mirror of
https://github.com/TheWanderingCrow/CrOS.git
synced 2026-01-10 17:34:05 -05:00
24 lines
1.2 KiB
Markdown
24 lines
1.2 KiB
Markdown
# Bootstrap ISO for NixOS
|
|
|
|
From this subdirectory directory, run `just iso` to generate the ISO file
|
|
|
|
## Typical installation flow
|
|
|
|
1. Flash iso with `sudo dd if=install.iso of=<usb drive> status=progress`
|
|
2. Boot image on install host
|
|
3. Connect to network via Ethernet or `nmcli`
|
|
4. From a donor machine,
|
|
`nixos-anywwhere -i <path to install private key> --flake .#<machine> nixos@<ip>`
|
|
5. There is a bit of a snag here, but the current protocol is to connect to
|
|
ethernet and SSH in using the installer key in order to setup SOPS, this
|
|
section will be amended when we figure this out
|
|
6. Connect new host to ethernet and SSH in
|
|
7. Run `ssh-keyscan <host> | ssh-to-age` to get the age keys for the remote
|
|
8. Place the public key into .sops.yaml in the secrets repo at keys.hosts.<host>
|
|
9. Run `age-keygen` and place the public key in keys.users.<user>_<host>
|
|
10. Create the <host>.yaml file in .sops.yaml and assign *skeleton, the host
|
|
key, and the user key
|
|
11. Run `just rekey` in the secrets repo and push, then run `just update-secret`
|
|
in the primary repo and push.
|
|
12. Add new SSH keys to repo
|
|
13. Rebuild the system and test for working sops, you can now login locally
|