ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

onboard new machine

Browse source
This commit is contained in:
= 2024-03-31 19:47:19 -05:00
parent 73f883e6a4
commit 970de0bd95
3 changed files with 77 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

34
readme.md
View file

@ -1,12 +1,34 @@
# First Install # First Install on new Machine
- First follow nixos installation guide: https://nixos.wiki/wiki/NixOS_Installation_Guide - First follow nixos installation guide: https://nixos.wiki/wiki/NixOS_Installation_Guide
- Checkout this repo into /etc/nixos - Follow up to generate config command
- Before anything else, ensure the generated hardware-configuration is copied over into the desired HOSTNAME target in systems directory. - in hardware-configuration.nix
- switch into flake mode `nixos-rebuild switch --flake /etc/nixos#HOSTNAME` - change to use by-labels made in nixos installation guide (optional but nice for updating device in the future)
- in configuration.nix
- set networking.hostname to HOSTNAME
- enable networkmanager
- add in `users.users.root.initialPassword = 'password1';` [[ TODO this may not be necessary at all, it seems to prompt for this regardless at end of install ]]
- uncomment systemPackages and add: git curl
- add `nix.settings.experimental-features = [ "nix-command" "flakes" ];`
- Install nixos: `cd /mnt` `sudo nixos-install`
- `passwd` to change root password (if not already prompted to do so)
- `reboot`
- copy over this systems ssh public key pairs into the ./secrets/secrets.nix file - push those up, using another computer re-key all the secrets, push up again -- TODO come up with a way to pregen keys so onboarding is less stupid with secrets?
- pull new secrets down with new added keys
- `cp -r /etc/nixos ~/nixos_bak` Backup configuration
- Checkout this repo into /etc/nixos: `rm -rf /etc/nixos` `git clone https://github.com/ringofstorms/dotfiles /etc/nixos`
- Copy hardware-configuration into the new /etc/nixos/systems/HOSTNAME/hardware-configuration.nix `mkdir /etc/nixos/systems/HOSTNAM && cp ~/hardware-configuration.nix /etx/nixos/systems/HOSTNAME`
- copy the existing configuration/other configuration nix of an existing system and edit it to desires state. [[ TODO make this step cleaner/easier... ]]
- switch into flake mode `nixos-rebuild switch --flake /etc/nixos[#HOSTNAME]` and switch to new system
- copy system ssh public key and create a key for user and copy those into the nixos secrets.nix file
- `cat /etc/ssh/ssh_host_ed25519_key.pub`
- `cat ~/.ssh/id_ed25519.pub`
- Push changes to remote using temp user password
- rekey secrets with any other onboarded system
- TODO
- copy over this systems ssh public key ( /etc/shh/*ed25519* ) into the ./secrets/secrets.nix file - push those up, using another computer re-key all the secrets, push up again
- pull new secrets down with new added keys and rebuild
# Later updates # Later updates

