diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-11-23 08:45:51 -0800 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-11-23 08:45:51 -0800 |
| commit | b06f459e9a2da4facb42e2680d30e26bae0d37d8 (patch) | |
| tree | cf478a5a3cf3143526b7c6bae1c6b03128bc8b07 /docs/install.org | |
| parent | configure miniflux and integrate with authelia (diff) | |
| download | infra-b06f459e9a2da4facb42e2680d30e26bae0d37d8.tar.gz | |
simplify the configuration
Diffstat (limited to '')
| -rw-r--r-- | docs/install.org | 41 |
1 files changed, 0 insertions, 41 deletions
diff --git a/docs/install.org b/docs/install.org deleted file mode 100644 index b846cd3..0000000 --- a/docs/install.org +++ /dev/null @@ -1,41 +0,0 @@ -#+TITLE: Installation -#+AUTHOR: Franck Cuny -#+EMAIL: franck@fcuny.net - -* Darwin -** =agenix= -Create SSH host keys with =sudo ssh-keygen -A=. - -You then need to add the public key (=/etc/ssh/ssh_host_ed25519_key.pub=) to [[file+emacs:../secrets/secrets.nix][secrets.nix]] and re-key the secrets, running =agenix -i ~/.ssh/agenix -r=. - -You can then validate that they key is encrypted properly with =sudo agenix -i /etc/ssh/ssh_host_ed25519_key -d ssh-remote-builder.age=. -* Virtual machine running on the Synology NAS -** Creating the VM -- chose VGA for the display (otherwise ~systemd-udevd~ gets stuck) -** Install NixOS on the VM -1. Boot to the installer -2. Copy the local configuration to the remote host ~rsync -avz --exclude='.git' --exclude='result' world/ nixos@192.168.1.151:~/world/~ -3. On the VM, from the =world= directory: - 1. Run =sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount nix/machines/vm-synology/disk.nix= - 2. Run =nixos-install --root /mnt/ --flake .#vm-synology= -4. Reboot the VM -* Create the nixos installer -Run -#+begin_src fish -nix build .#nixosConfigurations.iso.config.system.build.isoImage -#+end_src - -Then copy to a USB stick with: -#+begin_src fish -sudo dd if=result/iso/nixos-minimal-25.05git.25e53aa156d-x86_64-linux.iso of=/dev/rdisk5 bs=1M conv=sync status=progress -#+end_src -* Bare metal machine -We can install remotely a machine with =nixos-anywhere=, including full disk encryption. - -First, create a password in 1password for the machine (using the convention "nix/<hostname>/encryption"). Next run the following snippet to create the SSH host key for init boot (this is needed so we can ssh to the host to unlock it). - -#+begin_src fish -set temp (mktemp -d) -ssh-keygen -t ed25519 -N "" -C "initrd-root-ssh" -f "$temp/etc/initrd/ssh_host_ed25519_key" -nix run github:nix-community/nixos-anywhere -- --flake .#rivendell --build-on remote --disk-encryption-keys /tmp/pass (op read "op://Private/vmifhwbjtvaqp3422gfbjxdq2y/password"|psub) --target-host root@192.168.1.112 --extra-files "$temp" -#+end_src |