2024-09-08 20:41:34 -05:00
|
|
|
# WARNING
|
|
|
|
|
|
|
|
## This configuration is not meant for public usage
|
|
|
|
|
2024-09-08 19:22:14 -05:00
|
|
|
# Install
|
2024-09-09 00:06:57 +00:00
|
|
|
|
2024-09-08 19:22:14 -05:00
|
|
|
## Remote (with NixOS Anywhere)
|
|
|
|
|
|
|
|
1. Clone this repository
|
|
|
|
|
2024-10-08 21:28:14 -05:00
|
|
|
```sh
|
|
|
|
git clone https://github.com/myned/nixos
|
|
|
|
```
|
2024-09-08 19:22:14 -05:00
|
|
|
|
|
|
|
2. Enable [Flakes](https://wiki.nixos.org/wiki/Flakes)
|
|
|
|
|
|
|
|
3. Boot from NixOS [minimal installer](https://nixos.org/download.html#nixos-iso)
|
|
|
|
|
|
|
|
4. Create machine-specific modules in `machines/MACHINE/`
|
|
|
|
|
2024-10-08 21:28:14 -05:00
|
|
|
a. Machine configuration and hostname in `default.nix`
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-10-08 21:28:14 -05:00
|
|
|
```nix
|
|
|
|
{ custom.hostname = "MACHINE"; }
|
|
|
|
```
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-10-08 21:28:14 -05:00
|
|
|
b. [Disko](https://github.com/nix-community/disko) layout in `disko.nix`
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-10-08 21:28:14 -05:00
|
|
|
```sh
|
|
|
|
# Verify /dev identifier on machine
|
|
|
|
lsblk
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-10-08 21:28:14 -05:00
|
|
|
# Verify EFI/BIOS firmware on machine
|
|
|
|
[ -d /sys/firmware/efi/efivars ] && echo "UEFI" || echo "BIOS"
|
|
|
|
```
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-10-08 21:28:14 -05:00
|
|
|
c. Generated hardware configuration in `hardware-configuration.nix`
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-10-08 21:28:14 -05:00
|
|
|
```sh
|
|
|
|
nixos-generate-config --show-hardware-config --no-filesystems --root /mnt
|
|
|
|
```
|
2024-09-08 19:22:14 -05:00
|
|
|
|
|
|
|
5. Choose profile and add machine-specific modules to `flake.in.nix`
|
|
|
|
|
2024-10-08 21:28:14 -05:00
|
|
|
```nix
|
|
|
|
MACHINE = BRANCH "ARCHITECTURE" [ ./profiles/PROFILE ./machines/MACHINE ];
|
|
|
|
```
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-10-08 21:28:14 -05:00
|
|
|
6. Generate and lock `flake.nix` with [flakegen](https://github.com/jorsn/flakegen)
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-10-08 21:28:14 -05:00
|
|
|
```sh
|
|
|
|
cd nixos
|
|
|
|
git add .
|
|
|
|
nix run .#genflake flake.nix
|
|
|
|
nix flake lock
|
|
|
|
```
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-10-08 21:28:14 -05:00
|
|
|
7. Generate machine SSH key and rekey agenix secrets with added public key
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-10-08 21:28:14 -05:00
|
|
|
```sh
|
|
|
|
mkdir -p tmp/etc/ssh/
|
|
|
|
ssh-keygen -f tmp/etc/ssh/id_ed25519 -N '' -C root@MACHINE
|
|
|
|
cd secrets
|
|
|
|
agenix -r
|
|
|
|
```
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-10-08 21:28:14 -05:00
|
|
|
8. Add user SSH key to root authorized_keys on machine
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-10-08 21:28:14 -05:00
|
|
|
```sh
|
|
|
|
# On host
|
|
|
|
cat ~/.ssh/id_ed25519.pub | wl-copy
|
|
|
|
```
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-10-08 21:28:14 -05:00
|
|
|
```sh
|
|
|
|
# On machine
|
|
|
|
sudo mkdir /root/.ssh/
|
|
|
|
sudo nano /root/.ssh/authorized_keys
|
|
|
|
```
|
2024-09-08 19:22:14 -05:00
|
|
|
|
2024-10-08 21:28:14 -05:00
|
|
|
9. Execute [NixOS Anywhere](https://github.com/nix-community/nixos-anywhere)
|
|
|
|
|
|
|
|
```sh
|
|
|
|
nixos-anywhere --extra-files tmp --flake .#MACHINE root@IP
|
|
|
|
```
|
|
|
|
|
|
|
|
10. Shutdown, detach ISO, and reboot
|
|
|
|
|
|
|
|
11. Remove temporary files
|
|
|
|
|
|
|
|
```sh
|
|
|
|
rm -r tmp
|
|
|
|
```
|