infra/nixos/hosts/README.md

# NixOS Hosts

This directory contains configs for all NixOS hosts.

## Installing a new machine

✩ = on target machine, everything else is on your own device
1. ✩ If SB is desired, set a UEFI password and set Secure Boot to "Setup Mode". (This may be done by clearing Secure Boot keys on some boards)
2. ✩ Boot the [NixOS remote deploy image](https://github.com/nix-community/nixos-images/releases/tag/nixos-24.05)
3. Copy an appropriate config as a base
4. ```
   ./scripts/make_base_keys.sh NAME_OF_HOST-v1
   ```
5. Create a `secrets/NAME_OF_HOST.yaml` file.
6. Add the age key from `make_base_keys.sh` into `.sops.yaml`. Add necessary keys to `secrets/NAME_OF_HOST.yaml`. Make sure that the host's `secrets.nix` uses the proper YAML secrets file.
7. Ensure disk partitioning is correct. Make sure to change the target disk in `disk-config.nix`.
8. Generate secure passwords, get their hashes with `mkpasswd -m sha-512`, and put them into the `root-pw` and `user-pw` properties, again ensuring there's no EOLs
9. Generate a nebula cert and key. Put the cert in `nixos/keys/` folder, and the key in the `secrets/NAME_OF_HOST.yaml` file.
10. Configure internal IP in `prometheus.nix`, and then add the host into `silver`'s `scrapeConfig`
11. Customize the config however you want
12. `./scripts/install.sh -c NAME_OF_HOST -k NAME_OF_HOST-v1/ root@IP_OF_HOST`
13. Delete the `NAME_OF_HOST-v1` folder if you're done with it
14. That is about it

## Deploying changes remotely

1. Make your changes
2. `nix flake check`
3. `deploy`, or if you're making breaking network changes where it's necessary, `deploy --magic-rollback false`
4. Commit to Git if everything works
Initial commit 2024-10-13 15:16:39 -05:00			`# NixOS Hosts`

			`This directory contains configs for all NixOS hosts.`

			`## Installing a new machine`

			`✩ = on target machine, everything else is on your own device`
			`1. ✩ If SB is desired, set a UEFI password and set Secure Boot to "Setup Mode". (This may be done by clearing Secure Boot keys on some boards)`
			`2. ✩ Boot the [NixOS remote deploy image](https://github.com/nix-community/nixos-images/releases/tag/nixos-24.05)`
			`3. Copy an appropriate config as a base`
			4. ```
Update NixOS hosts docs 2024-12-22 01:33:10 -06:00			`./scripts/make_base_keys.sh NAME_OF_HOST-v1`
Initial commit 2024-10-13 15:16:39 -05:00			```
			5. Create a `secrets/NAME_OF_HOST.yaml` file.
Update NixOS hosts docs 2024-12-22 01:33:10 -06:00			6. Add the age key from `make_base_keys.sh` into `.sops.yaml`. Add necessary keys to `secrets/NAME_OF_HOST.yaml`. Make sure that the host's `secrets.nix` uses the proper YAML secrets file.
Fix typos 2024-10-13 15:24:28 -05:00			7. Ensure disk partitioning is correct. Make sure to change the target disk in `disk-config.nix`.
Update NixOS hosts docs 2024-12-22 01:33:10 -06:00			8. Generate secure passwords, get their hashes with `mkpasswd -m sha-512`, and put them into the `root-pw` and `user-pw` properties, again ensuring there's no EOLs
			9. Generate a nebula cert and key. Put the cert in `nixos/keys/` folder, and the key in the `secrets/NAME_OF_HOST.yaml` file.
			10. Configure internal IP in `prometheus.nix`, and then add the host into `silver`'s `scrapeConfig`
			`11. Customize the config however you want`
			12. `./scripts/install.sh -c NAME_OF_HOST -k NAME_OF_HOST-v1/ root@IP_OF_HOST`
			13. Delete the `NAME_OF_HOST-v1` folder if you're done with it
			`14. That is about it`
Initial commit 2024-10-13 15:16:39 -05:00
			`## Deploying changes remotely`

			`1. Make your changes`
			2. `nix flake check`
Doc revision 2024-10-13 15:28:40 -05:00			3. `deploy`, or if you're making breaking network changes where it's necessary, `deploy --magic-rollback false`
			`4. Commit to Git if everything works`