c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

README.md: expand install instructions

This commit is contained in:
Sandro - 2023-05-21 21:24:21 +02:00
parent 626b33befc
commit ebdbc9fc92
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
1 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@ -258,18 +258,20 @@ When adding new disks the paths under ``/dev/disk/by-id/`` should be used, so th
## Install new server ## Install new server
- Copy the nix files from an existing, similar host - Copy the nix files from an existing, similar host.
- Disable all secrets after the installation is finished - Disable all secrets until after the installation is finished.
- set `simd.arch` option to the output of ``nix shell nixpkgs#gcc -c gcc -march=native -Q --help=target | grep march`` and update the comment next to it - Set `simd.arch` option to the output of ``nix shell nixpkgs#gcc -c gcc -march=native -Q --help=target | grep march`` and update the comment next to it
- If that returns `x86_64` search on a search engine for the `ark.intel.com` entry for the processor which can be found by catting ``/proc/cpuinfo`` - If that returns `x86_64` search on a search engine for the `ark.intel.com` entry for the processor which can be found by catting ``/proc/cpuinfo``
- Generate `networking.hostId` with ``head -c4 /dev/urandom | od -A none -t x4`` according to the options description. - Generate `networking.hostId` with ``head -c4 /dev/urandom | od -A none -t x4`` according to the options description.
- Boot live ISO - Boot live ISO
- Set a password for the NixOS user - If your ssh key is not baked into the iso, set a password for the `nixos` with passwd to be able to log in over ssh.
- `rsync` the this directory into the live system - `rsync` the this directory into the live system.
- generate and apply disk layout with disko (see above) - generate and apply disk layout with disko (see above).
- Generate ´hardware-configuration.nix` with ``sudo nixos-generate-config --no-filesystems --root /mnt`` - Generate `hardware-configuration.nix` with ``sudo nixos-generate-config --no-filesystems --root /mnt``.
- Install nixos system with ``sudo nixos-install --root /mnt --no-root-passwd --flake .#HOSTNAME`` - If luks disks should be decrypted in initrd over ssh, enable DHCP in the `hardware-configuration.nix` for the interfaces that should be used for that.
- After a reboot add age key to sops-nix with ``nix shell nixpkgs#ssh-to-age`` and ``ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub`` - Install nixos system with ``sudo nixos-install --root /mnt --no-channel-copy --no-root-passwd --flake .#HOSTNAME``.
- Add ``/etc/machine-id`` and luks password to secrets - After a reboot add age key to sops-nix with ``nix shell nixpkgs#ssh-to-age`` and ``ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub``.
- Enable and deploy secrets again - Add ``/etc/machine-id`` and luks password to sops secrets.
- Enable and deploy secrets again.
- Improve new machine setup by automating easy to automate steps and document others.
- Commit everything and push - Commit everything and push