This was essentiall an OS wipe, adding root authorized keys, then
running nix-anywhere out of the main flake. Saves a bunch of steps which
is really nice.
I removed the data disk from the disko config in the hopes it would
solve a problem that looked like:
### Installing NixOS ###
Pseudo-terminal will not be allocated because stdin is not a terminal.
Warning: Permanently added 'nocix-amd-legacy-sexcore.gleipnir.technology' (ED25519) to the list of known hosts.
installing the boot loader...
mkdir: cannot create directory ‘/mnt/sys’: Structure needs cleaning
This was a huge hassle. I really wanted to see it working under a
non-root user since it writes files, but that ended up being impossible
because of several bugs in podman's rootless integration with NixOS.
I've kept pieces of the logic around and commented out in case I can fix
it in the future as it would be more secure.
I also tried to connect to Postgres over the unix domain socket, but the
problem here is that the container is built to run as root and I'd need
to do some elaborate mapping of the root user inside the container, the
non-root user outside the container, and the Postgres auth scheme.
This would be great stuff to sort out, but I'm out of time now to work
on it.
