felix/nixos
1
0
Fork 0
mirror of https://github.com/Stunkymonkey/nixos.git synced 2025-05-24 09:54:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

readme: add disko and nixos-anywhere

Browse source
This commit is contained in:
Felix Buehler 2023-09-02 17:51:12 +02:00
parent 4b389828ad
commit cac957a607
1 changed files with 104 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

125
README.md
View file

@ -6,12 +6,13 @@ It is fully reproducible, flakes based, and position-independent, ...
used flakes: used flakes:
- image generation: [nixos-generators](https://github.com/nix-community/nixos-generators) - image generation: [nixos-generators](https://github.com/nix-community/nixos-generators)
- disk formatting: [disko](https://github.com/nix-community/disko) - disk partitioning: [disko](https://github.com/nix-community/disko)
- secrets: [sops-nix](https://github.com/Mic92/sops-nix) - secrets: [sops-nix](https://github.com/Mic92/sops-nix)
- deployment: [deploy-rs](https://github.com/serokell/deploy-rs), see [usage](#usage) - deployment: [deploy-rs](https://github.com/serokell/deploy-rs), see [usage](#usage)
- formatting: [pre-commit-hooks](https://github.com/cachix/pre-commit-hooks.nix) - formatting: [pre-commit-hooks](https://github.com/cachix/pre-commit-hooks.nix)
- install: [nixos-anywhere](https://github.com/numtide/nixos-anywhere/)
## structure ## Structure
```text ```text
. .
@ -23,34 +24,116 @@ used flakes:
└── profiles # summarize module collections into single options └── profiles # summarize module collections into single options
``` ```
## usage ## Usage
updating: - updating:
```bash ```bash
nix flake update nix flake update
``` ```
deployment: - deployment:
```bash ```bash
deploy .#myHost deploy .#<flake>
``` ```
secrets: - secrets:
```bash ```bash
sops ./machines/myHost/secrets.yaml sops ./machines/<host>/secrets.yaml
``` ```
images: - images:
```bash ```bash
nix build .#install-iso nix build .#install-iso
nix build .#aarch64-install --system aarch64-linux nix build .#aarch64-install --system aarch64-linux
``` ```
## inspired by - vms:
```bash
nixos-rebuild build-vm --flake .#<flake>
```
- (re-)install:
make sure you have ssh-root access to the machine and the ssh-key is used properly.
(It does not matter what system is installed before.)
1. generate config (only needed for new host)
get `nixos-generate-config` to run via nix and execute
```bash
nixos-generate-config --no-filesystems --root $(mktemp -d)
```
reuse the `hardware-configuration.nix` to create a new machine with its flake.
1. setup secrets
1. new host
then prepare the secrets in the following layout:
```bash
# enter disk encryption key
echo "my-super-safe-password" > /tmp/disk.key
temp=$(mktemp -d)
# ssh-host keys
install -d -m755 "$temp/etc/ssh"
ssh-keygen -o -t rsa -a 100 -N "" -b 4096 -f "$temp/etc/ssh/ssh_host_rsa_key"
chmod 600 "$temp/etc/ssh/ssh_host_rsa_key"
ssh-keygen -o -t ed25519 -a 100 -N "" -f "$temp/etc/ssh/ssh_host_ed25519_key"
chmod 600 "$temp/etc/ssh/ssh_host_ed25519_key"
# initrd key
install -d -m755 "$temp/etc/secrets/initrd"
ssh-keygen -o -t ed25519 -a 100 -N "" -f "$temp/etc/secrets/initrd/ssh_host_ed25519_key"
chmod 600 "$temp/etc/secrets/initrd/ssh_host_ed25519_key"
```
1. existing host
```bash
echo "my-super-safe-password" > /tmp/disk.key
temp=$(mktemp -d)
printf '%M %p\n'
```
should result in something looking like this
```text
drwx------ $temp
drwxr-xr-x $temp/etc
drwxr-xr-x $temp/etc/ssh
-rw------- $temp/etc/ssh/ssh_host_rsa_key
-rw------- $temp/etc/ssh/ssh_host_ed25519_key
-rw-r--r-- $temp/etc/ssh/ssh_host_rsa_key.pub
-rw-r--r-- $temp/etc/ssh/ssh_host_ed25519_key.pub
drwxr-xr-x $temp/etc/secrets
drwxr-xr-x $temp/etc/secrets/initrd
-rw------- $temp/etc/secrets/initrd/ssh_host_ed25519_key
-rw-r--r-- $temp/etc/secrets/initrd/ssh_host_ed25519_key.pub
```
1. execute install
now simply install by executing (this will delete all data!):
```bash
nix run github:numtide/nixos-anywhere -- \
--disk-encryption-keys /tmp/disk.key /tmp/disk.key \
--extra-files "$temp" \
--flake .#<flake> \
root@<host>
```
</details>
## Inspired by
- [Nix config by Mic92](https://github.com/Mic92/dotfiles) - [Nix config by Mic92](https://github.com/Mic92/dotfiles)
- [Nix config by ambroisie](https://github.com/ambroisie/nix-config) - [Nix config by ambroisie](https://github.com/ambroisie/nix-config)