From 8ad118162edca6604b6cd3e7c03bc2574f8544e5 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Tue, 11 Jun 2024 00:20:15 +0000
Subject: [PATCH] doc: how to recover or add new hosts

---
 doc/adding-a-host.md | 25 +++++++++++++++++++++++++
 doc/recovery.md      | 12 ++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 doc/adding-a-host.md
 create mode 100644 doc/recovery.md

diff --git a/doc/adding-a-host.md b/doc/adding-a-host.md
new file mode 100644
index 00000000..d4efdd5e
--- /dev/null
+++ b/doc/adding-a-host.md
@@ -0,0 +1,25 @@
+to add a host:
+- create the new nix targets
+  - hosts/by-name/HOST
+  - let the toplevel (flake.nix) know about HOST
+- build and flash an image
+- optionally expand the rootfs
+  - `cfdisk /dev/sda2` -> resize partition
+  - `mount /dev/sda2 boot`
+  - `btrfs filesystem resize max root`
+- setup required persistent directories
+  - `mkdir -p root/persist/private`
+  - `gocryptfs -init root/persist/private`
+  - then boot the device, and for every dangling symlink in ~/.local/share, ~/.cache, do `mkdir -p` on it
+- setup host ssh
+  - `mkdir -p root/persist/plaintext/etc/ssh/host_keys`
+  - boot the machine and let it create its own ssh keys
+  - add the pubkey to `hosts/common/hosts.nix`
+- setup user ssh
+  - `ssh-keygen`. don't enter any password; it's stored in a password-encrypted fs.
+  - add the pubkey to `hosts/common/hosts.nix`
+- allow the new host to view secrets
+  - instructions in hosts/common/secrets.nix
+  - run `ssh-to-age` on user/host pubkeys
+  - add age key to .sops.yaml
+  - update encrypted secrets: `sops updatekeys path/to/secret.yaml`
diff --git a/doc/recovery.md b/doc/recovery.md
new file mode 100644
index 00000000..4e7cc4ab
--- /dev/null
+++ b/doc/recovery.md
@@ -0,0 +1,12 @@
+## deploying to SD card
+- build a toplevel config: `nix build '.#hostSystems.moby'`
+- mount a system:
+  - `mkdir -p root/{nix,boot}`
+  - `mount /dev/sdX1 root/boot`
+  - `mount /dev/sdX2 root/nix`
+- copy the config:
+  - `sudo nix copy --no-check-sigs --to root/ $(readlink result)`
+    - nix will copy stuff to `root/nix/store`
+- install the boot files:
+  - `sudo /nix/store/sbwpwngjlgw4f736ay9hgi69pj3fdwk5-extlinux-conf-builder.sh -d ./root/boot -t 5 -c $(readlink ./result)`
+    - extlinux-conf-builder can be found in `/run/current-system/bin/switch-to-configuration`