serviceConfig.Type = "oneshot";
+  };
+
+  systemd.timers.dotfiles-rebuild = {
+    wantedBy = [ "timers.target" ];
+    timerConfig.OnCalendar = "*-*-* *:00/15:00";  # every 15 minutes
+    timerConfig.RandomizedDelaySec = "2min";
+  };
+}