nix-config/README.md

# Deployment

Beide failen bei Activation des neuen Profils. (TODO)


## Mit NixOps

The official way for deployment is through `deployer.serv.zentralwerk.org`

### Deploy changes

Use deployer system:

```shell
ssh k-ot@172.20.73.9
cd nix-config/
nixops deploy -d hq --check --include=[hostname]
```


### Creating new Container

This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.

1. log into any proxmox server
2. pct create [num] cephfs-iso:vztmpl/nixos-system-x86_64-linux.tar.xz -ostype unmanaged -net0 name=eth0,bridge=vmbr0,tag=[vlantag] -storage vms -hostname [hostname]
3. adjustments through ui if necessary
4. Adjust hq.nixops, add  [hostname]
5. Run
    ```shell
    ssh k-ot@172.20.73.16
    cd nix-config/
    nixops deploy -d hq --check --include=[hostname]
    ```

## Mit `nixos-switch rebuild`

```shell
nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"
```


# Secrets

Add your gpg-id to the .gpg-id file in secrets and let somebody reencrypt it for you.
Maybe this works for you, maybe not. I did it somehow:

```
PASSWORD_STORE_DIR=`pwd` tr '\n' ' ' < .gpg-id | xargs -I{} pass init {}
```

Your gpg key has to have the Authenticate flag set. If not update it and push it to a keyserver and wait.
This is necessary, so you can login to any machine with your gpg key.

# Laptops / Desktops

This repository contains a NixOS module that can be used with personal machines 
as well. This module appends `/etc/ssh/ssh_known_hosts` with the host keys of 
registered HQ hosts, and optionally appends `/etc/hosts` with static IPv6 
addresses local to HQ. Simply import the `lib` directory to use the module. As 
an example:

```nix
# /etc/nixos/configuration.nix
{ config, pkgs, lib, ... }:
let
  c3d2Config =
    builtins.fetchGit { url = "https://gitea.c3d2.de/C3D2/nix-config.git"; };
in {
  imports = [
    # ...
    "${c3d2Config}/lib"
  ];

  c3d2 = {
    isInHq = false; # not in HQ, this is the default.
    mapHqHosts = true; # Make entries in /etc/hosts for *.hq internal addresses.
    enableMotd = true; # Set the login shell message to the <<</>> logo.
  };

  # ...
}

```
add README with Deployment instructions 2019-04-01 15:44:55 +02:00			`# Deployment`

			`Beide failen bei Activation des neuen Profils. (TODO)`

add mongo. add missing files 2019-07-04 00:31:45 +02:00
			`## Mit NixOps`

			The official way for deployment is through `deployer.serv.zentralwerk.org`

			`### Deploy changes`

			`Use deployer system:`
add README with Deployment instructions 2019-04-01 15:44:55 +02:00
			```shell
add mongo. add missing files 2019-07-04 00:31:45 +02:00			`ssh k-ot@172.20.73.9`
			`cd nix-config/`
			`nixops deploy -d hq --check --include=[hostname]`
add README with Deployment instructions 2019-04-01 15:44:55 +02:00			```

add mongo. add missing files 2019-07-04 00:31:45 +02:00

			`### Creating new Container`

			`This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.`

			`1. log into any proxmox server`
			`2. pct create [num] cephfs-iso:vztmpl/nixos-system-x86_64-linux.tar.xz -ostype unmanaged -net0 name=eth0,bridge=vmbr0,tag=[vlantag] -storage vms -hostname [hostname]`
			`3. adjustments through ui if necessary`
			`4. Adjust hq.nixops, add [hostname]`
			`5. Run`
			```shell
activate central logging 2019-07-04 04:23:39 +02:00			`ssh k-ot@172.20.73.16`
add mongo. add missing files 2019-07-04 00:31:45 +02:00			`cd nix-config/`
			`nixops deploy -d hq --check --include=[hostname]`
			```

			## Mit `nixos-switch rebuild`
add README with Deployment instructions 2019-04-01 15:44:55 +02:00
			```shell
add mongo. add missing files 2019-07-04 00:31:45 +02:00			`nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"`
add README with Deployment instructions 2019-04-01 15:44:55 +02:00			```
added reencryption command 2019-04-30 23:21:34 +02:00
add mongo. add missing files 2019-07-04 00:31:45 +02:00
added reencryption command 2019-04-30 23:21:34 +02:00			`# Secrets`

updated README.md 2019-05-01 00:55:11 +02:00			`Add your gpg-id to the .gpg-id file in secrets and let somebody reencrypt it for you.`
			`Maybe this works for you, maybe not. I did it somehow:`
Add Laptops / Desktops to README 2020-01-01 13:40:42 +01:00
			```
			PASSWORD_STORE_DIR=`pwd` tr '\n' ' ' < .gpg-id \| xargs -I{} pass init {}
			```
updated README.md 2019-05-01 00:55:11 +02:00
			`Your gpg key has to have the Authenticate flag set. If not update it and push it to a keyserver and wait.`
			`This is necessary, so you can login to any machine with your gpg key.`
Add Laptops / Desktops to README 2020-01-01 13:40:42 +01:00
			`# Laptops / Desktops`

			`This repository contains a NixOS module that can be used with personal machines`
			as well. This module appends `/etc/ssh/ssh_known_hosts` with the host keys of
			registered HQ hosts, and optionally appends `/etc/hosts` with static IPv6
			addresses local to HQ. Simply import the `lib` directory to use the module. As
			`an example:`

			```nix
			`# /etc/nixos/configuration.nix`
			`{ config, pkgs, lib, ... }:`
			`let`
			`c3d2Config =`
			`builtins.fetchGit { url = "https://gitea.c3d2.de/C3D2/nix-config.git"; };`
			`in {`
			`imports = [`
			`# ...`
			`"${c3d2Config}/lib"`
			`];`

			`c3d2 = {`
			`isInHq = false; # not in HQ, this is the default.`
			`mapHqHosts = true; # Make entries in /etc/hosts for *.hq internal addresses.`
			`enableMotd = true; # Set the login shell message to the <<</>> logo.`
			`};`

			`# ...`
			`}`

			```