52 lines
1.4 KiB
Markdown
52 lines
1.4 KiB
Markdown
# Deployment
|
|
|
|
Beide failen bei Activation des neuen Profils. (TODO)
|
|
|
|
|
|
## Mit NixOps
|
|
|
|
The official way for deployment is through `deployer.serv.zentralwerk.org`
|
|
|
|
### Deploy changes
|
|
|
|
Use deployer system:
|
|
|
|
```shell
|
|
ssh k-ot@172.20.73.9
|
|
cd nix-config/
|
|
nixops deploy -d hq --check --include=[hostname]
|
|
```
|
|
|
|
|
|
|
|
### Creating new Container
|
|
|
|
This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.
|
|
|
|
1. log into any proxmox server
|
|
2. pct create [num] cephfs-iso:vztmpl/nixos-system-x86_64-linux.tar.xz -ostype unmanaged -net0 name=eth0,bridge=vmbr0,tag=[vlantag] -storage vms -hostname [hostname]
|
|
3. adjustments through ui if necessary
|
|
4. Adjust hq.nixops, add [hostname]
|
|
5. Run
|
|
```shell
|
|
ssh k-ot@172.20.73.16
|
|
cd nix-config/
|
|
nixops deploy -d hq --check --include=[hostname]
|
|
```
|
|
|
|
## Mit `nixos-switch rebuild`
|
|
|
|
```shell
|
|
nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"
|
|
```
|
|
|
|
|
|
# Secrets
|
|
|
|
Add your gpg-id to the .gpg-id file in secrets and let somebody reencrypt it for you.
|
|
Maybe this works for you, maybe not. I did it somehow:
|
|
```PASSWORD_STORE_DIR=`pwd` tr '\n' ' ' < .gpg-id | xargs -I{} pass init {}````
|
|
|
|
Your gpg key has to have the Authenticate flag set. If not update it and push it to a keyserver and wait.
|
|
This is necessary, so you can login to any machine with your gpg key.
|