infra/nixos/hosts/README.md

1.4 KiB

NixOS Hosts

This directory contains configs for all NixOS hosts.

Installing a new machine

✩ = on target machine, everything else is on your own device

  1. ✩ If SB is desired, set a UEFI password and set Secure Boot to "Setup Mode". (This may be done by clearing Secure Boot keys on some boards)
  2. ✩ Boot the NixOS remote deploy image
  3. Copy an appropriate config as a base
  4. mkdir tempkeys
    ../scripts/make_base_keys.sh
    cd ..
    
  5. Create a secrets/NAME_OF_HOST.yaml file.
  6. Add the AGE key from make_base_keys.sh into .sops.yaml. Add necessary keys to secrets/NAME_OF_HOST.yaml. Make sure that the host's secrets.nix uses the proper YAML secrets file.
  7. Ensure disk partitioning is correct. Make sure to change the target disk in disk-config.nix.
  8. Generate secure passwords, find their hashes with mkpasswd -m sha-512, and put them into the root-pw and user-pw properties, again ensuring there's no EOLs
  9. Customize the config however you want
  10. ./scripts/install.sh -c NAME_OF_HOST -k tempkeys root@IP_OF_HOST
  11. Delete the tempkeys folder if you're done with it
  12. That is about it

Deploying changes remotely

  1. Make your changes
  2. nix flake check
  3. deploy, or if you're making breaking network changes where it's necessary, deploy --magic-rollback false
  4. Commit to Git if everything works