https://github.com/anthr76/snowflake
https://github.com/anthr76/snowflake
Last synced: 10 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/anthr76/snowflake
- Owner: anthr76
- Created: 2022-04-03T18:37:29.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2024-11-26T21:20:28.000Z (over 1 year ago)
- Last Synced: 2024-12-16T22:51:23.448Z (over 1 year ago)
- Language: Nix
- Size: 968 KB
- Stars: 7
- Watchers: 2
- Forks: 1
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Nix Configuration
This repository is home to the nix code that builds my systems (mostly linux rarely mac).
# New Machines
In the future a script should be written to take care of this but but in the meantime:
```fish
set temp $(mktemp -d)
install -d -m755 "$temp/etc/ssh"
ssh-keygen -t ed25519 -C "root@master-04" -f $temp/etc/ssh/ssh_host_ed25519_key
ssh-keygen -t rsa -C "root@master-04" -f $temp/etc/ssh/ssh_host_rsa_key
chmod 600 "$temp/etc/ssh/ssh_host_ed25519_key"
chmod 644 "$temp/etc/ssh/ssh_host_ed25519_key.pub"
chmod 600 "$temp/etc/ssh/ssh_host_rsa_key"
chmod 644 "$temp/etc/ssh/ssh_host_rsa_key.pub"
nix shell nixpkgs#ssh-to-age -c sh -c "cat $temp/etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age"
# Add to .sops.yaml rekey secrets
# nix run github:numtide/nixos-anywhere -- --extra-files "$temp" --flake ".#${MACHINE}" "root@${IP}" --no-reboot
nix run github:numtide/nixos-anywhere -- --extra-files "$temp" --flake ".$MACHINE" "root@$IP"
```
Note: If bootstrapping a LUKs machine make sure to `echo -n` the password or ensure there's no new-line.