32 lines
1.5 KiB
Markdown
32 lines
1.5 KiB
Markdown
# NixOS Hosts
|
|
|
|
This directory contains configs for all NixOS hosts.
|
|
|
|
## Installing a new machine
|
|
|
|
✩ = on target machine, everything else is on your own device
|
|
1. ✩ If SB is desired, set a UEFI password and set Secure Boot to "Setup Mode". (This may be done by clearing Secure Boot keys on some boards)
|
|
2. ✩ Boot the [NixOS remote deploy image](https://github.com/nix-community/nixos-images/releases/tag/nixos-24.05)
|
|
3. Copy an appropriate config as a base
|
|
4. ```
|
|
mkdir tempkeys
|
|
../scripts/make_base_keys.sh
|
|
cd ..
|
|
```
|
|
5. Create a `secrets/NAME_OF_HOST.yaml` file.
|
|
6. Add the AGE key from `make_base_keys.sh` into `.sops.yaml`. Add necessary keys to `secrets/NAME_OF_HOST.yaml`. Make sure that the host's `secrets.nix` uses the proper YAML secrets file.
|
|
7. Ensure disk partitioning is correct. Make sure to change the target disk in `disk-config.nix`.
|
|
8. Generate secure passwords, find their hashes with `mkpasswd -m sha-512`, and put them into the `root-pw` and `user-pw` properties, again ensuring there's no EOLs
|
|
9. Customize the config however you want
|
|
10. `./scripts/install.sh -c NAME_OF_HOST -k tempkeys root@IP_OF_HOST`
|
|
11. Delete the `tempkeys` folder if you're done with it
|
|
12. That is about it
|
|
|
|
## Deploying changes remotely
|
|
|
|
1. Make your changes
|
|
2. `nix flake check`
|
|
3. Commit them to Git
|
|
4. `deploy`, or if you're making breaking network changes where it's necessary, `deploy --magic-rollback false`
|
|
5. Hopefully they work! I have not worked out a way to do a manual rollback remotely yet
|