From 822763abe48b70741425b5b67ca960c6975353b0 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Fri, 21 Feb 2025 20:25:39 +0100
Subject: [PATCH 1/4] hosts/_iso: Allow clerie to log in to root directly with
 SSH keys

---
 hosts/_iso/configuration.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hosts/_iso/configuration.nix b/hosts/_iso/configuration.nix
index fadf700..d971c32 100644
--- a/hosts/_iso/configuration.nix
+++ b/hosts/_iso/configuration.nix
@@ -1,4 +1,4 @@
-{ pkgs, lib, modulesPath, ... }:
+{ pkgs, lib, modulesPath, config, ... }:
 
 {
   imports = [
@@ -18,6 +18,9 @@
     nixfiles-auto-install
   ];
 
+  # Allow user clerie to log in as root directly with ssh keys
+  users.users.root.openssh.authorizedKeys.keys = config.users.users.clerie.openssh.authorizedKeys.keys;
+
   services.openssh.settings = {
     PermitRootLogin = lib.mkForce "yes";
   };

From 427820aa37e229b14e3df22e9e5d0e038b426c2f Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Fri, 21 Feb 2025 20:26:02 +0100
Subject: [PATCH 2/4] hosts/tungsten: Init host

---
 flake.nix                                 |  1 +
 hosts/tungsten/configuration.nix          | 24 ++++++++++++++
 hosts/tungsten/hardware-configuration.nix | 39 +++++++++++++++++++++++
 3 files changed, 64 insertions(+)
 create mode 100644 hosts/tungsten/configuration.nix
 create mode 100644 hosts/tungsten/hardware-configuration.nix

diff --git a/flake.nix b/flake.nix
index aaae56e..936ba9f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -104,6 +104,7 @@
       palladium = {};
       porter = {};
       storage-2 = {};
+      tungsten = {};
       web-2 = {};
       zinc = {
         modules = [
diff --git a/hosts/tungsten/configuration.nix b/hosts/tungsten/configuration.nix
new file mode 100644
index 0000000..94564da
--- /dev/null
+++ b/hosts/tungsten/configuration.nix
@@ -0,0 +1,24 @@
+{ config, pkgs, lib, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+    ];
+
+  boot.kernelParams = [ "console=ttyS0,115200n8" ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/disk/by-id/ata-InnoDisk_Corp._DRPS-08GJ30AC1QS-A88_20120705AAB200000505";
+  boot.loader.grub.extraConfig = "
+    serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1
+    terminal_input serial
+    terminal_output serial
+  ";
+
+
+  networking.hostName = "tungsten";
+
+  system.stateVersion = "25.05";
+}
+
diff --git a/hosts/tungsten/hardware-configuration.nix b/hosts/tungsten/hardware-configuration.nix
new file mode 100644
index 0000000..ccf37e5
--- /dev/null
+++ b/hosts/tungsten/hardware-configuration.nix
@@ -0,0 +1,39 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "ohci_pci" "ehci_pci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/7ed9e29c-d771-49a1-ae8a-8894f347c648";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/95122f15-5621-457c-972c-c057ca416212";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/02a2afe4-ee00-4d3d-884a-e195b9814bfd";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

From 99c82a2898c894aa49a21f0f5bd6f6ff66987b98 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Fri, 21 Feb 2025 20:33:01 +0100
Subject: [PATCH 3/4] pkgs/clerie-system-remote-install: Install NixOS system
 remotely without evaluating anything on remote