45
secrets/nix2bitbucket.age
View file

@ -1,22 +1,27 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBCK29s YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBvdm8z
T0R3ZGlBUFRKUFFEUWQ5cnFlVmV5SlFiWlRBSWZFY2ZoYlY5ZlI4CmcrWlRkT0Y5 MGkweENnTjlxK3lubmtXUlRHUDJLOTM0MGRJQmtOUXZpSG1IUlJZClY1amJtdkZw
elo2aFR2Y0pYZVZmQ2RFQ0I4UGwxTk5hbWdzZUxXRXBwMDgKLT4gc3NoLWVkMjU1 T3dWRnBqdFVlRGpxQWFydUJUcm9hRTI0WHYrVjh3ZVE5bUEKLT4gc3NoLWVkMjU1
MTkgSjkxOXNRIGJZQmptaW9Dc1FxZHNxQ1Y1dk9oUy9TdHc4dU1QRVlJY0k3VWNu MTkgSjkxOXNRIGZQWG85d0lzZWVtWG4weXRBY0ZoQVN6WmdEemtxa2FpYm1FRHND
aW9Jd28KNFFJS1FDcldXU3JJMzk1VU1HQ3lUc0x4eWF4cU84WjZzVXlyNFBwdFBR SXZSd2cKbWRLbUdrTm1oMFZtNnR6eDU4ckJOK2RyTENnV1NaWjlSVTZ5eEhOQ0N0
RQotPiBzc2gtZWQyNTUxOSBlNmUwbFEgMGtYY1lDdmQvMFoySHdRb2ErY2FpcG5J dwotPiBzc2gtZWQyNTUxOSBlNmUwbFEgNzJ1TG5rbllNaThwTDNtZmdVSHZuK2hp
cjEyRFhwMXNGM2dCeEtRZDVqUQpvQm9lNUNMRjc4R1dSaFhUb2FFTzJEb0pyRFN3 MWw5TFJZbEtOdHdmY2g5VittWQpHRjdMelI3TURuYUYwVXFRSWVHeU1UUzRUaDFh
WTA4ME4wM1d4S2ZXZ3JZCi0+IFQ6WnlZLWdyZWFzZSBNXmcgIlRgd2x0O04KVXV6 SDVWR3pmV1gvMkV2c1NBCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBXUWFJc2ljM0Nr
QmdJZWNMS2RueVBqMTRlTXQyTmFvaFZyN2pOTVkzWDMxeU5IeC8vclZ0S2k4VG0w cUJxVWJrSjVvWkE5MnV6SmpWYit4dnZraWxJQTYwelYwClNzSGhOWGFXcXVyc3pq
Rk56Q3VpWi9UYUxQQwpHcGpMVkdPMTk2Skg0WEUKLS0tIE1YdHllN0VXRHR0L1Yx bVBzeW1UNE1RdUU4SWZEd1FwUmhkb1lmKzRKalkKLT4gc3NoLWVkMjU1MTkgWHpm
VlV2aHc4cDNFYnB5L1Q5a1I5ZVRCR0lCUzI1RFEKJgGmOo27BuWg1IT8PHCLbI9v bWFRIFk2SkxTRjBUNUhLdDZIbituV3BGckVoaEZsSnkrQVpRQ1I1QkZmaURWR1UK
