wip new iso installer and onboarding instructions

2025-11-24 22:20:26 -06:00 · 2025-11-24 22:20:26 -06:00 · 60f94c752d
commit 60f94c752d
parent 1927da563a
6 changed files with 1094 additions and 128 deletions
--- a/utilities/nixos-installers/onboard.nix
+++ b/utilities/nixos-installers/onboard.nix
@ -0,0 +1,80 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+{
+  options.onboardOpts = {
+    hostName = lib.mkOption {
+      type = lib.types.str;
+      description = "Name of this machine/host";
+    };
+    primaryUser = lib.mkOption {
+      type = lib.types.str;
+      description = "Name of the user for this machine";
+      default = "luser";
+    };
+  };
+  config = {
+    networking.hostName = config.onboardOpts.hostName;
+    networking.networkmanager.enable = true;
+
+    services.openssh.enable = true;
+    networking.firewall.allowedTCPPorts = [ 22 ];
+
+    # Nix options
+    nix.settings.experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+
+    environment.systemPackages = with pkgs; [
+      vim
+      curl
+      git
+      sudo
+      fastfetch
+    ];
+
+    # Auto timezone
+    time.timeZone = null;
+    services.automatic-timezoned.enable = true;
+
+    users.users."${config.onboardOpts.primaryUser}" = {
+      initialHashedPassword = "$y$j9T$b8Fva/LoKIDdG/G2oHYG3.$D49NQrr5lJQnA5Bq2Wx9wEW1mU53W5Hvudw1K984gu6";
+      isNormalUser = true;
+      extraGroups = [
+        "wheel"
+        "networkmanager"
+        "video"
+        "input"
+      ];
+    };
+
+    # Ensure SSH key pair generation for non-root users
+    systemd.services.generate_ssh_key = {
+      description = "Generate SSH key pair for ${config.onboardOpts.primaryUser}";
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        User = "${config.onboardOpts.primaryUser}";
+        Type = "oneshot";
+      };
+      script = ''
+        #!/run/current-system/sw/bin/bash
+        if [ ! -f /home/${config.onboardOpts.primaryUser}/.ssh/id_ed25519 ]; then
+          if [ -v DRY_RUN ]; then
+            echo "DRY_RUN is set. Would generate SSH key for ${config.onboardOpts.primaryUser}."
+          else
+            echo "Generating SSH key for ${config.onboardOpts.primaryUser}."
+            mkdir -p /home/${config.onboardOpts.primaryUser}/.ssh
+            chmod 700 /home/${config.onboardOpts.primaryUser}/.ssh
+            /run/current-system/sw/bin/ssh-keygen -t ed25519 -f /home/${config.onboardOpts.primaryUser}/.ssh/id_ed25519 -N ""
+          fi
+        else
+          echo "SSH key already exists for ${config.onboardOpts.primaryUser}."
+        fi
+      '';
+    };
+  };
+}