# Setup ## Flakes Nix with flakes support is required. Run this in a shell… ``` # Enter a temporary shell with flakes support: nix-shell --packages nixFlakes # Set some configuration (do this only once): echo 'experimental-features = nix-command flakes' >> ~/.config/nix/nix.conf # Add this repository to your local flake registry: nix registry add c3d2 git+https://gitea.c3d2.de/C3D2/nix-config ``` …or set this to your NixOS configuration: ``` { pkgs, ... }: { nix = { package = pkgs.nixFlakes; extraOptions = "experimental-features = nix-command flakes"; }; } ``` And add this repository to your local flake registry: ``` nix registry add c3d2 git+https://gitea.c3d2.de/C3D2/nix-config ``` # Deployment Beide failen bei Activation des neuen Profils. (TODO) ## Mit flakes ### Remote deployment Use `nix run` with one of the deploy scripts exported by the flake, for example: `nix run c3d2#glotzbert-nixos-rebuild switch`. Use `nix flake show c3d2` to show what is available. Note that the deploy scripts only work if the target machines already has flakes enabled. ### Local deployment Running `nixos-rebuild --flake c3d2 switch` on a machine should be sufficient to update that machine to the current configuration and Nixpkgs revision. ## Mit NixOps The official way for deployment is through `deployer.serv.zentralwerk.org` ### Deploy changes Use deployer system: ```shell ssh k-ot@172.20.73.9 cd nix-config/ nixops deploy -d hq --check --include=[hostname] ``` ### Creating new Container This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken. 1. log into any proxmox server 2. pct create [num] cephfs-iso:vztmpl/nixos-system-x86_64-linux.tar.xz -ostype unmanaged -net0 name=eth0,bridge=vmbr0,tag=[vlantag] -storage vms -hostname [hostname] 3. adjustments through ui if necessary 4. Adjust hq.nixops, add [hostname] 5. Run ```shell ssh k-ot@172.20.73.16 cd nix-config/ nixops deploy -d hq --check --include=[hostname] ``` Tarballs can be built for containers using `config.system.build.tarball`. ``` nix build c3d2#nixosConfigurations.dhcp.config.system.build.tarball ``` ## Mit `nixos-switch rebuild` ```shell nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de" ``` # Secrets Add your gpg-id to the .gpg-id file in secrets and let somebody reencrypt it for you. Maybe this works for you, maybe not. I did it somehow: ``` PASSWORD_STORE_DIR=`pwd` tr '\n' ' ' < .gpg-id | xargs -I{} pass init {} ``` Your gpg key has to have the Authenticate flag set. If not update it and push it to a keyserver and wait. This is necessary, so you can login to any machine with your gpg key. # Laptops / Desktops This repository contains a NixOS module that can be used with personal machines as well. This module appends `/etc/ssh/ssh_known_hosts` with the host keys of registered HQ hosts, and optionally appends `/etc/hosts` with static IPv6 addresses local to HQ. Simply import the `lib` directory to use the module. As an example: ```nix # /etc/nixos/configuration.nix { config, pkgs, lib, ... }: let c3d2Config = builtins.fetchGit { url = "https://gitea.c3d2.de/C3D2/nix-config.git"; }; in { imports = [ # ... "${c3d2Config}/lib" ]; c3d2 = { isInHq = false; # not in HQ, this is the default. mapHqHosts = true; # Make entries in /etc/hosts for *.hq internal addresses. enableMotd = true; # Set the login shell message to the <<> logo. }; # ... } ```