Mirror/nixos-anywhere-example
Mirror/nixos-anywhere-example
1
0
Fork 0
mirror of https://codeberg.org/privacy1st/nixos-anywhere-example synced 2025-01-22 06:35:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

docs

Browse Source
This commit is contained in:
Daniel Langbein 2024-02-06 18:40:07 +01:00
parent 32c89f9ae4
commit ed2b5f67b9
Signed by: langfingaz
GPG Key ID: 6C47C753F0823002
2 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
template/README.md
View File

@ -10,9 +10,13 @@ Manuals:
* disko reference: https://github.com/nix-community/disko/blob/master/docs/reference.md * disko reference: https://github.com/nix-community/disko/blob/master/docs/reference.md
* nixos-anywhere reference: https://github.com/nix-community/nixos-anywhere/blob/main/docs/reference.md * nixos-anywhere reference: https://github.com/nix-community/nixos-anywhere/blob/main/docs/reference.md
## Build installer ISO with passwordless SSH ## Build installer ISO with password-less SSH
In [./iso.nix](./iso.nix), replace `./nitrokey.pub` with your SSH public key.
```shell ```shell
sudo nix-channel --update
nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix
# aarch64 ISO (requires emulation) # aarch64 ISO (requires emulation)
#nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix --argstr system aarch64-linux #nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix --argstr system aarch64-linux
@ -47,7 +51,7 @@ Lastly, in [./flake.nix](./flake.nix) replace `pbkdf-memory` with your amount of
--- ---
Optionally, if `ssh-fde-unlock.nix` is imported in [./flake.nix](./flake.nix), replace the kernel network driver with the correct one there. Optionally, if `ssh-fde-unlock.nix` is imported in [./flake.nix](./flake.nix), replace `boot.initrd.availableKernelModules` with the kernel network driver in use.
## Installation ## Installation
@ -58,19 +62,33 @@ nix --extra-experimental-features nix-command --extra-experimental-features flak
run github:numtide/nixos-anywhere -- -f '.#mysystem' --vm-test run github:numtide/nixos-anywhere -- -f '.#mysystem' --vm-test
``` ```
To install on remote target machine: To install on remote target machine (if fde is **not** configured):
```shell ```shell
nix --extra-experimental-features nix-command --extra-experimental-features flakes \ nix --extra-experimental-features nix-command --extra-experimental-features flakes \
run github:numtide/nixos-anywhere -- --flake '.#mysystem' -p 22 root@192.168.178.106 run github:numtide/nixos-anywhere -- --flake '.#mysystem' -p 22 root@192.168.178.106
``` ```
To install on remote target machine **and** print the SSH fingerprint of the new system. If no encrypted disks are set up, the disk password can be left empty: To install on remote target machine (with or without fde) **and** print the SSH fingerprint of the new system. If fde is not set up, then the disk password can be left empty when asked for it:
```shell ```shell
./install-helper.sh 22 root@192.168.178.106 ./install-helper.sh 22 root@192.168.178.106
``` ```
## Connect to installed system
fde unlock:
```shell
ssh root@192.168.178.106
```
Once unlocked, connect with SSH. If the connection fails, double check on your router if the system was assigned to another IP address.
```shell
ssh root@192.168.178.106
```
## Updating dependencies ## Updating dependencies
Recreate the lock file (i.e. update all inputs) and commit the new lock file: Recreate the lock file (i.e. update all inputs) and commit the new lock file:

1
template/ssh-fde-unlock.nix
View File

@ -9,6 +9,7 @@
enable = true; enable = true;
shell = "/bin/cryptsetup-askpass"; shell = "/bin/cryptsetup-askpass";
authorizedKeys = [ authorizedKeys = [
# This is my public SSH key.
(builtins.readFile ./nitrokey.pub) (builtins.readFile ./nitrokey.pub)
]; ];
hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];