Jordan Holt
a6b2311289
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m18s
62 lines
1.6 KiB
Markdown
62 lines
1.6 KiB
Markdown
# nix-config
|
|
|
|
System and user configuration for NixOS-based systems.
|
|
|
|
| | |
|
|
|-|-|
|
|
| **Shell:** | zsh |
|
|
| **DE:** | GNOME |
|
|
| **Theme:** | Adwaita |
|
|
| **Terminal:** | Ghostty |
|
|
|
|
## Provisioning a new host
|
|
|
|
> [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) is the module used
|
|
> for provisioning
|
|
|
|
Generate a new SSH host key in "$temp/etc/ssh" as per [this guide](https://nix-community.github.io/nixos-anywhere/howtos/secrets.html#example-decrypting-an-openssh-host-key-with-pass).
|
|
|
|
```
|
|
ssh-keygen -t ed25519 -f /tmp/ssh_host_ed25519_key
|
|
```
|
|
|
|
Update [nix-secrets](/jordan/nix-secrets) with the new host key to enable the system to decrypt
|
|
any relevant secrets.
|
|
|
|
In order to use the borgmatic module for backups, go to [borgbase.com](https://borgbase.com).
|
|
Add the generated SSH host key and create a new repository for the system.
|
|
|
|
Create a new directory under `hosts/` with a system configuration and disk layout.
|
|
|
|
Boot the NixOS installer (or any Linux distribution) on the target.
|
|
|
|
Then run:
|
|
|
|
```
|
|
nix run github:nix-community/nixos-anywhere -- \
|
|
--disk-encryption-keys /tmp/secret.key /tmp/secret.key \
|
|
--extra-files "$temp" \
|
|
--flake .#<hostname> \
|
|
root@<target-ip>
|
|
```
|
|
|
|
### Post install
|
|
|
|
If backups are configured, you'll need to run:
|
|
|
|
```
|
|
borgmatic init --encryption repokey-blake2
|
|
```
|
|
|
|
then restart `borgmatic`.
|
|
|
|
To join the Tailscale network, run:
|
|
|
|
```
|
|
tailscale up --login-server https://headscale.vimium.net
|
|
```
|
|
|
|
then visit the URL, SSH onto `vps1` and run `headscale --user mesh nodes register --key <key>`.
|
|
|
|
The new node can optionally be given a friendly name with `headscale node rename -i <index> <hostname>`.
|