onboard new machine
This commit is contained in:
=
parent
73f883e6a4
commit
970de0bd95
3 changed files with 77 additions and 45 deletions
34
readme.md
34
readme.md
|
|
@ -1,12 +1,34 @@
|
|||
# First Install
|
||||
# First Install on new Machine
|
||||
|
||||
- First follow nixos installation guide: https://nixos.wiki/wiki/NixOS_Installation_Guide
|
||||
- Checkout this repo into /etc/nixos
|
||||
- Before anything else, ensure the generated hardware-configuration is copied over into the desired HOSTNAME target in systems directory.
|
||||
- switch into flake mode `nixos-rebuild switch --flake /etc/nixos#HOSTNAME`
|
||||
- Follow up to generate config command
|
||||
- in hardware-configuration.nix
|
||||
- change to use by-labels made in nixos installation guide (optional but nice for updating device in the future)
|
||||
- in configuration.nix
|
||||
- set networking.hostname to HOSTNAME
|
||||
- enable networkmanager
|
||||
- add in `users.users.root.initialPassword = 'password1';` [[ TODO this may not be necessary at all, it seems to prompt for this regardless at end of install ]]
|
||||
- uncomment systemPackages and add: git curl
|
||||
- add `nix.settings.experimental-features = [ "nix-command" "flakes" ];`
|
||||
- Install nixos: `cd /mnt` `sudo nixos-install`
|
||||
- `passwd` to change root password (if not already prompted to do so)
|
||||
- `reboot`
|
||||
|
||||
- copy over this systems ssh public key pairs into the ./secrets/secrets.nix file - push those up, using another computer re-key all the secrets, push up again
|
||||
- pull new secrets down with new added keys
|
||||
-- TODO come up with a way to pregen keys so onboarding is less stupid with secrets?
|
||||
|
||||
- `cp -r /etc/nixos ~/nixos_bak` Backup configuration
|
||||
- Checkout this repo into /etc/nixos: `rm -rf /etc/nixos` `git clone https://github.com/ringofstorms/dotfiles /etc/nixos`
|
||||
- Copy hardware-configuration into the new /etc/nixos/systems/HOSTNAME/hardware-configuration.nix `mkdir /etc/nixos/systems/HOSTNAM && cp ~/hardware-configuration.nix /etx/nixos/systems/HOSTNAME`
|
||||
- copy the existing configuration/other configuration nix of an existing system and edit it to desires state. [[ TODO make this step cleaner/easier... ]]
|
||||
- switch into flake mode `nixos-rebuild switch --flake /etc/nixos[#HOSTNAME]` and switch to new system