---
 flake.nix                                     |  1 +
 .../clerie-system-remote-install.sh           | 31 +++++++++++++++++++
 pkgs/clerie-system-remote-install/default.nix |  6 ++++
 pkgs/overlay.nix                              |  1 +
 4 files changed, 39 insertions(+)
 create mode 100755 pkgs/clerie-system-remote-install/clerie-system-remote-install.sh
 create mode 100644 pkgs/clerie-system-remote-install/default.nix

diff --git a/flake.nix b/flake.nix
index 936ba9f..c385647 100644
--- a/flake.nix
+++ b/flake.nix
@@ -135,6 +135,7 @@
       inherit (pkgs)
         clerie-backup
         clerie-keys
+        clerie-system-remote-install
         clerie-system-upgrade
         clerie-merge-nixfiles-update
         clerie-update-nixfiles
diff --git a/pkgs/clerie-system-remote-install/clerie-system-remote-install.sh b/pkgs/clerie-system-remote-install/clerie-system-remote-install.sh
new file mode 100755
index 0000000..293bf40
--- /dev/null
+++ b/pkgs/clerie-system-remote-install/clerie-system-remote-install.sh
@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+set -xeuo pipefail
+
+SYSTEM="$1"
+REMOTE_HOST="$2"
+REMOTE_ROOT="$3"
+
+nix copy "${SYSTEM}" --to "ssh://${REMOTE_HOST}?remote-store=${REMOTE_ROOT}"
+
+ssh "${REMOTE_HOST}" -- nix-env --store "${REMOTE_ROOT}" -p "${REMOTE_ROOT}/nix/var/nix/profiles/system" --set "${SYSTEM}"
+
+ssh "${REMOTE_HOST}" -- mkdir -p "${REMOTE_ROOT}/tmp"
+TMPSH="$(ssh "${REMOTE_HOST}" -- mktemp -p "${REMOTE_ROOT}/tmp")"
+
+# shellcheck disable=SC2087
+ssh "${REMOTE_HOST}" -- tee "${TMPSH}" <<EOF
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+nix-env --store "${REMOTE_ROOT}" -p "${REMOTE_ROOT}/nix/var/nix/profiles/system" --set "${SYSTEM}"
+mkdir -m 0775 -p "${REMOTE_ROOT}/etc"
+touch "${REMOTE_ROOT}/etc/NIXOS"
+
+ln -sfn /proc/mounts "${REMOTE_ROOT}/etc/mtab"
+
+NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "${REMOTE_ROOT}" -c "/run/current-system/bin/switch-to-configuration boot"
+EOF
+
+ssh "${REMOTE_HOST}" -- bash "${TMPSH}"
diff --git a/pkgs/clerie-system-remote-install/default.nix b/pkgs/clerie-system-remote-install/default.nix
new file mode 100644
index 0000000..142c2a3
--- /dev/null
+++ b/pkgs/clerie-system-remote-install/default.nix
@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+
+pkgs.writeShellApplication {
+  name = "clerie-system-remote-install";
+  text = builtins.readFile ./clerie-system-remote-install.sh;
+}
diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix
index b6db58e..e478135 100644
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@@ -1,6 +1,7 @@
 final: prev: {
   clerie-backup = final.callPackage ./clerie-backup {};
   clerie-keys = final.callPackage ./clerie-keys {};
+  clerie-system-remote-install = final.callPackage ./clerie-system-remote-install {};
   clerie-system-upgrade = final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {};
   clerie-merge-nixfiles-update = final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {};
   clerie-sops = final.callPackage ./clerie-sops/clerie-sops.nix {};

From 07b0f7074719d8af3405d81180da20243c878255 Mon Sep 17 00:00:00 2001
From: Flake Update Bot <flake-update-bot@clerie.de>
Date: Sat, 22 Feb 2025 03:03:06 +0100
Subject: [PATCH 4/4] Update nixpkgs 2025-02-22-02-03

---
 flake.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/flake.lock b/flake.lock
index 0e796b1..257c57e 100644
--- a/flake.lock
+++ b/flake.lock
@@ -542,11 +542,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1736701207,
-        "narHash": "sha256-jG/+MvjVY7SlTakzZ2fJ5dC3V1PrKKrUEOEE30jrOKA=",
+        "lastModified": 1739866667,
+        "narHash": "sha256-EO1ygNKZlsAC9avfcwHkKGMsmipUk1Uc0TbrEZpkn64=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ed4a395ea001367c1f13d34b1e01aa10290f67d6",
+        "rev": "73cf49b8ad837ade2de76f87eb53fc85ed5d4680",
         "type": "github"
       },
       "original": {