- prepare a minimal config in
nixos-configurations/$HOSTNAME/default.nix - install the base (reminder: swap and luks)
- rebuild with the right hostname, connect to wifi with
nmtui - install the config:
# backup
cp -r /etc/nixos ~/old
# get the repo
nix-shell -p git
git clone --depth 1 https://github.com/anuramat/nixos ~/nixos
sudo rm -rf /etc/nixos
sudo mv -T ~/nixos /etc/nixos
# add hw config
cp "$HOME/old/hardware-configuration.nix" "/etc/nixos/nixos-configurations/$HOSTNAME"
git -C /etc/nixos add -A
# install
export NIX_CONFIG="experimental-features = nix-command flakes pipe-operators"
nix develop
# TODO put these into the justfile, together with some other bootstrap stuff
nh os switch /etc/nixos -H "$HOSTNAME"
# might fail; try
sudo nixos-rebuild switch --option extra-experimental-features pipe-operators --flake ".#$HOSTNAME"todo:
# - new step: after installing minimal config -- generate keys, start tailscale, scp from a trusted machine, rekey secrets with agenix and commit
# - keygen script -- make easily accessible from dev shell
# - new step: unfuck the repo (switch to ssh and unshallow)
# gpg --full-generate-key
# pass init $EMAIL
# protonmail-bridge -cli
# firefoxsome extras:
nix-cache-keygen # only if this machine is a builder XXX am I sure about this? seems like we need it regardless
# misc
gh auth login
# TODO upload ssh key to github; might be doable with gh auth
sudo tailscale up "--operator=$(whoami)"
# TODO protonmail bridge- sshKey and sshUser in nix.buildMachines are ignored: NixOS/nix#3423;
for now add this to /root/.ssh/config:
Host anuramat-ll7 IdentitiesOnly yes IdentityFile /home/anuramat/.ssh/id_ed25519 User builder ConnectTimeout 3