31 lines
1.2 KiB
Markdown
31 lines
1.2 KiB
Markdown
# Steps to add a new host
|
|
|
|
1. Generate an SSH host key to be used for secrets
|
|
`ssh-keygen -t ed25519 -f /tmp/ssh_host_ed25519_key -C ""`
|
|
1. Go to borgmatic.com, add the generated SSH key and create a new
|
|
repository
|
|
1. Add a new host entry to nix-secrets/secrets.nix
|
|
1. Generate a repository passphrase in nix-secrets
|
|
1. Commit nix-secrets and run `nix flake update` in nix-config
|
|
1. Add a README.md and default.nix suited to the host
|
|
1. Define (or generate with `nixos-generate-config`) a
|
|
hardware-configuration.nix
|
|
1. Define the disk layout to be used by disko
|
|
1. Commit nix-config
|
|
1. Boot the NixOS installer
|
|
1. Copy the generated SSH host key to `/etc/ssh`
|
|
1. Run `nix run github:nix-community/nixos-anywhere -- --flake .#<hostname> root@<ip address>`
|
|
|
|
## Post install
|
|
> The backup and Tailscale modules won't work until the following steps are
|
|
> completed.
|
|
|
|
1. Run `sudo borgmatic init --encryption repokey-blake2`
|
|
1. Restart `borgmatic`
|
|
1. Run `sudo tailscale up --login-server https://headscale.vimium.net`
|
|
1. Visit the URL, then SSH onto `vps1` and run
|
|
`headscale --user mesh nodes register --key <key>`
|
|
1. (Optionally) Give the Tailscale node a friendly name with
|
|
`headscale node rename -i <index> <hostname>`
|
|
|