From f04c924547152451d373c803959d8e0fc80c514b Mon Sep 17 00:00:00 2001
From: goeranh <goeranh@goeranh.de>
Date: Fri, 13 Feb 2026 17:54:17 +0100
Subject: [PATCH] configure sshkey and update scripts

---
 flake.nix | 72 +++++++++++++++++++++++++++++++++++++------------------
 1 file changed, 49 insertions(+), 23 deletions(-)

diff --git a/flake.nix b/flake.nix
index 8f385d0..aa42bb1 100644
--- a/flake.nix
+++ b/flake.nix
@@ -29,6 +29,12 @@
       disko,
       sops,
     }:
+    let
+      sshkeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINABEf0jBjtDdezDDtvl1v27l0DbHP2XUgMARTZXC+MR goeranh@node5"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmYHNdtPmQqvNINEWJgqEojrye+wQKr0S0VwlGv7xUa goeranh@node7"
+      ];
+    in 
     rec {
       formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
       packages.x86_64-linux =
@@ -37,31 +43,25 @@
             result: name:
             result
             // {
-              "${name}-iso" = (nixosConfigurations."${name}".extendModules {
-                modules = [
-                  "${nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix"
-                  {
-                    users.users.administration.password = "test";
-                    users.users.root.password = "test";
-                  }
-                ];
-              }).config.system.build.isoImage;
-              "${name}-container" = (nixosConfigurations."${name}".extendModules {
-                modules = [
-                  "${nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
-                  {
-                    networking.defaultGateway.interface = "enp1s0";
-                  }
-                ];
-              }).config.system.build.tarball;
+              # run nixos-rebuild switch on the target system
+              # the config will be built locally and copied over
               "${name}-update" = nixpkgs.legacyPackages.x86_64-linux.writeShellScriptBin "update" ''
               nixos-rebuild switch --flake .#${name} --target-host root@${name}.test.htw.stura-dresden.de
               '';
+
+              # copy install image to testserver and deploy the specified configuration to it
               "${name}-deploy-test" = nixpkgs.legacyPackages.x86_64-linux.writeShellScriptBin "deploy" ''
-              FILENAME="$(ls ${self.packages.x86_64-linux."${name}-iso".outPath}/iso)"
-              scp ${self.packages.x86_64-linux."${name}-iso".outPath}/iso/$FILENAME root@10.1.0.17:/var/lib/vz/template/iso/$FILENAME
-              ssh 10.1.0.17 "qm create $1 --cores 4 --memory 4096 --sata1 file=/var/lib/vz/template/iso/$FILENAME,media=cdrom --scsi1 pool1:32 --scsihw virtio-scsi-single --net0 virtio,bridge=vmbr1 --description \"von goeranh mailserver flake genierierte wegwerf-vm\""
+              FILENAME="$(ls ${self.packages.x86_64-linux."installer-iso".outPath}/iso)"
+              scp ${self.packages.x86_64-linux."installer-iso".outPath}/iso/$FILENAME root@10.1.0.17:/var/lib/vz/template/iso/$FILENAME
+              ssh 10.1.0.17 "qm create $1 --name ${nixosConfigurations.${name}.config.networking.fqdn} --cores 4 --memory 4096 --sata1 file=/var/lib/vz/template/iso/$FILENAME,media=cdrom --scsi1 pool1:32 --scsihw virtio-scsi-single --net0 virtio,bridge=vmbr1 --description \"von goeranh mailserver flake genierierte wegwerf-vm <br> ${nixosConfigurations.${name}.config.networking.fqdn}\""
               ssh 10.1.0.17 "qm start $1"
+
+              # hardcoded deployment ip
+              # wait until a connection to port 22 on the deployment ip is reachable
+              until nc -vzw 2 141.56.51.98 22 2>/dev/null; do echo trying; sleep 2; done
+
+              # run nixos-anywhere on the deployment address with the specified configuration
+              nix run github:nix-community/nixos-anywhere -- --flake .#${name} --target-host root@141.56.51.98
               '';
 
             }
@@ -71,9 +71,35 @@
             builtins.filter (item: !nixpkgs.lib.hasInfix "-" item) (
               builtins.attrNames nixosConfigurations
             )
-          );# // builtins.foldl' ( result: name: result // {
-          #  "${name}test" = "safd";
-          #}) {} (builtins.filter(name: nixpkgs.lib.hasInfix "-")(builtins.attrNames nixosConfigurations));
+          ) // 
+          (let
+            iso-config = nixpkgs.lib.nixosSystem {
+              system = "x86_64-linux";
+              modules = [
+                "${nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix"
+                {
+                  users.users.administration = {
+                    password = "test";
+                    isNormalUser = true;
+                  };
+                  users.users.root.openssh.authorizedKeys.keys = sshkeys;
+                  networking.interfaces.ens18.ipv4.addresses = [{
+                    address = "141.56.51.98";
+                    prefixLength = 24;
+                  }];
+                  services.getty.autologinUser = "root";
+                  services.openssh.enable = true;
+                  system.stateVersion = "25.11";
+                  networking.dhcpcd.enable = nixpkgs.lib.mkForce false;
+                  networking.defaultGateway.address = "141.56.51.254";
+                  networking.nameservers = [ "9.9.9.9" ];
+                }
+              ];
+            };
+          in {
+            installer-iso = iso-config.config.system.build.isoImage;
+            installer-vm = iso-config.config.system.build.vm;
+          });
 
       nixosConfigurations = builtins.foldl' (
         result: input: