From 186c4c8440409917bd6b3b3b4b3cd21585f995fd Mon Sep 17 00:00:00 2001 From: min Date: Sun, 22 Dec 2024 02:33:10 -0500 Subject: [PATCH] Update NixOS hosts docs --- nixos/hosts/README.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/nixos/hosts/README.md b/nixos/hosts/README.md index 782a71b..1acc2ee 100644 --- a/nixos/hosts/README.md +++ b/nixos/hosts/README.md @@ -9,18 +9,18 @@ This directory contains configs for all NixOS hosts. 2. ✩ Boot the [NixOS remote deploy image](https://github.com/nix-community/nixos-images/releases/tag/nixos-24.05) 3. Copy an appropriate config as a base 4. ``` - mkdir tempkeys - ../scripts/make_base_keys.sh - cd .. + ./scripts/make_base_keys.sh NAME_OF_HOST-v1 ``` 5. Create a `secrets/NAME_OF_HOST.yaml` file. -6. Add the AGE key from `make_base_keys.sh` into `.sops.yaml`. Add necessary keys to `secrets/NAME_OF_HOST.yaml`. Make sure that the host's `secrets.nix` uses the proper YAML secrets file. +6. Add the age key from `make_base_keys.sh` into `.sops.yaml`. Add necessary keys to `secrets/NAME_OF_HOST.yaml`. Make sure that the host's `secrets.nix` uses the proper YAML secrets file. 7. Ensure disk partitioning is correct. Make sure to change the target disk in `disk-config.nix`. -8. Generate secure passwords, find their hashes with `mkpasswd -m sha-512`, and put them into the `root-pw` and `user-pw` properties, again ensuring there's no EOLs -9. Customize the config however you want -10. `./scripts/install.sh -c NAME_OF_HOST -k tempkeys root@IP_OF_HOST` -11. Delete the `tempkeys` folder if you're done with it -12. That is about it +8. Generate secure passwords, get their hashes with `mkpasswd -m sha-512`, and put them into the `root-pw` and `user-pw` properties, again ensuring there's no EOLs +9. Generate a nebula cert and key. Put the cert in `nixos/keys/` folder, and the key in the `secrets/NAME_OF_HOST.yaml` file. +10. Configure internal IP in `prometheus.nix`, and then add the host into `silver`'s `scrapeConfig` +11. Customize the config however you want +12. `./scripts/install.sh -c NAME_OF_HOST -k NAME_OF_HOST-v1/ root@IP_OF_HOST` +13. Delete the `NAME_OF_HOST-v1` folder if you're done with it +14. That is about it ## Deploying changes remotely