initial setup for the framework destkop (named rivendell)

1 files changed, 20 insertions, 0 deletions

diff --git a/docs/install.org b/docs/install.org
index d552513..b846cd3 100644
--- a/docs/install.org
+++ b/docs/install.org
@@ -19,3 +19,23 @@ You can then validate that they key is encrypted properly with =sudo agenix -i /
    1. Run =sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount nix/machines/vm-synology/disk.nix=
    2. Run =nixos-install --root /mnt/ --flake .#vm-synology=
 4. Reboot the VM
+* Create the nixos installer
+Run
+#+begin_src fish
+nix build .#nixosConfigurations.iso.config.system.build.isoImage
+#+end_src
+
+Then copy to a USB stick with:
+#+begin_src fish
+sudo dd if=result/iso/nixos-minimal-25.05git.25e53aa156d-x86_64-linux.iso of=/dev/rdisk5 bs=1M conv=sync status=progress
+#+end_src
+* Bare metal machine
+We can install remotely a machine with =nixos-anywhere=, including full disk encryption.
+
+First, create a password in 1password for the machine (using the convention "nix/<hostname>/encryption"). Next run the following snippet to create the SSH host key for init boot (this is needed so we can ssh to the host to unlock it).
+
+#+begin_src fish
+set temp (mktemp -d)
+ssh-keygen -t ed25519 -N "" -C "initrd-root-ssh" -f "$temp/etc/initrd/ssh_host_ed25519_key"
+nix run github:nix-community/nixos-anywhere -- --flake .#rivendell --build-on remote --disk-encryption-keys /tmp/pass (op read "op://Private/vmifhwbjtvaqp3422gfbjxdq2y/password"|psub) --target-host root@192.168.1.112 --extra-files "$temp"
+#+end_src