nix-config/README.md

# Deployment

Beide failen bei Activation des neuen Profils. (TODO)


## Mit NixOps

The official way for deployment is through `deployer.serv.zentralwerk.org`

### Deploy changes

Use deployer system:

```shell
ssh k-ot@172.20.73.9
cd nix-config/
nixops deploy -d hq --check --include=[hostname]
```


### Creating new Container

This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.

1. log into any proxmox server
2. pct create [num] cephfs-iso:vztmpl/nixos-system-x86_64-linux.tar.xz -ostype unmanaged -net0 name=eth0,bridge=vmbr0,tag=[vlantag] -storage vms -hostname [hostname]
3. adjustments through ui if necessary
4. Adjust hq.nixops, add  [hostname]
5. Run
    ```shell
    ssh k-ot@172.20.73.16
    cd nix-config/
    nixops deploy -d hq --check --include=[hostname]
    ```

## Mit `nixos-switch rebuild`

```shell
nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"
```


# Secrets

Add your gpg-id to the .gpg-id file in secrets and let somebody reencrypt it for you.
Maybe this works for you, maybe not. I did it somehow:
```PASSWORD_STORE_DIR=`pwd` tr '\n' ' ' < .gpg-id | xargs -I{} pass init {}````

Your gpg key has to have the Authenticate flag set. If not update it and push it to a keyserver and wait.
This is necessary, so you can login to any machine with your gpg key.
add README with Deployment instructions 2019-04-01 15:44:55 +02:00			`# Deployment`

			`Beide failen bei Activation des neuen Profils. (TODO)`

add mongo. add missing files 2019-07-04 00:31:45 +02:00
			`## Mit NixOps`

			The official way for deployment is through `deployer.serv.zentralwerk.org`

			`### Deploy changes`

			`Use deployer system:`
add README with Deployment instructions 2019-04-01 15:44:55 +02:00
			```shell
add mongo. add missing files 2019-07-04 00:31:45 +02:00			`ssh k-ot@172.20.73.9`
			`cd nix-config/`
			`nixops deploy -d hq --check --include=[hostname]`
add README with Deployment instructions 2019-04-01 15:44:55 +02:00			```

add mongo. add missing files 2019-07-04 00:31:45 +02:00

			`### Creating new Container`

			`This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.`

			`1. log into any proxmox server`
			`2. pct create [num] cephfs-iso:vztmpl/nixos-system-x86_64-linux.tar.xz -ostype unmanaged -net0 name=eth0,bridge=vmbr0,tag=[vlantag] -storage vms -hostname [hostname]`
			`3. adjustments through ui if necessary`
			`4. Adjust hq.nixops, add [hostname]`
			`5. Run`
			```shell
activate central logging 2019-07-04 04:23:39 +02:00			`ssh k-ot@172.20.73.16`
add mongo. add missing files 2019-07-04 00:31:45 +02:00			`cd nix-config/`
			`nixops deploy -d hq --check --include=[hostname]`
			```

			## Mit `nixos-switch rebuild`
add README with Deployment instructions 2019-04-01 15:44:55 +02:00
			```shell
add mongo. add missing files 2019-07-04 00:31:45 +02:00			`nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"`
add README with Deployment instructions 2019-04-01 15:44:55 +02:00			```
added reencryption command 2019-04-30 23:21:34 +02:00
add mongo. add missing files 2019-07-04 00:31:45 +02:00
added reencryption command 2019-04-30 23:21:34 +02:00			`# Secrets`

updated README.md 2019-05-01 00:55:11 +02:00			`Add your gpg-id to the .gpg-id file in secrets and let somebody reencrypt it for you.`
			`Maybe this works for you, maybe not. I did it somehow:`
			```PASSWORD_STORE_DIR=`pwd` tr '\n' ' ' < .gpg-id \| xargs -I{} pass init {}````

			`Your gpg key has to have the Authenticate flag set. If not update it and push it to a keyserver and wait.`
			`This is necessary, so you can login to any machine with your gpg key.`