From a4f8a11bd1fd8863a4019d1f81d4312a04dbe22f Mon Sep 17 00:00:00 2001
From: Daniel Flanagan <daniel@lyte.dev>
Date: Thu, 20 Feb 2025 12:24:40 -0600
Subject: [PATCH] feat: add installer

---
 lib/disko/default.nix               | 15 ++++++++++
 packages/default.nix                |  2 ++
 packages/hosts/generic-headless.nix | 45 ++++-------------------------
 packages/hosts/generic.nix          | 30 +++++++++++++++++++
 packages/installer.nix              | 40 +++++++++++++++++++++++++
 5 files changed, 93 insertions(+), 39 deletions(-)
 create mode 100644 packages/hosts/generic.nix
 create mode 100644 packages/installer.nix

diff --git a/lib/disko/default.nix b/lib/disko/default.nix
index 20e2259..75c45be 100644
--- a/lib/disko/default.nix
+++ b/lib/disko/default.nix
@@ -117,6 +117,21 @@ rec {
     };
   };
 
+  standardEncrypted =
+    {
+      disk,
+      espSize ? "4G",
+      ...
+    }:
+    standard {
+      inherit disk;
+      esp = {
+        label = "ESP";
+        size = espSize;
+        name = "ESP";
+      };
+    };
+
   standard =
     {
       esp ? {
diff --git a/packages/default.nix b/packages/default.nix
index 150686f..b663a5c 100644
--- a/packages/default.nix
+++ b/packages/default.nix
@@ -8,4 +8,6 @@ in
   iosevkaLyteTermSubset = pkgs.callPackage ./iosevkaLyteTermSubset.nix {
     inherit iosevkaLyteTerm;
   };
+
+  installer = pkgs.callPackage ./installer.nix { };
 }
diff --git a/packages/hosts/generic-headless.nix b/packages/hosts/generic-headless.nix
index 33bdcc5..7c9e3d2 100644
--- a/packages/hosts/generic-headless.nix
+++ b/packages/hosts/generic-headless.nix
@@ -1,48 +1,15 @@
+{ ... }:
 {
-  hardware,
-  config,
-  ...
-}:
-{
-  system.stateVersion = "24.05";
+  system.stateVersion = "24.11";
   networking.hostName = "lyte-generic-headless";
 
-  boot.initrd.availableKernelModules = [
-    "xhci_pci"
-    "ahci"
-    "ehci_pci"
-    "usbhid"
-    "uas"
-    "sd_mod"
-  ];
-
-  imports = with hardware; [
-    common-cpu-amd
-    common-pc-ssd
-  ];
-
-  users.groups.beefcake = { };
-  users.users = {
-    beefcake = {
-      isSystemUser = true;
-      createHome = true;
-      home = "/storage/backups/beefcake";
-      group = "beefcake";
-      extraGroups = [ "sftponly" ];
-      openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys ++ [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7HrojwoyHED+A/FzRjYmIL0hzofwBd9IYHH6yV0oPO root@beefcake"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOEI82VdbyR1RYqSnFtlffHBtHFdXO0v9RmQH7GkfXo restic@beefcake"
-      ];
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
     };
   };
 
-  services.openssh.extraConfig = ''
-    Match Group sftponly
-      ChrootDirectory /storage/backups/%u
-      ForceCommand internal-sftp
-      AllowTcpForwarding no
-  '';
-
   networking = {
     wifi.enable = true;
     firewall = {
diff --git a/packages/hosts/generic.nix b/packages/hosts/generic.nix
new file mode 100644
index 0000000..878d196
--- /dev/null
+++ b/packages/hosts/generic.nix
@@ -0,0 +1,30 @@
+{ ... }:
+{
+  system.stateVersion = "24.11";
+  networking.hostName = "lyte-generic-headless";
+
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+  };
+
+  networking = {
+    wifi.enable = true;
+    firewall = {
+      enable = true;
+      allowPing = true;
+      allowedTCPPorts = [ 22 ];
+    };
+  };
+
+  hardware.bluetooth.enable = true;
+
+  programs.steam.enable = true;
+  lyte.desktop.enable = true;
+  home-manager.users.daniel = {
+    lyte.shell.enable = true;
+    lyte.shell.desktop = true;
+  };
+}
diff --git a/packages/installer.nix b/packages/installer.nix
new file mode 100644
index 0000000..3ffb1e8
--- /dev/null
+++ b/packages/installer.nix
@@ -0,0 +1,40 @@
+{
+  pkgs,
+  ...
+}:
+pkgs.writeShellApplication {
+  name = "suspend-flink-job";
+  runtimeInputs = with pkgs; [
+    fzf
+    jq
+    gawk
+  ];
+  text = ''
+    read -s -r -p 'Disk Encryption Password:' pass1
+    echo
+    read -s -r -p 'Disk Encryption Password (Again):' pass2
+    echo
+    if ! [[ $pass1 = "$pass2" ]]; then
+      echo "error: disk encryption passwords did not match!"
+      exit 1
+    fi
+    nixos_host="$(nix eval --json git+https://git.lyte.dev/lytedev/nix#nixosConfigurations --apply 'builtins.attrNames' | jq -r .[] | fzf --prompt 'Select NixOS configuration')"
+    partition_scheme="$(nix eval --json git+https://git.lyte.dev/lytedev/nix#diskoConfigurations --apply 'builtins.attrNames' | jq -r .[] | fzf --prompt 'Select disk partition scheme (must match NixOS configuration!)')"
+    disk_path="/dev/$(lsblk -d --raw | tail -n +2 | fzf --prompt 'Select local disk device' | awk '{print $1}')"
+    disk_pass="$(echo "$pass1" | tr -d "\n")"
+
+    nix-shell --packages git --run "sudo nix run \
+      --extra-experimental-features nix-command \
+      --extra-experimental-features flakes \
+      github:nix-community/disko -- \
+        --flake 'git+https://git.lyte.dev/lytedev/nix#$partition_scheme' \
+        --mode disko \
+        --arg disk '$disk_path'"
+
+    nix-shell --packages git \
+      --run "sudo nixos-install \
+        --no-write-lock-file \
+        --flake 'git+https://git.lyte.dev/lytedev/nix#$nixos_host' \
+        --option trusted-substituters 'https://cache.nixos.org https://nix.h.lyte.dev' \
+        --option trusted-public-keys 'cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= h.lyte.dev-2:te9xK/GcWPA/5aXav8+e5RHImKYMug8hIIbhHsKPN0M='"  '';
+}