1.0 KiB
1.0 KiB
to add a host:
- create the new nix targets
- hosts/by-name/HOST
- let the toplevel (flake.nix) know about HOST
- build and flash an image
- optionally expand the rootfs
cfdisk /dev/sda2
-> resize partitionmount /dev/sda2 boot
btrfs filesystem resize max root
- setup required persistent directories
mkdir -p root/persist/private
gocryptfs -init root/persist/private
- then boot the device, and for every dangling symlink in ~/.local/share, ~/.cache, do
mkdir -p
on it
- setup host ssh
mkdir -p root/persist/plaintext/etc/ssh/host_keys
- boot the machine and let it create its own ssh keys
- add the pubkey to
hosts/common/hosts.nix
- setup user ssh
ssh-keygen
. don't enter any password; it's stored in a password-encrypted fs.- add the pubkey to
hosts/common/hosts.nix
- allow the new host to view secrets
- instructions in hosts/common/secrets.nix
- run
ssh-to-age
on user/host pubkeys - add age key to .sops.yaml
- update encrypted secrets:
sops updatekeys path/to/secret.yaml