|
||||
- copy system ssh public key and create a key for user and copy those into the nixos secrets.nix file
|
||||
- `cat /etc/ssh/ssh_host_ed25519_key.pub`
|
||||
- `cat ~/.ssh/id_ed25519.pub`
|
||||
- Push changes to remote using temp user password
|
||||
- rekey secrets with any other onboarded system
|
||||
- TODO
|
||||
- copy over this systems ssh public key ( /etc/shh/*ed25519* ) into the ./secrets/secrets.nix file - push those up, using another computer re-key all the secrets, push up again
|
||||
- pull new secrets down with new added keys and rebuild
|
||||
|
||||
# Later updates
|
||||
|
||||
|
|
|
|||
|
|
@ -1,22 +1,27 @@
|
|||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBCK29s
|
||||
T0R3ZGlBUFRKUFFEUWQ5cnFlVmV5SlFiWlRBSWZFY2ZoYlY5ZlI4CmcrWlRkT0Y5
|
||||
elo2aFR2Y0pYZVZmQ2RFQ0I4UGwxTk5hbWdzZUxXRXBwMDgKLT4gc3NoLWVkMjU1
|
||||
MTkgSjkxOXNRIGJZQmptaW9Dc1FxZHNxQ1Y1dk9oUy9TdHc4dU1QRVlJY0k3VWNu
|
||||
aW9Jd28KNFFJS1FDcldXU3JJMzk1VU1HQ3lUc0x4eWF4cU84WjZzVXlyNFBwdFBR
|
||||
RQotPiBzc2gtZWQyNTUxOSBlNmUwbFEgMGtYY1lDdmQvMFoySHdRb2ErY2FpcG5J
|
||||
cjEyRFhwMXNGM2dCeEtRZDVqUQpvQm9lNUNMRjc4R1dSaFhUb2FFTzJEb0pyRFN3
|
||||
WTA4ME4wM1d4S2ZXZ3JZCi0+IFQ6WnlZLWdyZWFzZSBNXmcgIlRgd2x0O04KVXV6
|
||||
QmdJZWNMS2RueVBqMTRlTXQyTmFvaFZyN2pOTVkzWDMxeU5IeC8vclZ0S2k4VG0w
|
||||
Rk56Q3VpWi9UYUxQQwpHcGpMVkdPMTk2Skg0WEUKLS0tIE1YdHllN0VXRHR0L1Yx
|
||||
VlV2aHc4cDNFYnB5L1Q5a1I5ZVRCR0lCUzI1RFEKJgGmOo27BuWg1IT8PHCLbI9v
|
||||
3oY3AxiHVEGMTQ1tSIO8TAdw1ul3ZkOIpOxHAw6bOjs772/fbnHkFN9elEgIXqvN
|
||||
O16gpAUWT0NhlBv+deaTsJHRZ3uLZvxSSTwLY9iYHrAf9nyub8i6GJPVxSiyoaaM
|
||||
bJ+9niD8tgj6sG4QpWFN9iTQCGEfLk7b3FNjBWUmmQJJNI2prmlSOGlP6C5tRov+
|
||||
YJGQnj4pH2EwkVb91A1TgwDBmupEYkWiW1FH48E2VwRglAqjrBGWGZICtph4X+2t
|
||||
IDKJ/wKsKQQsSj7UpPLjZhMSHAUB52JiH6T4Ay+hVN/CgXalcx8hN9hzlcWzfa5h
|
||||
9SxjJSrITiiCUQaxRwd8tI5EzTDPWZu/Yfm892LViYfeueabFducOyYvQ5KQ9JCD
|
||||
IJCHjk3xjKsdw2UNNZKEUl3jLDLxE7s5zBHaU3GkS9QEGHOd+vNou4yL4AhM2R+T
|
||||
WUtlPtsH1L7YLHGFinfB4C0hdEKg/I4w6G/A55pudWIu7syFqSo7zyjxHUFhSkrq
|
||||
T0zNaiNZFInqhreb2USm59s6isZaGZlf7btfv2c=
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBvdm8z
|
||||
MGkweENnTjlxK3lubmtXUlRHUDJLOTM0MGRJQmtOUXZpSG1IUlJZClY1amJtdkZw
|
||||
T3dWRnBqdFVlRGpxQWFydUJUcm9hRTI0WHYrVjh3ZVE5bUEKLT4gc3NoLWVkMjU1
|
||||
MTkgSjkxOXNRIGZQWG85d0lzZWVtWG4weXRBY0ZoQVN6WmdEemtxa2FpYm1FRHND
|
