Housekeeping
- Update README - Run shellcheck on .sh files - Add helper scripts - Remove eirene vm variant - Add post-install checklist Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
103
README.md
103
README.md
@@ -1,81 +1,46 @@
|
||||
# nix
|
||||
|
||||
NixOS dotfiles and configuration.
|
||||
NixOS dotfiles and configuration for various hosts and users.
|
||||
|
||||
## Installation
|
||||
## Structure
|
||||
|
||||
The below installation example is for a fresh `eirene-vm` virtual machine.
|
||||
- [`flake.lock`](./flake.lock) and [`flake.nix`](./flake.nix): Core Nix flake files defining the repository's dependencies and entry points.
|
||||
|
||||
1. Mount NixOS Configuration
|
||||
- [`hosts/`](./hosts): All host-specific configurations.
|
||||
- [`common/`](./hosts/common): Shared configuration definitions.
|
||||
- [`system/`](./hosts/common/system): System-level configurations and scripts.
|
||||
- [`configs/`](./hosts/common/system/configs): System configurations applicable to all hosts.
|
||||
- [`scripts/`](./hosts/common/system/scripts): Utility scripts, such as `nix-cleanup`.
|
||||
- [`user/`](./hosts/common/user): Per-user options.
|
||||
- [`configs/`](./hosts/common/user/configs): User configurations, split into:
|
||||
- [`console/`](./hosts/common/user/configs/console): Console-related settings.
|
||||
- [`gui/`](./hosts/common/user/configs/gui): GUI-related settings.
|
||||
- [`scripts/`](./hosts/common/user/scripts): User-specific scripts and utilities.
|
||||
- `<name>/`: Individual host configurations.
|
||||
- `scripts/`: Host-specific scripts.
|
||||
- `secrets/`: Host-specific secrets, such as `machineId`.
|
||||
- `users/`: User-specific settings for the host.
|
||||
- `format.nix`: Disk layout definition using [`disko`](https://github.com/nix-community/disko).
|
||||
|
||||
```sh
|
||||
sudo -i
|
||||
mkdir /host
|
||||
mount -t virtiofs host /host
|
||||
```
|
||||
- `users/<name>/`: Global configurations for individual users that apply across all hosts. This includes secrets (like GPG keys and third-party service passwords), wallpapers, and more.
|
||||
|
||||
2. Format Disks
|
||||
- [`scripts/`](./scripts): Utility scripts for managing the repository.
|
||||
- [`add-host.sh`](./scripts/add-host.sh): Instantiate the keys for a new host configuration.
|
||||
- [`remove-host.sh`](./scripts/remove-host.sh): Remove references to a host.
|
||||
- [`add-user.sh`](./scripts/add-user.sh): Instantiate the keys for a new user configuration.
|
||||
- [`remove-user.sh`](./scripts/remove-user.sh): Remove references to a user.
|
||||
- [`update-keys.sh`](./scripts/update-keys.sh): Update the encryption keys in all relevant files using `sops.yaml` configurations.
|
||||
- [`update.sh`](./scripts/update.sh): Update flake and all git submodules.
|
||||
- [`install.sh`](./scripts/install.sh): Install or repair a selected NixOS host.
|
||||
|
||||
```sh
|
||||
nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko /host/hosts/eirene/format.nix --arg device '"/dev/vda"'
|
||||
```
|
||||
- [`submodules/`](./submodules): Flake forks used in the repository, such as [`nixpkgs`](https://github.com/NixOS/nixpkgs) and [`home-manager`](https://github.com/nix-community/home-manager).
|
||||
|
||||
3. Generate Host SSH Key
|
||||
Any `options.nix` files create custom option definitions when present.
|
||||
|
||||
```sh
|
||||
mkdir -p /mnt/persist/etc/ssh
|
||||
ssh-keygen -t ed25519 -f /mnt/persist/etc/ssh/ssh_host_ed25519_key
|
||||
cp /mnt/persist/etc/ssh/ssh_host_ed25519_key /host/hosts/eirene/secrets/ssh_host_ed25519_key
|
||||
## Hosts
|
||||
|
||||
# Optional - Copy user keys
|
||||
mkdir -p /mnt/persist/home/nick/.local/share/sops-nix
|
||||
cp /host/users/nick/secrets/key.txt /mnt/persist/home/nick/.local/share/sops-nix/key.txt
|
||||
```
|
||||
Below is a table of all hosts, with links to their respective README files, which may provide further details and/or post-installation checklists.
|
||||
|
||||
4. Update `sops` Configuration
|
||||
|
||||
```sh
|
||||
nix-shell -p ssh-to-age --run 'cat /mnt/persist/etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
|
||||
|
||||
find . -type f -name 'sops.yaml' -exec nano {} \;
|
||||
|
||||
export SOPS_AGE_KEY_FILE=/host/users/nick/secrets/key.txt
|
||||
|
||||
find . -type f -name 'sops.yaml' | while read -r sops_file; do
|
||||
dir=$(dirname "$sops_file")
|
||||
find "$dir" -maxdepth 1 -type f -regextype posix-extended -regex '.+\.(yaml|yml|json|env|ini|bin)' | while read -r file; do
|
||||
nix-shell -p sops --run 'sops --config $sops_file updatekeys $file'
|
||||
done
|
||||
done
|
||||
```
|
||||
|
||||
5. Update Nix Configuration Keys
|
||||
|
||||
- Known Hosts
|
||||
|
||||
```sh
|
||||
# Add to hosts/common/default.nix.programs.ssh.knownHosts
|
||||
cp /mnt/persist/etc/ssh/ssh_host_ed25519_key.pub /host/hosts/eirene/secrets/ssh_host_ed25519_key.pub
|
||||
```
|
||||
|
||||
- SSH Keys
|
||||
|
||||
```sh
|
||||
# Generate a new SSH key pair for every user that will connect to the newly added user@host combinations
|
||||
# Add to hosts/eirene/default.nix.users.users.nick.openssh.authorizedKeys.keyFiles
|
||||
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_eirene_nick
|
||||
```
|
||||
|
||||
6. Install NixOS
|
||||
|
||||
```sh
|
||||
mkdir -p /mnt/persist/etc/nixos
|
||||
cp -r /host/* /mnt/persist/etc/nixos
|
||||
nixos-install --root /mnt --flake /mnt/persist/etc/nixos#eirene-vm
|
||||
```
|
||||
|
||||
7. Reboot
|
||||
|
||||
```sh
|
||||
reboot
|
||||
```
|
||||
| Host | README |
|
||||
|----------|----------------------------------------------------|
|
||||
| `eirene` | [hosts/eirene/README.md](./hosts/eirene/README.md) |
|
||||
|
||||
Reference in New Issue
Block a user