dannydannydanny/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dotfiles/docs/server-installer-usb.md
DannyDannyDanny d4dbd73a8c feat(nixos): add phantom-ship host and streamline server installer 
- New host config: phantom-ship.nix (SSH, auto-rebuild, nix-ld, Ethernet)
- Hardware stub: phantom-ship-hardware.nix (replaced by install script)
- Add phantom-ship to flake.nix with home-manager
- Install script now auto-provisions post-install:
  - Clones dotfiles to /etc/dotfiles
  - Installs SSH public key (SSH_PUBKEY_FILE env var)
  - Generates hardware config
  - Supports INSTALLER_HOSTNAME and INSTALLER_DISK env vars
- Fix bootstrap-install.sh default branch to main
- Update CLAUDE.md and server-installer-usb.md
2026-03-31 11:37:15 +02:00

4.4 KiB
Raw Blame History

Server installer USB (NixOS + LUKS)

Bootable USB that installs NixOS on a new server with disk encryption (LUKS). The install script handles partitioning, encryption, dotfiles cloning, SSH key setup, and hardware config generation. Only required inputs: hostname, LUKS passphrase, and target disk.

Quick path (Ethernet server like phantom-ship)

Prep (on sunken-ship or any Linux box)

  1. Download the NixOS minimal ISO on sunken-ship.
  2. Plug in USB and write the ISO: 
    # Find your USB device (e.g. /dev/sdc)
lsblk
sudo dd if=nixos-minimal-*.iso of=/dev/sdX status=progress bs=4M
sync

Install (on the new server)

  1. Boot the new machine from USB, plug in Ethernet, verify connectivity (ping 8.8.8.8).

  2. Start SSH on the live system so you can paste commands from your Mac:

    sudo systemctl start sshd
sudo passwd nixos
hostname -I   # note the IP

  3. From your Mac, scp your SSH public key and SSH in:

    scp ~/.ssh/id_ed25519_phantom_ship.pub nixos@<IP>:/tmp/key.pub
ssh nixos@<IP>

  4. Run the bootstrap (one command):

    curl -sL https://raw.githubusercontent.com/DannyDannyDanny/dotfiles/main/scripts/bootstrap-install.sh | \
  INSTALLER_HOSTNAME=phantom-ship SSH_PUBKEY_FILE=/tmp/key.pub sudo -E bash

    This will prompt for: target disk, optional danny password, confirmation, and LUKS passphrase (twice: once for disko, once for post-install provisioning).

    The script automatically:

    • Partitions and encrypts the disk (LUKS + ext4)
    • Installs NixOS with the hostname
    • Clones dotfiles to /etc/dotfiles
    • Installs your SSH public key
    • Generates phantom-ship-hardware.nix

  5. Reboot, remove USB, unlock LUKS.

After first boot

  1. SSH in: ssh danny@phantom-ship
  2. First rebuild to switch from generic server-install to phantom-ship config: 
    cd /etc/dotfiles/nixos && sudo nixos-rebuild switch --flake .#phantom-ship
  3. Commit the generated phantom-ship-hardware.nix back to the repo.

Environment variables

All optional; skip interactive prompts or add automation:

Variable Description
INSTALLER_HOSTNAME Skip hostname prompt
INSTALLER_DISK Skip disk prompt (validated as block device)
SSH_PUBKEY_FILE Path to .pub file; installed to danny's authorized_keys
FLAKE_REF Override flake reference (default: auto-detect from repo)
INSTALLER_SYSTEM_CONFIG_FILE JSON file merged into --system-config (e.g. WiFi config)

Option A: Official NixOS ISO (recommended)

Cannot build the custom ISO on macOS (x86_64-linux only). Use the official NixOS minimal ISO:

  1. Download from nixos.org.
  2. Write to USB from sunken-ship or any Linux box.
  3. Boot, connect Ethernet, run bootstrap.

Option B: Custom ISO (build on Linux only)

Adds WiFi kernel modules for servers that need WiFi on the live system.

Build from sunken-ship

./scripts/build-installer-iso-on-server.sh

Build directly on Linux

cd ~/dotfiles/nixos && nix build .#installer-iso
# Write to USB:
sudo dd if=result/iso/nixos-minimal-*.iso of=/dev/sdX status=progress bs=4M

Live-system WiFi (optional, custom ISO only)

Create nixos/installer-wifi.nix (gitignored):

{
  networking.wireless.enable = true;
  networking.wireless.networks."YourSSID".psk = "your-password";
}

Add to flake's installer-iso modules, rebuild ISO on Linux.

Installed-system WiFi (optional)

Pass a JSON file with wireless config:

sudo INSTALLER_SYSTEM_CONFIG_FILE=/path/to/wifi.json INSTALLER_HOSTNAME=my-server ./scripts/nixos-server-install.sh

Manual install (without the script)

sudo nix run github:nix-community/disko/latest#disko-install -- \
  --flake 'path:/tmp/dotfiles/nixos#server-install' \
  --disk main /dev/sda \
  --system-config '{"networking":{"hostName":"my-server"}}'

Summary

Step Action
Prep Download NixOS minimal ISO on sunken-ship, write to USB
Boot Boot new server from USB, plug Ethernet
Install curl ... | INSTALLER_HOSTNAME=phantom-ship SSH_PUBKEY_FILE=/tmp/key.pub sudo -E bash
Reboot Remove USB, unlock LUKS
First rebuild sudo nixos-rebuild switch --flake /etc/dotfiles/nixos#phantom-ship
Commit Push generated phantom-ship-hardware.nix to repo