1
0
Fork 0
mirror of https://github.com/tboerger/nixos-config synced 2024-03-01 19:09:58 +01:00
Go to file
Thomas Boerger 3b4d454c2d
fix: use right group for homeage secrets
2024-01-31 15:50:56 +01:00
.github chore(deps): update actions/checkout action to v4 2023-09-04 14:53:33 +00:00
desktops fix: use right disk id for chnum 2024-01-30 16:06:46 +01:00
home fix: use right group for homeage secrets 2024-01-31 15:50:56 +01:00
overlays feat: integrate disko and more refactoring 2024-01-30 14:00:26 +01:00
secrets fix(tailscale): add valid api key 2024-01-31 14:35:37 +01:00
servers feat: integrate disko and more refactoring 2024-01-30 14:00:26 +01:00
shared feat: integrate disko and more refactoring 2024-01-30 14:00:26 +01:00
.editorconfig chore: initial commit 2022-02-20 17:46:48 +01:00
.envrc chore: integrate deploy-rs and flake-utils 2022-09-28 22:28:36 +02:00
.gitignore chore: integrate deploy-rs and flake-utils 2022-09-28 22:28:36 +02:00
LICENSE chore: initial commit 2022-02-20 17:46:48 +01:00
README.md fix(minecraft): drop temurin-bin-8/temurin-bin-17 as it's part of prism 2024-01-31 14:05:56 +01:00
flake.lock feat: apply latest changes for flake refactoring 2024-01-30 15:47:02 +01:00
flake.nix fix: drop unused files and definitions 2024-01-30 23:48:00 +01:00

nixos-config

Build

Provisioning for my NixOS systems based on Nix.

Prepare

Copy /etc/ssh/ssh_host_ed25519_key.pub into secrets and rekey the secrets via agenix, you could also just execute ssh-keyscan ip_or_fqdn to fetch the current public keys. After pushing the rekeyed secrets execute the commands below.

Desktops

Generally after the installation I'm cloning this repository somewhere onto the desktop machine and just execute make switch within that repository to apply updates, if this is not the case I can always execute the following command to get the latest changes pulled in:

nixos-rebuild switch --flake github:tboerger/nixos-config#hostname

Anubis

sudo loadkeys de
sudo nix-shell --packages nixUnstable

nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko --flake github:tboerger/nixos-config#anubis

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#anubis

After a reboot of the system it should be fully provisioned with the regular flake which includes all defined services:

nixos-rebuild switch --flake github:tboerger/nixos-config#anubis

Chnum

sudo loadkeys de
sudo nix-shell --packages nixUnstable

nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko --flake github:tboerger/nixos-config#chnum

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#chnum

After a reboot of the system it should be fully provisioned with the regular flake which includes all defined services:

nixos-rebuild switch --flake github:tboerger/nixos-config#chnum

Servers

To apply updates for servers this repository should be updated to the latest version, after that it is possible to use deploy-rs to upgrade the deployment with a command like this:

nix run github:serokell/deploy-rs github:tboerger/nixos-config#hostname

Asgard

sudo loadkeys de
sudo nix-shell --packages nixUnstable

nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko --flake github:tboerger/nixos-config#asgard

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#asgard

After a reboot of the system it should be fully provisioned with the regular flake which includes all defined services:

nix run github:serokell/deploy-rs github:tboerger/nixos-config#asgard

Utgard

sudo loadkeys de
sudo nix-shell --packages nixUnstable

nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko --flake github:tboerger/nixos-config#utgard

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#utgard

After a reboot of the system it should be fully provisioned with the regular flake which includes all defined services:

nix run github:serokell/deploy-rs github:tboerger/nixos-config#utgard

Vanaheim

sudo loadkeys de
sudo nix-shell --packages nixUnstable

nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko --flake github:tboerger/nixos-config#vanaheim

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#vanaheim

After a reboot of the system it should be fully provisioned with the regular flake which includes all defined services:

nix run github:serokell/deploy-rs github:tboerger/nixos-config#vanaheim

Yggdrasil

sudo loadkeys de
sudo nix-shell --packages nixUnstable

mount /dev/disk/by-label/NIXOS_SD /mnt

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#yggdrasil

After a reboot of the system it should be fully provisioned with the regular flake which includes all defined services:

nix run github:serokell/deploy-rs github:tboerger/nixos-config#yggdrasil

Finish

Finally after I have setup the whole system I usually copy the remaining credentials from my securely stored USB stick to get access to my SSH keys and Gnupg keys if this is required on the machine. It should not be required for servers.

SSH

mkdir -p ${HOME}/.ssh/
cp /media/$(whoami)/secrets/ssh/id_* ${HOME}/.ssh/
chown -R $(id -u):$(id -g) ${HOME}/.ssh
chmod u=rw,g=,o= ${HOME}/.ssh/id_*

Gnupg

for FILE in /media/$(whoami)/secrets/gpg/*.asc; do
    gpg --import ${FILE}
done

Security

If you find a security issue please contact thomas@webhippie.de first.

Contributing

Fork -> Patch -> Push -> Pull Request

Authors

License

Apache-2.0

Copyright (c) 2021 Thomas Boerger <thomas@webhippie.de>