TheWanderingCrow/CrOS
1
0
Fork 0
mirror of https://github.com/TheWanderingCrow/CrOS.git synced 2026-01-09 17:24:05 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
CrOS/nixos-bootstrap
History
Exact
TheWanderingCrow 5718c8ca6d NixOS 25.11 migration
2025-12-01 09:36:32 -05:00
..
installers digital ocean generation 2025-07-23 21:03:11 -04:00
flake.lock nixos-bootstrap/flake.lock: Update 2025-10-22 13:23:53 -04:00
flake.nix digital ocean generation 2025-07-23 21:03:11 -04:00
installer-config.nix NixOS 25.11 migration 2025-12-01 09:36:32 -05:00
installer.pub testing installs on incarneron now 2025-06-30 09:17:20 -04:00
justfile digital ocean generation 2025-07-23 21:03:11 -04:00
README.md update bootstrap documentation 2025-10-22 14:39:56 -04:00

README.md

Bootstrap ISO for NixOS

From this subdirectory directory, run just iso to generate the ISO file

Typical installation flow

  1. Flash iso with sudo dd if=install.iso of=<usb drive> status=progress
  2. Boot image on install host
  3. Connect to network via Ethernet or nmcli
  4. From a donor machine, nixos-anywwhere -i <path to install private key> --flake .#<machine> nixos@<ip>
  5. There is a bit of a snag here, but the current protocol is to connect to ethernet and SSH in using the installer key in order to setup SOPS, this section will be amended when we figure this out
  6. Connect new host to ethernet and SSH in
  7. Run ssh-keyscan <host> | ssh-to-age to get the age keys for the remote
  8. Place the public key into .sops.yaml in the secrets repo at keys.hosts.
  9. Run age-keygen and place the public key in keys.users._
  10. Create the .yaml file in .sops.yaml and assign *skeleton, the host key, and the user key
  11. Run just rekey in the secrets repo and push, then run just update-secret in the primary repo and push.
  12. Add new SSH keys to repo
  13. Rebuild the system and test for working sops, you can now login locally