Add host provisioning steps

README.md

@@ -9,16 +9,47 @@ System and user configuration for NixOS-based systems.
 | **Theme:** | adwaita |
 | **Terminal:** | Console |
 
-## Provisioning
+## Provisioning a new host
-> [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) is the module used for provisioning
+> [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) is the module used
+> for provisioning
 
 Generate a new SSH host key in "$temp/etc/ssh" as per [this guide](https://nix-community.github.io/nixos-anywhere/howtos/secrets.html#example-decrypting-an-openssh-host-key-with-pass).
+```
+ssh-keygen -t ed25519 -f /tmp/ssh_host_ed25519_key
+```
 
-Then run;
+Update [nix-secrets](/jordan/nix-secrets) with the new host key to enable the system to decrypt
+any relevant secrets.
+
+In order to use the borgmatic module for backups, go to [borgbase.com](https://borgbase.com).
+Add the generated SSH host key and create a new repository for the system.
+
+Create a new directory under `hosts/` with a system configuration and disk layout.
+
+Boot the NixOS installer (or any Linux distribution) on the target.
+
+Then run:
 ```
 nix run github:nix-community/nixos-anywhere -- \
   --disk-encryption-keys /tmp/secret.key /tmp/secret.key \
   --extra-files "$temp" \
   --flake .#<hostname> \
-  root@<ip>
+  root@<target-ip>
 ```
+
+### Post install
+
+If backups are configured, you'll need to run:
+```
+borgmatic init --encryption repokey-blake2
+```
+then restart `borgmatic`.
+
+To join the Tailscale network, run:
+```
+tailscale up --login-server https://headscale.vimium.net
+```
+then visit the URL, SSH onto `vps1` and run `headscale --user mesh nodes register --key <key>`.
+
+The new node can optionally be given a friendly name with `headscale node rename -i <index> <hostname>`.
+