felix/nixos
1
0
Fork 0
mirror of https://github.com/Stunkymonkey/nixos.git synced 2025-05-24 09:54:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #1 from bebehei/umask

Browse source 
umask fixes in the Readme
This commit is contained in:
Felix Bühler 2024-12-02 22:57:45 +01:00 committed by GitHub
commit 34c3466585
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 7 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

18
README.md
View file

@ -10,7 +10,7 @@ used flakes:
- secrets: [sops-nix](https://github.com/Mic92/sops-nix) - secrets: [sops-nix](https://github.com/Mic92/sops-nix)
- deployment: [nixinate](https://github.com/MatthewCroughan/nixinate), see [usage](#usage) - deployment: [nixinate](https://github.com/MatthewCroughan/nixinate), see [usage](#usage)
- formatting: [git-hooks](https://github.com/cachix/git-hooks.nix) - formatting: [git-hooks](https://github.com/cachix/git-hooks.nix)
- install: [nixos-anywhere](https://github.com/numtide/nixos-anywhere/) - install: [nixos-anywhere](https://github.com/nix-community/nixos-anywhere/)
## Structure ## Structure
@ -80,25 +80,21 @@ used flakes:
```bash ```bash
# enter disk encryption key # enter disk encryption key
echo "my-super-safe-password" > /tmp/disk.key (umask 077; echo "my-super-safe-password" > /tmp/disk.key)
temp=$(mktemp -d) temp=$(mktemp -d)
# ssh-host keys # ssh-host keys
install -d -m755 "$temp/etc/ssh" install -d -m755 "$temp/etc/ssh"
ssh-keygen -o -t rsa -a 100 -N "" -b 4096 -f "$temp/etc/ssh/ssh_host_rsa_key"
chmod 600 "$temp/etc/ssh/ssh_host_rsa_key"
ssh-keygen -o -t ed25519 -a 100 -N "" -f "$temp/etc/ssh/ssh_host_ed25519_key"
chmod 600 "$temp/etc/ssh/ssh_host_ed25519_key"
# initrd key
install -d -m755 "$temp/etc/secrets/initrd" install -d -m755 "$temp/etc/secrets/initrd"
ssh-keygen -o -t ed25519 -a 100 -N "" -f "$temp/etc/secrets/initrd/ssh_host_ed25519_key" ssh-keygen -o -a 100 -N "" -t rsa -b 4096 -f "$temp/etc/ssh/ssh_host_rsa_key"
chmod 600 "$temp/etc/secrets/initrd/ssh_host_ed25519_key" ssh-keygen -o -a 100 -N "" -t ed25519 -f "$temp/etc/ssh/ssh_host_ed25519_key"
ssh-keygen -o -a 100 -N "" -t ed25519 -f "$temp/etc/secrets/initrd/ssh_host_ed25519_key"
``` ```
1. existing host 1. existing host
```bash ```bash
echo "my-super-safe-password" > /tmp/disk.key (umask 077; echo "my-super-safe-password" > /tmp/disk.key)
temp=$(mktemp -d) temp=$(mktemp -d)
find $temp -printf '%M %p\n' find $temp -printf '%M %p\n'
``` ```
@ -124,7 +120,7 @@ used flakes:
now simply install by executing (this will delete all data!): now simply install by executing (this will delete all data!):
```bash ```bash
nix run github:numtide/nixos-anywhere -- \ nix run github:nix-community/nixos-anywhere -- \
--disk-encryption-keys /tmp/disk.key /tmp/disk.key \ --disk-encryption-keys /tmp/disk.key /tmp/disk.key \
--extra-files "$temp" \ --extra-files "$temp" \
--flake .#<flake> \ --flake .#<flake> \