karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
aec06c4b37c5448e3d5794c22a9baa2c1032dd34
nix/README.md
Nikolaos Karaolidis aec06c4b37 Add base eirene config 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2024-06-18 16:05:20 +03:00

82 lines
2.1 KiB
Markdown
Raw Blame History

# nix
NixOS dotfiles and configuration.
## Installation
The below installation example is for a fresh `eirene-vm` virtual machine.
1. Mount NixOS Configuration
```sh
sudo -i
mkdir /host
mount -t virtiofs host /host
```
2. Format Disks
```sh
nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko /host/hosts/eirene/format.nix --arg device '"/dev/vda"'
```
3. Generate Host SSH Key
```sh
mkdir -p /mnt/persist/etc/ssh
ssh-keygen -t ed25519 -f /mnt/persist/etc/ssh/ssh_host_ed25519_key
cp /mnt/persist/etc/ssh/ssh_host_ed25519_key /host/hosts/eirene/secrets/ssh_host_ed25519_key
# Optional - Copy user keys
mkdir -p /mnt/persist/home/nick/.local/share/sops-nix
cp /host/users/nick/secrets/key.txt /mnt/persist/home/nick/.local/share/sops-nix/key.txt
```
4. Update `sops` Configuration
```sh
nix-shell -p ssh-to-age --run 'cat /mnt/persist/etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
find . -type f -name 'sops.yaml' -exec nano {} \;
export SOPS_AGE_KEY_FILE=/host/users/nick/secrets/key.txt
find . -type f -name 'sops.yaml' | while read -r sops_file; do
dir=$(dirname "$sops_file")
find "$dir" -maxdepth 1 -type f -regextype posix-extended -regex '.+\.(yaml|yml|json|env|ini|bin)' | while read -r file; do
nix-shell -p sops --run 'sops --config $sops_file updatekeys $file'
done
done
```
5. Update Nix Configuration Keys
- Known Hosts
```sh
# Add to hosts/common/default.nix.programs.ssh.knownHosts
cp /mnt/persist/etc/ssh/ssh_host_ed25519_key.pub /host/hosts/eirene/secrets/ssh_host_ed25519_key.pub
```
- SSH Keys
```sh
# Generate a new SSH key pair for every user that will connect to the newly added user@host combinations
# Add to hosts/eirene/default.nix.users.users.nick.openssh.authorizedKeys.keyFiles
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_eirene_nick
```
6. Install NixOS
```sh
mkdir -p /mnt/persist/etc/nixos
cp -r /host/* /mnt/persist/etc/nixos
nixos-install --root /mnt --flake /mnt/persist/etc/nixos#eirene-vm
```
7. Reboot
```sh
reboot
```
Reference in New Issue View Git Blame Copy Permalink