README.md: expand install instructions

This commit is contained in:
Sandro - 2023-05-21 21:24:21 +02:00
parent 626b33befc
commit ebdbc9fc92
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
1 changed files with 13 additions and 11 deletions

View File

@ -258,18 +258,20 @@ When adding new disks the paths under ``/dev/disk/by-id/`` should be used, so th
## Install new server
- Copy the nix files from an existing, similar host
- Disable all secrets after the installation is finished
- set `simd.arch` option to the output of ``nix shell nixpkgs#gcc -c gcc -march=native -Q --help=target | grep march`` and update the comment next to it
- Copy the nix files from an existing, similar host.
- Disable all secrets until after the installation is finished.
- Set `simd.arch` option to the output of ``nix shell nixpkgs#gcc -c gcc -march=native -Q --help=target | grep march`` and update the comment next to it
- If that returns `x86_64` search on a search engine for the `ark.intel.com` entry for the processor which can be found by catting ``/proc/cpuinfo``
- Generate `networking.hostId` with ``head -c4 /dev/urandom | od -A none -t x4`` according to the options description.
- Boot live ISO
- Set a password for the NixOS user
- `rsync` the this directory into the live system
- generate and apply disk layout with disko (see above)
- Generate ´hardware-configuration.nix` with ``sudo nixos-generate-config --no-filesystems --root /mnt``
- Install nixos system with ``sudo nixos-install --root /mnt --no-root-passwd --flake .#HOSTNAME``
- After a reboot add age key to sops-nix with ``nix shell nixpkgs#ssh-to-age`` and ``ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub``
- Add ``/etc/machine-id`` and luks password to secrets
- Enable and deploy secrets again
- If your ssh key is not baked into the iso, set a password for the `nixos` with passwd to be able to log in over ssh.
- `rsync` the this directory into the live system.
- generate and apply disk layout with disko (see above).
- Generate `hardware-configuration.nix` with ``sudo nixos-generate-config --no-filesystems --root /mnt``.
- If luks disks should be decrypted in initrd over ssh, enable DHCP in the `hardware-configuration.nix` for the interfaces that should be used for that.
- Install nixos system with ``sudo nixos-install --root /mnt --no-channel-copy --no-root-passwd --flake .#HOSTNAME``.
- After a reboot add age key to sops-nix with ``nix shell nixpkgs#ssh-to-age`` and ``ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub``.
- Add ``/etc/machine-id`` and luks password to sops secrets.
- Enable and deploy secrets again.
- Improve new machine setup by automating easy to automate steps and document others.
- Commit everything and push