e2cf93e7d6
Mirrors the distant-shore pattern: clan-managed (no standalone flake-module), wired into zerotier/data-mesher/dm-pull-deploy with the generated vars. WiFi via NetworkManager (PSK from /etc/secrets/nm.env); locally-signed boot chain (shim chain-loads sbsign-signed systemd-boot + kernel, refreshed every nixos-rebuild). targetHost is the LAN IP for the first push, switch to ZT IPv6 once on the mesh. buildHost = sunken-ship to avoid self-SSH on the closure copy.
36 lines
1,007 B
Nix
36 lines
1,007 B
Nix
# Declarative disk layout for distant-shore. UEFI/systemd-boot, no
|
|
# encryption: it's a headless, WiFi-only server that must reboot
|
|
# unattended (clan dm-pull-deploy), so a LUKS passphrase prompt at boot
|
|
# would hang it. Mirrors sunken-ship's plain-ext4 choice. Device is wiped
|
|
# + repartitioned at install time by clan/nixos-anywhere.
|
|
{
|
|
disko.devices = {
|
|
disk.main = {
|
|
type = "disk";
|
|
device = "/dev/nvme0n1";
|
|
content = {
|
|
type = "gpt";
|
|
partitions = {
|
|
ESP = {
|
|
size = "512M";
|
|
type = "EF00";
|
|
content = {
|
|
type = "filesystem";
|
|
format = "vfat";
|
|
mountpoint = "/boot";
|
|
mountOptions = [ "fmask=0022" "dmask=0022" ];
|
|
};
|
|
};
|
|
root = {
|
|
size = "100%";
|
|
content = {
|
|
type = "filesystem";
|
|
format = "ext4";
|
|
mountpoint = "/";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|