3oY3AxiHVEGMTQ1tSIO8TAdw1ul3ZkOIpOxHAw6bOjs772/fbnHkFN9elEgIXqvN aUpmbm1TUDlFYTBXZ2EvSWxPWmh5S0prTE5CcTFPanlZSDFpOFhtbEVEZwotPiAi
O16gpAUWT0NhlBv+deaTsJHRZ3uLZvxSSTwLY9iYHrAf9nyub8i6GJPVxSiyoaaM MXYrOyVZby1ncmVhc2Ugdk1fOlIoIG9WIHFmOiBeImc1Cis0bnA0a3UvU2tlZUJl
bJ+9niD8tgj6sG4QpWFN9iTQCGEfLk7b3FNjBWUmmQJJNI2prmlSOGlP6C5tRov+ REFJa2owa056UEhGbTh6ZWdtM1VpY1pJZDdpL3Q3L0gvRTJMRnQzcjNsUFY5VHZh
YJGQnj4pH2EwkVb91A1TgwDBmupEYkWiW1FH48E2VwRglAqjrBGWGZICtph4X+2t dVUKREE1MzF4eEtIQmh0MU1uK2NMSWtFVk0zTGxxd0sxcDhtUmhpencKLS0tIElt
IDKJ/wKsKQQsSj7UpPLjZhMSHAUB52JiH6T4Ay+hVN/CgXalcx8hN9hzlcWzfa5h c2taOFBaWndsV0FhdXhtdy9JeFJTbFNJQ21iclI4UXVnZmZzZnlXWG8KU47pTls2
9SxjJSrITiiCUQaxRwd8tI5EzTDPWZu/Yfm892LViYfeueabFducOyYvQ5KQ9JCD 3ZARHmIb7/3fPTn3a5wwOmV8x4jqz+IfKcmSapkLn2y0PIptecAHSIm+a6CgkH8i
IJCHjk3xjKsdw2UNNZKEUl3jLDLxE7s5zBHaU3GkS9QEGHOd+vNou4yL4AhM2R+T ZA/qvrB/m5AYfAIUVcbhpb6zT1jj4K1ZqY1yUP8BeCOa+wrZeiOkcGkAxtzvKIF7
WUtlPtsH1L7YLHGFinfB4C0hdEKg/I4w6G/A55pudWIu7syFqSo7zyjxHUFhSkrq 4GCz92dpEayxsdFLgQKJpG+37hyWP1dlASTnk114/Nv99wGR8HG+Bg85eY2PWluz
T0zNaiNZFInqhreb2USm59s6isZaGZlf7btfv2c= hLI8dVKPURDmwQcXRionE8IjnEmSHI6XdggMAQwB0mh6AZRZFzK76Flb1Fr7C/fQ
8ecNbhvxPUDxPNYVLpN7EGyaPiMbpxOVd8HYWfCcJWQoqGBFNUXaQI3pSy68zVQh
cw+DJX6dCO7e4K+BDugS6CY2skvf58TVX0dq3SZ6dMJhtz/hCNdsnb0qVnjnSdUF
PK06nlRRxwNwJt8m1ar+3a85gkt3/U1t2hIT5dUVtRxD4OEr5fZbtZQfVvaYclVk
YbGgCWIoq4DYhNc10lwvMfq22uj1LaewEpgJKMGNQezfXf4LkDK5knnlCoaxFCpL
E4DWpCI9HfZAaqElLApqdfoslkK/14Cs3BLGC0PM9/3pNP9bAyaMwMA=
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

