Provisioning for my NixOS systems based on Nix.
Copy /etc/ssh/ssh_host_ed25519_key.pub
into secrets
and rekey the secrets via agenix, you could also just execute
ssh-keyscan ip_or_fqdn
to fetch the current public keys. After pushing the
rekeyed secrets execute the commands below.
sudo loadkeys de
sudo nix-shell --packages nixUnstable
nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko --flake github:tboerger/nixos-config#asgard
mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#asgard
nix run github:serokell/deploy-rs github:tboerger/nixos-config#asgard
sudo loadkeys de
sudo nix-shell --packages nixUnstable
nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko --flake github:tboerger/nixos-config#utgard
mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#utgard
nix run github:serokell/deploy-rs github:tboerger/nixos-config#utgard
sudo loadkeys de
sudo nix-shell --packages nixUnstable
nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko --flake github:tboerger/nixos-config#vanaheim
mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#vanaheim
nix run github:serokell/deploy-rs github:tboerger/nixos-config#vanaheim
sudo loadkeys de
sudo nix-shell --packages nixUnstable
mount /dev/disk/by-label/NIXOS_SD /mnt
mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#yggdrasil
nix run github:serokell/deploy-rs github:tboerger/nixos-config#yggdrasil
If you find a security issue please contact [email protected] first.
Fork -> Patch -> Push -> Pull Request
Apache-2.0
Copyright (c) 2021 Thomas Boerger <[email protected]>