1
0
mirror of https://github.com/tboerger/nixos-config synced 2024-11-26 07:43:45 +01:00
github.com-tboerger-nixos-c.../README.md
2022-11-17 13:32:11 +01:00

4.2 KiB

nixos-config

Build

Provisioning for my NixOS systems based on Nix.

Prepare

Copy /etc/ssh/ssh_host_ed25519_key.pub into secrets and rekey the secrets via agenix. After pushing the rekeyed secrets execute the commands below.

Desktops

Generally after the installation I'm cloning this repository somewhere onto the desktop machine and just execute make switch within that repository to apply updates, if this is not the case I can always execute nixos-rebuild switch --flake github:tboerger/nixos-config#name to get the latest changes pulled in.

Chnum

sudo loadkeys de
sudo nix-shell --packages nixUnstable

bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/desktops/chnum/partitions.sh)"

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#chnum

Hathor

sudo loadkeys de
sudo nix-shell --packages nixUnstable

bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/desktops/hathor/partitions.sh)"

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#hathor

Osiris

sudo loadkeys de
sudo nix-shell --packages nixUnstable

bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/desktops/osiris/partitions.sh)"

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#osiris

Servers

Currently I'm applying the updates manually by cloning the repository into the machine and executing make switch, but on longterm it should also just work to use the deploy #name command, at least if it's executed from a NixOS desktop.

Niflheim

apt install -y sudo

mkdir -p /etc/nix
echo "build-users-group =" > /etc/nix/nix.conf

curl -L https://nixos.org/nix/install | sh
. $HOME/.nix-profile/etc/profile.d/nix.sh

nix-env -f https://github.com/nix-community/nixos-generators/archive/master.tar.gz -i -v

cat <<EOF > /root/config.nix
{
  services.openssh.enable = true;
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINaQYR0/Oj6k1H03kshz2J7rlGCaDSuaGPhhOs9FcZfn"
  ];
}
EOF

nixos-generate -o /root/result  -f kexec-bundle -c /root/config.nix
/root/result

bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/servers/niflheim/partitions.sh)"

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#niflheim

Asgard

sudo loadkeys de
sudo nix-shell --packages nixUnstable

bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/servers/asgard/partitions.sh)"

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#asgard

Utgard

sudo loadkeys de
sudo nix-shell --packages nixUnstable

bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/servers/utgard/partitions.sh)"

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#utgard

Midgard

sudo loadkeys de
sudo nix-shell --packages nixUnstable

mount /dev/disk/by-label/NIXOS_SD /mnt

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#midgard

Security

If you find a security issue please contact thomas@webhippie.de first.

Contributing

Fork -> Patch -> Push -> Pull Request

Authors

License

Apache-2.0

Copyright (c) 2021 Thomas Boerger <thomas@webhippie.de>