Add a small explainer to readme, remove old detailed setup instructions now that nixos has an installer

This commit is contained in:
Cyryl Płotnicki 2023-01-13 08:46:11 +00:00
parent 1e14ed46be
commit 49f6a48623

205
README.md
View file

@ -2,205 +2,10 @@
https://git.cyplo.dev/cyplo/dotfiles
My dotfiles - including my vim, terminal and font configs.
Mostly focusing on setting things up on NixOS, but supporting other OSes where possible.
My dotfiles - including my vim, terminal and font config.
My current setup consists of multiple machines running NixOS.
This is using flakes for reproducibility and home manager for setting up user-specific things.
## bootstrap new machine with NixOS:
1. boot the target machine from the livecd
2. change password for the default user `nixos`
3. ssh from another, already bootstrapped, machine
remote (sata + MBR):
```bash
sudo su -
parted /dev/sda -- mklabel msdos
parted /dev/sda -- rm 1
parted /dev/sda -- rm 2
parted /dev/sda -- rm 3
parted /dev/sda -- rm 4
parted /dev/sda -- mkpart primary 1MiB 1GiB
parted /dev/sda -- mkpart primary 1GiB 100%
cryptsetup luksFormat /dev/sda2
```
remote (sata):
```bash
sudo su -
# `efibootmgr -b 000x -B` if you want to remove entry number x
yes | parted /dev/sda -- mklabel gpt
parted /dev/sda -- rm 1
parted /dev/sda -- rm 2
parted /dev/sda -- rm 3
parted /dev/sda -- rm 4
parted /dev/sda -- mkpart ESP fat32 1MiB 1GiB
parted /dev/sda -- set 1 esp on
parted /dev/sda -- mkpart primary 1GiB 100%
cryptsetup luksFormat /dev/sda2
```
remote (nvme):
```bash
sudo su -
# `efibootmgr -b 000x -B` if you want to remove entry number x
yes | parted /dev/nvme0n1 -- mklabel gpt
parted /dev/nvme0n1 -- rm 1
parted /dev/nvme0n1 -- rm 2
parted /dev/nvme0n1 -- rm 3
parted /dev/nvme0n1 -- rm 4
parted /dev/nvme0n1 -- rm 5
parted /dev/nvme0n1 -- mkpart ESP fat32 1MiB 1GiB
parted /dev/nvme0n1 -- set 1 esp on
parted /dev/nvme0n1 -- mkpart primary 1GiB 100%
cryptsetup luksFormat /dev/nvme0n1p2
```
remote (sata):
```bash
cryptsetup luksOpen /dev/sda2 crypt
```
remote (nvme):
```bash
cryptsetup luksOpen /dev/nvme0n1p2 crypt
```
remote (sata+MBR):
```bash
mkfs.ext2 /dev/sda1 -L boot
```
remote (sata + GPT):
```bash
mkfs.fat -F 32 -n boot /dev/sda1
```
remote (nvme + GPT):
```bash
mkfs.fat -F 32 -n boot /dev/nvme0n1p1
```
remote (sata):
```bash
mkfs.btrfs -L nixos /dev/mapper/crypt
cryptsetup luksClose crypt
cryptsetup luksOpen /dev/sda2 crypt
mount /dev/disk/by-label/nixos /mnt
mkdir -p /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot
nixos-generate-config --root /mnt
```
remote (nvme):
```bash
mkfs.fat -F 32 -n boot /dev/nvme0n1p1
mkfs.btrfs -L nixos /dev/mapper/crypt
cryptsetup luksClose crypt
cryptsetup luksOpen /dev/nvme0n1p2 crypt
mount /dev/disk/by-label/nixos /mnt
mkdir -p /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot
nixos-generate-config --root /mnt
```
local:
```bash
tar -cvz . > ../dotfiles.tar.gz
scp ../dotfiles.tar.gz nixos@remote:/tmp
```
remote:
```bash
mkdir -p /mnt/home/cyryl/dev/dotfiles/
tar -xvf /tmp/dotfiles.tar.gz -C /mnt/home/cyryl/dev/dotfiles
# merge /mnt/etc/nixos/hardware-configuration.nix into /mnt/home/cyryl/dev/dotfiles/nixos/boxes/bootstrap/hardware-configuration.nix
nix-shell -p nixUnstable git
cd /mnt/home/cyryl/dev/dotfiles/
systemd-inhibit nixos-install --flake '.#bootstrap'
passwd cyryl
chown cyryl -R /home/cyryl
reboot
```
ctrl-alt-f1 cyryl login:
```bash
cd ~/dev/dotfiles/
mkdir -p nixos/boxes/HOSTNAME
cp nixos/boxes/bootstrap/2.nix nixos/boxes/HOSTNAME/default.nix
cp nixos/boxes/bootstrap/hardware-configuration.nix nixos/boxes/HOSTNAME/
sudo ln -vfs /home/cyryl/dev/dotfiles/nixos/boxes/HOSTNAME/default.nix /etc/nixos/configuration.nix
sudo nixos-rebuild switch --flake '.#HOSTNAME'
reboot
```
```bash
cd ~/dev/dotfiles/
nixos-install --flake '.#'
ssh-keygen -t ed25519
mkdir -p ~/.config/sops/age/
nix-shell -p 'import (fetchTarball "https://github.com/Mic92/ssh-to-age/archive/main.tar.gz") {}' sops age
ssh-to-age -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt
age-keygen -y ~/.config/sops/age/keys.txt #add result to .sops.yaml as a 'source' key
# add machine's age public key from /var/lib/sops-nix/key.txt to .sops.yaml as a target key
sops --add-age [source-age-key] -i -r ./nixos/i3/openweathermap.sops.yaml
sops --add-age [target-age-key] -i -r ./nixos/i3/openweathermap.sops.yaml
# syncthing
# vault
# firefox sync
# bitwarden
# add key to sr.ht
cd ~/dev/dotfiles
git checkout nixos/boxes/bootstrap
```
### Good Links [tm]
* https://nixpk.gs/pr-tracker.html
* https://pr-tracker.nevarro.space/
### inspiration
* start with flakes - https://github.com/mjlbach/nix-dotfiles/blob/4777ae6cf1a2bf88f5320a300e05bbe7ada57df8/nixos/flake.nix#L1-L10
* flakes - https://github.com/MatthewCroughan/nixcfg/blob/master/flake.nix#L45 for T480
* https://github.com/cole-mickens/nixcfg/tree/main
* https://git.sr.ht/~afontaine/nix/tree/main/item/andrew/mail/default.nix#L125-129 - proton mail bridge
* https://github.com/expipiplus1/dotfiles/blob/3d6ca2c8bcba3181bfe7bf16d331baf407c7a9dd/tests/home-test.nix - testing on CI
* https://git.knightsofthelambdacalcul.us/hazel/etc
### things to check out
* https://github.com/ryantm/agenix
* `nix-top`
* naersk for genpass
* https://github.com/divnix/devos
* https://github.com/tazjin/nix-1p
* https://github.com/nix-community/neovim-nightly-overlay
* install ISO - https://christine.website/blog/my-homelab-2021-06-08
### flakes
```
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
};
outputs = { self, nixpkgs, ... }@inputs: {
nixosConfigurations = {
hyacinth = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
(import ./machines/hyacinth)
];
specialArgs = { inherit inputs; };
};
```
Workstations are set up by running ` sudo nixos-rebuild switch --flake '.#'` and servers are by `nixos-rebuild switch --flake '.#servername' --target-host root@hostname`.
I don't use home manager the program, everything is referenced from the top flake.