# Deployment

Beide failen bei Activation des neuen Profils. (TODO)


## Mit NixOps

The official way for deployment is through `deployer.serv.zentralwerk.org`

### Deploy changes

Use deployer system:

```shell
ssh k-ot@172.20.73.9
cd nix-config/
nixops deploy -d hq --check --include=[hostname]
```



### Creating new Container

This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.

1. log into any proxmox server
2. pct create [num] cephfs-iso:vztmpl/nixos-system-x86_64-linux.tar.xz -ostype unmanaged -net0 name=eth0,bridge=vmbr0,tag=[vlantag] -storage vms -hostname [hostname]
3. adjustments through ui if necessary
4. Adjust hq.nixops, add  [hostname]
5. Run
    ```shell
    ssh k-ot@172.20.73.16
    cd nix-config/
    nixops deploy -d hq --check --include=[hostname]
    ```

## Mit `nixos-switch rebuild`

```shell
nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"
```


# Secrets

Add your gpg-id to the .gpg-id file in secrets and let somebody reencrypt it for you.
Maybe this works for you, maybe not. I did it somehow:
```PASSWORD_STORE_DIR=`pwd` tr '\n' ' ' < .gpg-id | xargs -I{} pass init {}````

Your gpg key has to have the Authenticate flag set. If not update it and push it to a keyserver and wait.
This is necessary, so you can login to any machine with your gpg key.