||||
SXZSd2cKbWRLbUdrTm1oMFZtNnR6eDU4ckJOK2RyTENnV1NaWjlSVTZ5eEhOQ0N0
|
||||
dwotPiBzc2gtZWQyNTUxOSBlNmUwbFEgNzJ1TG5rbllNaThwTDNtZmdVSHZuK2hp
|
||||
MWw5TFJZbEtOdHdmY2g5VittWQpHRjdMelI3TURuYUYwVXFRSWVHeU1UUzRUaDFh
|
||||
SDVWR3pmV1gvMkV2c1NBCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBXUWFJc2ljM0Nr
|
||||
cUJxVWJrSjVvWkE5MnV6SmpWYit4dnZraWxJQTYwelYwClNzSGhOWGFXcXVyc3pq
|
||||
bVBzeW1UNE1RdUU4SWZEd1FwUmhkb1lmKzRKalkKLT4gc3NoLWVkMjU1MTkgWHpm
|
||||
bWFRIFk2SkxTRjBUNUhLdDZIbituV3BGckVoaEZsSnkrQVpRQ1I1QkZmaURWR1UK
|
||||
aUpmbm1TUDlFYTBXZ2EvSWxPWmh5S0prTE5CcTFPanlZSDFpOFhtbEVEZwotPiAi
|
||||
MXYrOyVZby1ncmVhc2Ugdk1fOlIoIG9WIHFmOiBeImc1Cis0bnA0a3UvU2tlZUJl
|
||||
REFJa2owa056UEhGbTh6ZWdtM1VpY1pJZDdpL3Q3L0gvRTJMRnQzcjNsUFY5VHZh
|
||||
dVUKREE1MzF4eEtIQmh0MU1uK2NMSWtFVk0zTGxxd0sxcDhtUmhpencKLS0tIElt
|
||||
c2taOFBaWndsV0FhdXhtdy9JeFJTbFNJQ21iclI4UXVnZmZzZnlXWG8KU47pTls2
|
||||
3ZARHmIb7/3fPTn3a5wwOmV8x4jqz+IfKcmSapkLn2y0PIptecAHSIm+a6CgkH8i
|
||||
ZA/qvrB/m5AYfAIUVcbhpb6zT1jj4K1ZqY1yUP8BeCOa+wrZeiOkcGkAxtzvKIF7
|
||||
4GCz92dpEayxsdFLgQKJpG+37hyWP1dlASTnk114/Nv99wGR8HG+Bg85eY2PWluz
|
||||
hLI8dVKPURDmwQcXRionE8IjnEmSHI6XdggMAQwB0mh6AZRZFzK76Flb1Fr7C/fQ
|
||||
8ecNbhvxPUDxPNYVLpN7EGyaPiMbpxOVd8HYWfCcJWQoqGBFNUXaQI3pSy68zVQh
|
||||
cw+DJX6dCO7e4K+BDugS6CY2skvf58TVX0dq3SZ6dMJhtz/hCNdsnb0qVnjnSdUF
|
||||
PK06nlRRxwNwJt8m1ar+3a85gkt3/U1t2hIT5dUVtRxD4OEr5fZbtZQfVvaYclVk
|
||||
YbGgCWIoq4DYhNc10lwvMfq22uj1LaewEpgJKMGNQezfXf4LkDK5knnlCoaxFCpL
|
||||
E4DWpCI9HfZAaqElLApqdfoslkK/14Cs3BLGC0PM9/3pNP9bAyaMwMA=
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
|
|
|
|||
|
|
@ -1,21 +1,26 @@
|
|||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBCR0Mx
|
||||
RkRvNnNJbDRybFNKbmY4M0VzTGYwNElZbm8wZEQ4Wm9JaytweDFZClROYm5IdFJ0
|
||||
K0cxUEdGWEhKUWthSjd3VWUxYlNFeCtrRmNWbzc5NDBYYnMKLT4gc3NoLWVkMjU1
|
||||
MTkgSjkxOXNRIE16OTdGNURLWC9TY2ErRmNFV0UyLy9MbDhCTjhRUVNoaE9Gc3kv
|
||||
cEJDMm8Kc2lkYk1oR3lsNzI3MkxYem5YS3d5VE8vQzJKMXVFNVIrOTUzYXBwb0s0
|
||||
cwotPiBzc2gtZWQyNTUxOSBlNmUwbFEgTGFWa3JYNlRCM1RkbEpJZHFoSHdYOE5q
|
||||
dmEzbUFhKzZGRUtybWlvMEIxVQpwU0ppMmRMKzlnYVpiL2pnOXR0RkNmb0ZIeGpw
|
||||
YzhZRmMwbHY4Q3hhZk1NCi0+ICQtZ3JlYXNlIEJYRl4gJiFxSSBsICVvXCs1CkZi
|
||||
UURNYjl1RUY4RU5TdVFwOXAxRWRhcllwU09DMmhvWWlCUwotLS0gRnl6YkN2eFVI
|
||||
TjhrWFFTblN1eHZFV25RL0Y0NUh3UVI3MjJjTkViSG9pTQpt+8IsRW49ki68inEg
|
||||
