flake.lock: Update

Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/a297cb1cb0337ee10a7a0f9517954501d8f6f74d' (2024-04-11) → 'github:nix-community/disko/8d4ae698eaac8bd717e23507da2ca8b345bec4b5' (2024-04-12) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/b2cf36f43f9ef2ded5711b30b1f393ac423d8f72' (2024-04-10) → 'github:NixOS/nixpkgs/51651a540816273b67bc4dedea2d37d116c5f7fe' (2024-04-11)
Add host provisioning steps
2024-04-14 15:30:09 +01:00 · 2024-04-14 15:29:25 +01:00
2 changed files with 41 additions and 10 deletions
--- a/README.md
+++ b/README.md
@ -9,16 +9,47 @@ System and user configuration for NixOS-based systems.
 | **Theme:** | adwaita |
 | **Terminal:** | Console |
-## Provisioning
+## Provisioning a new host
-> [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) is the module used for provisioning
+> [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) is the module used
 > for provisioning
 Generate a new SSH host key in "$temp/etc/ssh" as per [this guide](https://nix-community.github.io/nixos-anywhere/howtos/secrets.html#example-decrypting-an-openssh-host-key-with-pass).
 ```
 ssh-keygen -t ed25519 -f /tmp/ssh_host_ed25519_key
 ```
-Then run;
+Update [nix-secrets](/jordan/nix-secrets) with the new host key to enable the system to decrypt
 any relevant secrets.
 In order to use the borgmatic module for backups, go to [borgbase.com](https://borgbase.com).
 Add the generated SSH host key and create a new repository for the system.
 Create a new directory under `hosts/` with a system configuration and disk layout.
 Boot the NixOS installer (or any Linux distribution) on the target.
 Then run:
 ```
 nix run github:nix-community/nixos-anywhere -- \
  --disk-encryption-keys /tmp/secret.key /tmp/secret.key \
  --extra-files "$temp" \
  --flake .#<hostname> \
-  root@<ip>
+  root@<target-ip>
 ```
 ### Post install
 If backups are configured, you'll need to run:
 ```
 borgmatic init --encryption repokey-blake2
 ```
 then restart `borgmatic`.
 To join the Tailscale network, run:
 ```
 tailscale up --login-server https://headscale.vimium.net
 ```
 then visit the URL, SSH onto `vps1` and run `headscale --user mesh nodes register --key <key>`.
 The new node can optionally be given a friendly name with `headscale node rename -i <index> <hostname>`.
--- a/flake.lock
+++ b/flake.lock
@ -86,11 +86,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1712798444,
+        "lastModified": 1712947906,
-        "narHash": "sha256-aAksVB7zMfBQTz0q2Lw3o78HM3Bg2FRziX2D6qnh+sk=",
+        "narHash": "sha256-T0eT2lMbcK7RLelkx0qx4SiFpOS/0dt0aSfLB+WsGV8=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "a297cb1cb0337ee10a7a0f9517954501d8f6f74d",
+        "rev": "8d4ae698eaac8bd717e23507da2ca8b345bec4b5",
        "type": "github"
      },
      "original": {
@ -309,11 +309,11 @@
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1712741485,
+        "lastModified": 1712867921,
-        "narHash": "sha256-bCs0+MSTra80oXAsnM6Oq62WsirOIaijQ/BbUY59tR4=",
+        "narHash": "sha256-edTFV4KldkCMdViC/rmpJa7oLIU8SE/S35lh/ukC7bg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "b2cf36f43f9ef2ded5711b30b1f393ac423d8f72",
+        "rev": "51651a540816273b67bc4dedea2d37d116c5f7fe",
        "type": "github"
      },
      "original": {