ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

onboard new machine

Browse source
This commit is contained in:
= 2024-03-31 19:47:19 -05:00
parent 73f883e6a4
commit 970de0bd95
3 changed files with 77 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

34
readme.md
View file

@ -1,12 +1,34 @@
# First Install
# First Install on new Machine
- First follow nixos installation guide: https://nixos.wiki/wiki/NixOS_Installation_Guide
- Checkout this repo into /etc/nixos
- Before anything else, ensure the generated hardware-configuration is copied over into the desired HOSTNAME target in systems directory.
- switch into flake mode `nixos-rebuild switch --flake /etc/nixos#HOSTNAME`
- Follow up to generate config command
- in hardware-configuration.nix
- change to use by-labels made in nixos installation guide (optional but nice for updating device in the future)
- in configuration.nix
- set networking.hostname to HOSTNAME
- enable networkmanager
- add in `users.users.root.initialPassword = 'password1';` [[ TODO this may not be necessary at all, it seems to prompt for this regardless at end of install ]]
- uncomment systemPackages and add: git curl
- add `nix.settings.experimental-features = [ "nix-command" "flakes" ];`
- Install nixos: `cd /mnt` `sudo nixos-install`
- `passwd` to change root password (if not already prompted to do so)
- `reboot`
- copy over this systems ssh public key pairs into the ./secrets/secrets.nix file - push those up, using another computer re-key all the secrets, push up again
- pull new secrets down with new added keys
-- TODO come up with a way to pregen keys so onboarding is less stupid with secrets?
- `cp -r /etc/nixos ~/nixos_bak` Backup configuration
- Checkout this repo into /etc/nixos: `rm -rf /etc/nixos` `git clone https://github.com/ringofstorms/dotfiles /etc/nixos`
- Copy hardware-configuration into the new /etc/nixos/systems/HOSTNAME/hardware-configuration.nix `mkdir /etc/nixos/systems/HOSTNAM && cp ~/hardware-configuration.nix /etx/nixos/systems/HOSTNAME`
- copy the existing configuration/other configuration nix of an existing system and edit it to desires state. [[ TODO make this step cleaner/easier... ]]
- switch into flake mode `nixos-rebuild switch --flake /etc/nixos[#HOSTNAME]` and switch to new system
- copy system ssh public key and create a key for user and copy those into the nixos secrets.nix file
- `cat /etc/ssh/ssh_host_ed25519_key.pub`
- `cat ~/.ssh/id_ed25519.pub`
- Push changes to remote using temp user password
- rekey secrets with any other onboarded system
- TODO
- copy over this systems ssh public key ( /etc/shh/*ed25519* ) into the ./secrets/secrets.nix file - push those up, using another computer re-key all the secrets, push up again
- pull new secrets down with new added keys and rebuild
# Later updates