Ny7+LslHhypyLdGldrB/Zb8oIVHZiIk8m/nRQRZCq/7ESV5Kb8ygcM4fIICdhMn3
|
||||
jED2802rMZFzzXi7IWkUUqcNOx2AoSWSXdpjX3wJoLXGTe23ipYe6EEbltmqZ/Vw
|
||||
Ga6eupId1Ux/oYQBGmlfRRyQT74vMB8mk815qaLUvuXTk9BSVc0Ysl40IZz8H7u+
|
||||
lJwsfl04dFfJkrmgoB2H0HVjmLowYHDMyEXXo/l8Ulh+vnD2ndSi5CzD5KJnuVWP
|
||||
uc3Ijtmpx0aZUaFcduQPGpmNf7zfRc1eoTnA9OmEIgnWRmE8tQdtIbr9YPREBBw2
|
||||
eKfzNBOlACK5YWCnO0tsGHlQq0zYa7b/oreU6Rpr+CjbVxYVj1dFJkPXuCnCjZnD
|
||||
8X0JpiZAzNg9nCm9NLVuYOmLvRdvwdAkirELV0vJFASlFbZOZYm4XBtKSpcIQrdh
|
||||
U9E2phZXQZmIJK/6doddPR0F9GM78T1ZTryOgPF4A8Lqf+DSHbOC3DkkxR8JYhcH
|
||||
eSrTr06Y+cDf+uTerq6p5ZAGn5SZUAI5kdM4eNgxwNBYew==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBDVnVp
|
||||
ck9SRFpLSkY1MFo0cXNERWlPRi9zcHhNbHdlYVJzcWE1YmZScjFrCjEyTmtLOUkr
|
||||
VW5HZzdrOHFvWWs1bGFjS0FBd1kwTzA4ZEZSUVVMWWtWaDgKLT4gc3NoLWVkMjU1
|
||||
MTkgSjkxOXNRIDY1T00vYVN0Nm5sbEMrcEw4VzIzV241Um1QZHpnS1dSaWJYN3FF
|
||||
S2pNRjQKQmxzaE9pTlI5L2E0NTZvNlp4QWJ0MXJHdmlwNS9HU3MzQ0NrRnJ5cjJC
|
||||
awotPiBzc2gtZWQyNTUxOSBlNmUwbFEgcmQyVld2b0JKbUcrWDBxZHdJNDVESU9y
|
||||
Qk13Y3hicGNFV0tjMHhYQjF6dwpLSDc4VW14NVVEV21oQldHWEVxWXcwRFViTGFv
|
||||
LzhhcjRPdlZKTWZQS3U0Ci0+IHNzaC1lZDI1NTE5IEJZS0crdyBsL3lwTURwT1Z0
|
||||
Vmt0czdNMk9scDZPdzJtbUNyalNhR242c0k3WTJEcmlZCmxnRDBSREFQdFB0dHFI
|
||||
aU13NjlYeDIrUlB5WmUvZ21takkybHE3M1VlSXcKLT4gc3NoLWVkMjU1MTkgWHpm
|
||||
bWFRIFhhaVA1aTUzNnFQeDZIaWV4VFZpa2pyVFIzTDJCSGhxMHpUaDNzRnlOVG8K
|
||||
ZkNPbTd5ZEUweld3bUdRNFdkZkVuK3Jtamx5Y3lSbkxFMWs5VjhKenVkawotPiBK
|
||||
W1ZLNC1ncmVhc2UgZF9aNUhAdgowTHowdTVwbnM1YmJzL1VoSUlvOXpxT2lDQ21o
|
||||
bmlzWkJrc21WOTlIM0xhcG50YWs0U2lqSXNtN1pWdwotLS0gQ0lTQ2tMbkgxVW9D
|
||||
ZHlRdjRkTmd0STBRR25UQTgrSXNrTnAzTjRrZUdFRQqsIz6SbS8zaf/NjwqqxgKg
|
||||
W++hUEr40EzqYp5ubyIhSpUCuf52kBWRiDtS1aABEZbMDWNKcqYxxK7L7Bz/sDQN
|
||||
SjR/H6HZmcxTuJWVL32c16d9rPAGcKzxfPWF7nrB5vx6KMVp/iZvuQOqtRgQuF8s
|
||||
1fUHnUrLkSwQNwpqNzuHuU0kXEbrb7unPVv8ES/iKec+QR353KIM1xe62AYMRSfM
|
||||
baHlLNx1NHs2e3KiHNH8rXH58nRm+26xXpNyIksUyYGhAMNV4/0+dx/saUlmUtDg
|
||||
nm3iph8EUqCpjVuwhgRdylABgZglruSuAKYyVQceQkyd2XOePXsfn05hF9V1IyrX
|
||||
6I2OT49WFizz67Y4tPaOe/oYOVIqLDOz7V/StJEn99LwHIZnQ4khm7+nmhQUtICH
|
||||
KrOIAZmikWmou4KY2dnqGv0gWR1Gg4GYNDOXEUt9twbdUAUwU8qDzgX5MtIc+DMK
|
||||
JnfKQ1zNM1KJ6arg3v1ECttmfpc5nJzr1voF4oEkK2wTsKpKBlG1h8tVKkF1byIP
|
||||
PPkCLKTJKJgmF80/HOLB6a9vKEMpssGRsAPY1Vq08g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue