infra/nixos/hosts/README.md

NixOS Hosts

This directory contains configs for all NixOS hosts.

Installing a new machine

✩ = on target machine, everything else is on your own device

1. ✩ If SB is desired, set a UEFI password and set Secure Boot to "Setup Mode". (This may be done by clearing Secure Boot keys on some boards)
2. ✩ Boot the NixOS remote deploy image
3. Copy an appropriate config as a base

4. mkdir tempkeys
   ../scripts/make_base_keys.sh
   cd ..
   

5. Create a secrets/NAME_OF_HOST.yaml file.
6. Add the AGE key from make_base_keys.sh into .sops.yaml. Add necessary keys to secrets/NAME_OF_HOST.yaml. Make sure that the host's secrets.nix uses the proper YAML secrets file.
7. Ensure disk partitioning is correct. Make sure to change the rootfs disk in disk-config.nix.
8. Generate secure passwords, find their hashes with mkpasswd -m sha-512, and put them into the root-pw and user-pw properties of your , again ensuring there's no EOLs
9. Customize the config however you want
10. ./scripts/install.sh -c NAME_OF_HOST -k tempkeys root@IP_OF_HOST
11. Delete the tempkeys folder if you're done with it
12. That is about it

Deploying changes remotely

1. Make your changes
2. nix flake check
3. Commit them to Git
4. deploy, or if you're making breaking network changes where it's necessary, deploy --magic-rollback false
5. Hopefully they work! I have not worked out a way to do a manual rollback remotely yet