nixos-anywhere-example/template/flake.nix

{
  #inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";

  inputs.disko.url = "github:nix-community/disko";
  inputs.disko.inputs.nixpkgs.follows = "nixpkgs";

  inputs.nixos-anywhere.url = "github:numtide/nixos-anywhere";
  inputs.nixos-anywhere.inputs.nixpkgs.follows = "nixpkgs";

  outputs = { self, nixpkgs, disko, nixos-anywhere, ... }@attrs: {
    packages."x86_64-linux".makeDiskImageTest = disko.lib.lib.makeDiskImage {
      nixosConfig = self.nixosConfigurations.mysystem;
    };
    packages."x86_64-linux".makeDiskScriptTest = disko.lib.lib.makeDiskImageScript {
      nixosConfig = self.nixosConfigurations.mysystem;
    };
    nixosConfigurations.mysystem = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      specialArgs = attrs;
      modules = [
        disko.nixosModules.disko

        # Generate hardware configuration on target system and add it here.
        # See README.md for details.
        ./hardware-configs/yodaHP.nix

        # Select disko disk layout configuration.
        #
        # The way we import the luks-btrfs disk layout and pass an argument is not ideal,
        # but keeps this config file shorter. A batter way is to expose options:
        # https://discourse.nixos.org/t/passing-parameters-into-import/34082/4
        #
        #./disk-configs/simple-efi.nix
        #./disk-configs/luks-lvm.nix
        (import ./disk-configs/luks-btrfs.nix {
          # Memory in bytes required to unlock the LUKS partition while booting.
          # The default value is 1 GB (1000000).
          # Set this as high as possible, but leave some buffer (e.g. 500 MB).
          # Example: If you have 4 GB memory, set this to 3500000.
          pbkdf-memory = 4000000;
        })

        # Change device name match your block device.
        # Running `lsblk` on the target machine can help you here.
        # Examples: "/dev/nvme0n1", "/dev/sda", "/dev/vda"
        { disko.devices.disk.disk1.device = "/dev/disk/by-id/nvme-SAMSUNG_MZVLW128HEGR-000H1_S33ZNX0J129742"; }

        # If a disk layout with full disk encryption (FDE) has been selected,
        # optionally enable SSH during boot to remotely unlock the disk.
        ./ssh-fde-unlock.nix

        {
          # The host yodaHP did not boot after installation when using grub.
          #boot.loader.grub = {
          #  # No need to set devices, disko will add all devices that have a EF02 partition to the list already.
          #  # devices = [];
          #  efiSupport = true;
          #  efiInstallAsRemovable = true;
          #};

          # Alternative to grub.
          # This worked with yodaHP host.
          boot.loader.systemd-boot.enable = true;
          boot.loader.efi.canTouchEfiVariables = true;

          services.openssh = {
            enable = true;
            settings.PasswordAuthentication = false;
          };
          users.users.root.openssh.authorizedKeys.keys = [
            (builtins.readFile ./nitrokey.pub)
          ];

          console.keyMap = "de-latin1-nodeadkeys";

          # This version matches the selected nixpkgs.url on top.
          system.stateVersion = "23.11";
        }
      ];
    };
  };
}