minish e71a9620ff | ||
---|---|---|
.. | ||
eidola | ||
silver | ||
README.md | ||
default.nix |
README.md
NixOS Hosts
This directory contains configs for all NixOS hosts.
Installing a new machine
✩ = on target machine, everything else is on your own device
- ✩ If SB is desired, set a UEFI password and set Secure Boot to "Setup Mode". (This may be done by clearing Secure Boot keys on some boards)
- ✩ Boot the NixOS remote deploy image
- Copy an appropriate config as a base
-
mkdir tempkeys ../scripts/make_base_keys.sh cd ..
- Create a
secrets/NAME_OF_HOST.yaml
file. - Add the AGE key from
make_base_keys.sh
into.sops.yaml
. Add necessary keys tosecrets/NAME_OF_HOST.yaml
. Make sure that the host'ssecrets.nix
uses the proper YAML secrets file. - Ensure disk partitioning is correct. Make sure to change the target disk in
disk-config.nix
. - Generate secure passwords, find their hashes with
mkpasswd -m sha-512
, and put them into theroot-pw
anduser-pw
properties, again ensuring there's no EOLs - Customize the config however you want
./scripts/install.sh -c NAME_OF_HOST -k tempkeys root@IP_OF_HOST
- Delete the
tempkeys
folder if you're done with it - That is about it
Deploying changes remotely
- Make your changes
nix flake check
deploy
, or if you're making breaking network changes where it's necessary,deploy --magic-rollback false
- Commit to Git if everything works