Must run borgmatic init as root

hosts/new.md

@@ -0,0 +1,30 @@
+# Steps to add a new host
+
+1. Generate an SSH host key to be used for secrets
+`ssh-keygen -t ed25519 -f /tmp/ssh_host_ed25519_key -C ""`
+1. Go to borgmatic.com, add the generated SSH key and create a new
+repository
+1. Add a new host entry to nix-secrets/secrets.nix
+1. Generate a repository passphrase in nix-secrets
+1. Commit nix-secrets and run `nix flake update` in nix-config
+1. Add a README.md and default.nix suited to the host
+1. Define (or generate with `nixos-generate-config`) a
+hardware-configuration.nix
+1. Define the disk layout to be used by disko
+1. Commit nix-config
+1. Boot the NixOS installer
+1. Copy the generated SSH host key to `/etc/ssh`
+1. Run `nix run github:nix-community/nixos-anywhere -- --flake .#<hostname> root@<ip address>`
+
+## Post install
+> The backup and Tailscale modules won't work until the following steps are
+> completed.
+
+1. Run `sudo borgmatic init --encryption repokey-blake2`
+1. Restart `borgmatic`
+1. Run `sudo tailscale up --login-server https://headscale.vimium.net`
+1. Visit the URL, then SSH onto `vps1` and run
+`headscale --user mesh nodes register --key <key>`
+1. (Optionally) Give the Tailscale node a friendly name with
+`headscale node rename -i <index> <hostname>`
+