nix: add cc-ci-hetzner host (cpx32, nixos-infect hardware, all root SSH keys)

Port from terraform-hetzner branch. Adds the Hetzner cc-ci flake host with all 3 root authorized keys so nixos-rebuild doesn't lock out SSH access. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-31 03:00:36 +00:00
parent 707752cd14
commit 4237cc03f5
4 changed files with 161 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -39,6 +39,17 @@
        ];
      };

+      # Hetzner Cloud host (cpx32, nbg1). Provisions via `terraform/` + nixos-infect.
+      # Used in parallel with cc-ci (Incus) during transition; becomes canonical after cutover.
+      # See terraform/README.md for the full apply + Stage 2 (nixos-rebuild switch) workflow.
+      nixosConfigurations.cc-ci-hetzner = nixpkgs.lib.nixosSystem {
+        inherit system;
+        modules = [
+          sops-nix.nixosModules.sops
+          ./nix/hosts/cc-ci-hetzner/configuration.nix
+        ];
+      };
+
      devShells.${system} = {
        # Devshell for working on the harness/bridge locally (tools + lint toolchain).
        default = pkgs.mkShell {