Add a host for testing i_only_boot_zfs.

nix/configuration/roles/base/default.nix

@@ -49,7 +49,6 @@ in
       nix-tree
       libarchive # bsdtar
       lsof
-      doas-sudo-shim # To support --sudo for remote builds
       dmidecode # Read SMBIOS information.
       ipcalc
       gptfdisk # for cgdisk

nix/configuration/roles/boot/default.nix

@@ -33,6 +33,7 @@
           # cp /sys/kernel/security/tpm0/binary_bios_measurements eventlog
           # tpm2_eventlog eventlog | grep "BOOT_SERVICES_DRIVER"
           sbctl # For debugging and troubleshooting Secure Boot.
+          efibootmgr # To set EFI boot order.
         ];
       }
       (lib.mkIf (!config.me.buildingPortable) {

nix/configuration/roles/disko/default.nix

@@ -19,18 +19,18 @@ let
     in
     lib.unique (lib.flatten (collector self));
   dependencies = [
-    this_nixos_config.config.system.build.toplevel
-    this_nixos_config.config.system.build.diskoScript
-    # this_nixos_config.config.system.build.diskoScript.drvPath
     this_nixos_config.pkgs.stdenv.drvPath
+    (this_nixos_config.pkgs.closureInfo { rootPaths = [ ]; }).drvPath
 
     # https://github.com/NixOS/nixpkgs/blob/f2fd33a198a58c4f3d53213f01432e4d88474956/nixos/modules/system/activation/top-level.nix#L342
     this_nixos_config.pkgs.perlPackages.ConfigIniFiles
     this_nixos_config.pkgs.perlPackages.FileSlurp
 
-    (this_nixos_config.pkgs.closureInfo { rootPaths = [ ]; }).drvPath
+    this_nixos_config.config.system.build.toplevel
+    this_nixos_config.config.system.build.diskoScript
   ]
-  ++ flakeOutPaths;
+  ++ builtins.map (i: i.outPath) (builtins.attrValues self.inputs);
+  # ++ flakeOutPaths;
   closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
 in
 {
@@ -64,7 +64,9 @@ in
           (pkgs.writeShellScriptBin "install-nixos-unattended" ''
             set -xeuo pipefail
             IFS=$'\n\t'
-            exec ${pkgs.disko}/bin/disko-install --flake '${self}#${config.networking.hostName}' --disk main '/dev/nvme0n1'
+            # exec ${pkgs.disko}/bin/disko-install --flake '${self}#${config.networking.hostName}' --disk main '/dev/nvme0n1' --write-efi-boot-entries
+            ${pkgs.disko}/bin/disko --mode destroy,format,mount '${self}/hosts/${config.networking.hostName}/disk-config.nix'
+            ${pkgs.nixos-install}/bin/nixos-install --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --no-channel-copy --no-root-password --flake '${self}#${config.networking.hostName}'
           '')
         ];
 

nix/configuration/roles/doas/default.nix

@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  pkgs,
   ...
 }:
 
@@ -28,5 +29,8 @@
         persist = true; # Only ask for a password the first time.
       }
     ];
+    environment.systemPackages = with pkgs; [
+      doas-sudo-shim # To support --sudo for remote builds
+    ];
   };
 }

nix/configuration/roles/dont_use_substituters/default.nix

@@ -0,0 +1,28 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    dont_use_substituters.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install dont_use_substituters.";
+    };
+  };
+
+  config = lib.mkIf config.me.dont_use_substituters.enable {
+    # Disable substituters to avoid risk of cache poisoning.
+    nix.extraOptions = ''
+      substitute = false
+    '';
+
+    nix.settings.substituters = lib.mkForce [ ];
+  };
+}

nix/configuration/roles/minimal_base/default.nix

@@ -27,5 +27,7 @@
     me.zfs.enable = true;
     me.zrepl.enable = true;
     me.zsh.enable = true;
+
+    # TODO: Maybe add me.boot.enable ?
   };
 }

nix/configuration/roles/ssh/files/ssh_config

@@ -34,7 +34,7 @@ Host hydra
   ProxyJump talexander@mrmanager
   HostName 10.215.1.219
 
-Host ionlybootzfs
+Host i_only_boot_zfs
   HostName 127.0.0.1
   Port 60022