133 lines
3.5 KiB
Markdown
133 lines
3.5 KiB
Markdown
# Setup
|
|
|
|
## Flakes
|
|
|
|
Nix with flakes support is required. Run this in a shell…
|
|
```
|
|
# Enter a temporary shell with flakes support:
|
|
nix-shell --packages nixFlakes
|
|
|
|
# Set some configuration (do this only once):
|
|
echo 'experimental-features = nix-command flakes' >> ~/.config/nix/nix.conf
|
|
|
|
# Add this repository to your local flake registry:
|
|
nix registry add c3d2 git+https://gitea.c3d2.de/C3D2/nix-config
|
|
```
|
|
|
|
…or set this to your NixOS configuration:
|
|
```
|
|
{ pkgs, ... }: {
|
|
nix = {
|
|
package = pkgs.nixFlakes;
|
|
extraOptions = "experimental-features = nix-command flakes";
|
|
};
|
|
}
|
|
```
|
|
And add this repository to your local flake registry:
|
|
```
|
|
nix registry add c3d2 git+https://gitea.c3d2.de/C3D2/nix-config
|
|
```
|
|
|
|
# Deployment
|
|
|
|
Beide failen bei Activation des neuen Profils. (TODO)
|
|
|
|
## Mit flakes
|
|
|
|
### Remote deployment
|
|
Use `nix run` with one of the deploy scripts exported by the flake,
|
|
for example: `nix run c3d2#glotzbert-nixos-rebuild switch`. Use `nix flake show c3d2`
|
|
to show what is available. Note that the deploy scripts only work if
|
|
the target machines already has flakes enabled.
|
|
|
|
### Local deployment
|
|
|
|
Running `nixos-rebuild --flake c3d2 switch` on a machine should be sufficient
|
|
to update that machine to the current configuration and Nixpkgs revision.
|
|
|
|
## Mit NixOps
|
|
|
|
The official way for deployment is through `deployer.serv.zentralwerk.org`
|
|
|
|
### Deploy changes
|
|
|
|
Use deployer system:
|
|
|
|
```shell
|
|
ssh k-ot@172.20.73.9
|
|
cd nix-config/
|
|
nixops deploy -d hq --check --include=[hostname]
|
|
```
|
|
|
|
|
|
|
|
### Creating new Container
|
|
|
|
This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.
|
|
|
|
1. log into any proxmox server
|
|
2. pct create [num] cephfs-iso:vztmpl/nixos-system-x86_64-linux.tar.xz -ostype unmanaged -net0 name=eth0,bridge=vmbr0,tag=[vlantag] -storage vms -hostname [hostname]
|
|
3. adjustments through ui if necessary
|
|
4. Adjust hq.nixops, add [hostname]
|
|
5. Run
|
|
```shell
|
|
ssh k-ot@172.20.73.16
|
|
cd nix-config/
|
|
nixops deploy -d hq --check --include=[hostname]
|
|
```
|
|
|
|
Tarballs can be built for containers using `config.system.build.tarball`.
|
|
```
|
|
nix build c3d2#nixosConfigurations.dhcp.config.system.build.tarball
|
|
```
|
|
|
|
## Mit `nixos-switch rebuild`
|
|
|
|
```shell
|
|
nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"
|
|
```
|
|
|
|
|
|
# Secrets
|
|
|
|
Add your gpg-id to the .gpg-id file in secrets and let somebody reencrypt it for you.
|
|
Maybe this works for you, maybe not. I did it somehow:
|
|
|
|
```
|
|
PASSWORD_STORE_DIR=`pwd` tr '\n' ' ' < .gpg-id | xargs -I{} pass init {}
|
|
```
|
|
|
|
Your gpg key has to have the Authenticate flag set. If not update it and push it to a keyserver and wait.
|
|
This is necessary, so you can login to any machine with your gpg key.
|
|
|
|
# Laptops / Desktops
|
|
|
|
This repository contains a NixOS module that can be used with personal machines
|
|
as well. This module appends `/etc/ssh/ssh_known_hosts` with the host keys of
|
|
registered HQ hosts, and optionally appends `/etc/hosts` with static IPv6
|
|
addresses local to HQ. Simply import the `lib` directory to use the module. As
|
|
an example:
|
|
|
|
```nix
|
|
# /etc/nixos/configuration.nix
|
|
{ config, pkgs, lib, ... }:
|
|
let
|
|
c3d2Config =
|
|
builtins.fetchGit { url = "https://gitea.c3d2.de/C3D2/nix-config.git"; };
|
|
in {
|
|
imports = [
|
|
# ...
|
|
"${c3d2Config}/lib"
|
|
];
|
|
|
|
c3d2 = {
|
|
isInHq = false; # not in HQ, this is the default.
|
|
mapHqHosts = true; # Make entries in /etc/hosts for *.hq internal addresses.
|
|
enableMotd = true; # Set the login shell message to the <<</>> logo.
|
|
};
|
|
|
|
# ...
|
|
}
|
|
|
|
```
|