caem/nixos-system-config
caem/nixos-system-config
1
Fork 0
Code Releases Activity
nixos-system-config/README.md

112 lines
2.6 KiB
Markdown
Raw Normal View History

stuff
2025-01-18 01:59:23 +01:00
# dotnix
a
2025-01-18 16:12:32 +01:00
## Installation
### Prerequisites
stuff
2025-01-18 01:59:23 +01:00
You need to prepare a couple things before installation due to the way secrets are managed.
a
2025-01-18 16:12:32 +01:00
#### Prepare secrets repo
stuff
2025-01-18 01:59:23 +01:00
piss
2025-01-18 02:03:45 +01:00
1. Ensure all required dependencies are present.
stuff
2025-01-18 01:59:23 +01:00
```sh
piss
2025-01-18 02:03:45 +01:00
nix-shell -p sops age git
stuff
2025-01-18 01:59:23 +01:00
```
2. Initialize your secrets repo. You can do this anywhere on your system except this repository.
```sh
mkdir secrets
cd secrets
git init
```
3. Create your gitignore. You want this to make sure that you do not accidentally push your private key.
```sh
echo "keys.txt" > .gitignore
```
4. Generate your private key.
```sh
age-keygen -o ./keys.txt
```
piss
2025-01-18 02:03:45 +01:00
5. Create your sops configuration file.
stuff
2025-01-18 01:59:23 +01:00
```sh
cat <<EOF > .sops.yaml
keys:
- &master $(age-keygen -y ./keys.txt)
creation_rules:
- path_regex: .*\.(yaml|json|env|ini)$
key_groups:
- age:
- *master
EOF
```
moar progression
2025-01-18 15:58:34 +01:00
6. Create a password file for your user.
stuff
2025-01-18 01:59:23 +01:00
```sh
moar progression
2025-01-18 15:58:34 +01:00
mkpasswd | wl-copy # if you're on x11, replace `wl-copy` with `xclip -sel clipboard`
revision
2025-01-18 16:00:02 +01:00
sops user_password.yaml
moar progression
2025-01-18 15:58:34 +01:00
```
Then edit the file to look like this.
```yaml
user_password: <The pasted password from mkpasswd>
```
7. Commit and push your changes.
```sh
git remote add origin git@example.com:example/secrets
git add .
git commit -m "batman"
git push --set-upstream origin master
```
456g
2025-01-18 16:17:49 +01:00
8. Back up your keys.txt.
a
2025-01-18 16:12:32 +01:00
This step is very important as you'll need to copy this file to your new installation.
Make sure you'll be able to securely copy it to another machine, you should handle this
file with much care as anyone who has it will be able to decrypt your secrets if the have
the files.
### Selecting a livecd for the installation
The installation should work on all the NixOS livecd images, other livecds are not supported.
Just make sure you have a way to get both your ssh key for cloning your secrets repository and
keys.txt for decrypting your sops files.
### Installation
1. Clone this repository
```sh
git clone https://github.com/c4em/dotnix.git
cd dotnix
```
2. Enter a nix-shell with all required dependencies for the installation
```sh
nix-shell # This will automatically install all dependencies from `shell.nix`
```
3. Update the submodule to use your secrets repository.
moar progression
2025-01-18 15:58:34 +01:00
```sh
stuff
2025-01-19 19:50:43 +01:00
git submodule set-url -- secrets [ssh uri to your repository]
git submodule sync
git submodule update --init --remote
stuff
2025-01-18 01:59:23 +01:00
```
123f
2025-01-18 16:16:53 +01:00
4. Fetch your keys.txt.
This step is very important, without it your system wont be able to boot. Make sure to place it in the root of
the `secrets/` directory.
5. Adjust the configuration to your needs.
oops
2025-01-18 16:13:45 +01:00
a
2025-01-18 16:12:32 +01:00
Information about how the configuation is structured is available in the WIP section.
123f
2025-01-18 16:16:53 +01:00
6. Run the installation script
a
2025-01-18 16:12:32 +01:00
```sh
stuff
2025-01-19 19:50:43 +01:00
./install.sh --host [your host] --device [the device to install NixOS on]
a
2025-01-18 16:12:32 +01:00
```
Copy permalink