43
secrets/nix2github.age
View file

@ -1,21 +1,26 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBCR0Mx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBDVnVp
RkRvNnNJbDRybFNKbmY4M0VzTGYwNElZbm8wZEQ4Wm9JaytweDFZClROYm5IdFJ0 ck9SRFpLSkY1MFo0cXNERWlPRi9zcHhNbHdlYVJzcWE1YmZScjFrCjEyTmtLOUkr
K0cxUEdGWEhKUWthSjd3VWUxYlNFeCtrRmNWbzc5NDBYYnMKLT4gc3NoLWVkMjU1 VW5HZzdrOHFvWWs1bGFjS0FBd1kwTzA4ZEZSUVVMWWtWaDgKLT4gc3NoLWVkMjU1
MTkgSjkxOXNRIE16OTdGNURLWC9TY2ErRmNFV0UyLy9MbDhCTjhRUVNoaE9Gc3kv MTkgSjkxOXNRIDY1T00vYVN0Nm5sbEMrcEw4VzIzV241Um1QZHpnS1dSaWJYN3FF
cEJDMm8Kc2lkYk1oR3lsNzI3MkxYem5YS3d5VE8vQzJKMXVFNVIrOTUzYXBwb0s0 S2pNRjQKQmxzaE9pTlI5L2E0NTZvNlp4QWJ0MXJHdmlwNS9HU3MzQ0NrRnJ5cjJC
cwotPiBzc2gtZWQyNTUxOSBlNmUwbFEgTGFWa3JYNlRCM1RkbEpJZHFoSHdYOE5q awotPiBzc2gtZWQyNTUxOSBlNmUwbFEgcmQyVld2b0JKbUcrWDBxZHdJNDVESU9y
dmEzbUFhKzZGRUtybWlvMEIxVQpwU0ppMmRMKzlnYVpiL2pnOXR0RkNmb0ZIeGpw Qk13Y3hicGNFV0tjMHhYQjF6dwpLSDc4VW14NVVEV21oQldHWEVxWXcwRFViTGFv
YzhZRmMwbHY4Q3hhZk1NCi0+ICQtZ3JlYXNlIEJYRl4gJiFxSSBsICVvXCs1CkZi LzhhcjRPdlZKTWZQS3U0Ci0+IHNzaC1lZDI1NTE5IEJZS0crdyBsL3lwTURwT1Z0
UURNYjl1RUY4RU5TdVFwOXAxRWRhcllwU09DMmhvWWlCUwotLS0gRnl6YkN2eFVI Vmt0czdNMk9scDZPdzJtbUNyalNhR242c0k3WTJEcmlZCmxnRDBSREFQdFB0dHFI
TjhrWFFTblN1eHZFV25RL0Y0NUh3UVI3MjJjTkViSG9pTQpt+8IsRW49ki68inEg aU13NjlYeDIrUlB5WmUvZ21takkybHE3M1VlSXcKLT4gc3NoLWVkMjU1MTkgWHpm
Ny7+LslHhypyLdGldrB/Zb8oIVHZiIk8m/nRQRZCq/7ESV5Kb8ygcM4fIICdhMn3 bWFRIFhhaVA1aTUzNnFQeDZIaWV4VFZpa2pyVFIzTDJCSGhxMHpUaDNzRnlOVG8K
jED2802rMZFzzXi7IWkUUqcNOx2AoSWSXdpjX3wJoLXGTe23ipYe6EEbltmqZ/Vw ZkNPbTd5ZEUweld3bUdRNFdkZkVuK3Jtamx5Y3lSbkxFMWs5VjhKenVkawotPiBK
Ga6eupId1Ux/oYQBGmlfRRyQT74vMB8mk815qaLUvuXTk9BSVc0Ysl40IZz8H7u+ W1ZLNC1ncmVhc2UgZF9aNUhAdgowTHowdTVwbnM1YmJzL1VoSUlvOXpxT2lDQ21o
lJwsfl04dFfJkrmgoB2H0HVjmLowYHDMyEXXo/l8Ulh+vnD2ndSi5CzD5KJnuVWP bmlzWkJrc21WOTlIM0xhcG50YWs0U2lqSXNtN1pWdwotLS0gQ0lTQ2tMbkgxVW9D
uc3Ijtmpx0aZUaFcduQPGpmNf7zfRc1eoTnA9OmEIgnWRmE8tQdtIbr9YPREBBw2 ZHlRdjRkTmd0STBRR25UQTgrSXNrTnAzTjRrZUdFRQqsIz6SbS8zaf/NjwqqxgKg
eKfzNBOlACK5YWCnO0tsGHlQq0zYa7b/oreU6Rpr+CjbVxYVj1dFJkPXuCnCjZnD W++hUEr40EzqYp5ubyIhSpUCuf52kBWRiDtS1aABEZbMDWNKcqYxxK7L7Bz/sDQN
8X0JpiZAzNg9nCm9NLVuYOmLvRdvwdAkirELV0vJFASlFbZOZYm4XBtKSpcIQrdh SjR/H6HZmcxTuJWVL32c16d9rPAGcKzxfPWF7nrB5vx6KMVp/iZvuQOqtRgQuF8s
U9E2phZXQZmIJK/6doddPR0F9GM78T1ZTryOgPF4A8Lqf+DSHbOC3DkkxR8JYhcH 1fUHnUrLkSwQNwpqNzuHuU0kXEbrb7unPVv8ES/iKec+QR353KIM1xe62AYMRSfM
eSrTr06Y+cDf+uTerq6p5ZAGn5SZUAI5kdM4eNgxwNBYew== baHlLNx1NHs2e3KiHNH8rXH58nRm+26xXpNyIksUyYGhAMNV4/0+dx/saUlmUtDg
nm3iph8EUqCpjVuwhgRdylABgZglruSuAKYyVQceQkyd2XOePXsfn05hF9V1IyrX
6I2OT49WFizz67Y4tPaOe/oYOVIqLDOz7V/StJEn99LwHIZnQ4khm7+nmhQUtICH
KrOIAZmikWmou4KY2dnqGv0gWR1Gg4GYNDOXEUt9twbdUAUwU8qDzgX5MtIc+DMK
JnfKQ1zNM1KJ6arg3v1ECttmfpc5nJzr1voF4oEkK2wTsKpKBlG1h8tVKkF1byIP
PPkCLKTJKJgmF80/HOLB6a9vKEMpssGRsAPY1Vq08g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----