feat(foreign-port): add WiFi-only laptop as clan machine ✨

Mirrors the distant-shore pattern: clan-managed (no standalone flake-module), wired into zerotier/data-mesher/dm-pull-deploy with the generated vars. WiFi via NetworkManager (PSK from /etc/secrets/nm.env); locally-signed boot chain (shim chain-loads sbsign-signed systemd-boot + kernel, refreshed every nixos-rebuild). targetHost is the LAN IP for the first push, switch to ZT IPv6 once on the mesh. buildHost = sunken-ship to avoid self-SSH on the closure copy.
2026-06-07 21:43:28 +02:00 · 2026-06-07 21:43:28 +02:00 · e2cf93e7d6
commit e2cf93e7d6
parent 610454f0d2
23 changed files with 310 additions and 0 deletions
--- a/nixos/disko-foreign-port.nix
+++ b/nixos/disko-foreign-port.nix
@ -0,0 +1,36 @@
+# Declarative disk layout for distant-shore. UEFI/systemd-boot, no
+# encryption: it's a headless, WiFi-only server that must reboot
+# unattended (clan dm-pull-deploy), so a LUKS passphrase prompt at boot
+# would hang it. Mirrors sunken-ship's plain-ext4 choice. Device is wiped
+# + repartitioned at install time by clan/nixos-anywhere.
+{
+  disko.devices = {
+    disk.main = {
+      type = "disk";
+      device = "/dev/nvme0n1";
+      content = {
+        type = "gpt";
+        partitions = {
+          ESP = {
+            size = "512M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+              mountOptions = [ "fmask=0022" "dmask=0022" ];
+            };
+          };
+          root = {
+            size = "100%";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+            };
+          };
+        };
+      };
+    };
+  };
+}