diff --git a/README.md b/README.md index 0c6ba9b..fef1f04 100644 --- a/README.md +++ b/README.md @@ -1,23 +1,27 @@ # nixos-servers Nix definitions to configure our physical servers. -Currently, only one physical server (named jefke) is implemented. +Currently, only one physical server (named jefke) is implemented but more are planned! + +## Prerequisites + +1. Install the Nix package manager or NixOS ([link](https://nixos.org/download)) +2. Enable flake and nix commands ([link](https://nixos.wiki/wiki/Flakes#Enable_flakes_permanently_in_NixOS)) +3. Install Direnv ([link](https://direnv.net/)) +4. Allow direnv for this repository: `direnv allow` + +## Bootstrapping + +We bootstrap our physical server using [nixos-anywhere](https://github.com/nix-community/nixos-anywhere). +This reformats the hard disk of the server and installs a fresh NixOS. +Additionally, it deploys an age identity, which is later used for decrypting secrets. + +⚠️ This will wipe your server completely ⚠️ + +1. Make sure your have a [Secret service](https://www.gnu.org/software/emacs/manual/html_node/auth/Secret-Service-API.html) running (such as Keepassxc) that provides the age identity. +2. Ensure you have root SSH access to the server. +3. Run nixos-anywhere: `./bootstrap ` ## Deployment -### NEW - -`nix run github:numtide/nixos-anywhere -- --flake .#hypervisor root@jefke.hyp` - -### Prerequisites - -Before a NixOS definition can be deployed, some prerequite preparational steps must be performed. - -1. Manually install NixOS on the physical machine. This could potentially be automated in the future with [nixos-anywhere](https://github.com/nix-community/nixos-anywhere), but for now this is a manual process. -2. Enable SSH and install authorized keys. -3. Ensure Python3 is installed for Ansible. -4. Run Ansible playbook which deploys secrets `ansible-playbook deploy_secrets.yml`. - -### NixOS deployment - -Finally, the NixOS definition can be deployed as follows: `nix run github:serokell/deploy-rs`. +Deployment can simply be done as follows: `deploy` diff --git a/bootstrap.sh b/bootstrap.sh index 738cfe4..69257bc 100755 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -40,4 +40,4 @@ secret-tool lookup age-identity "$servername" > "$temp/root/age_ed25519" chmod 600 "$temp/root/age_ed25519" # Install NixOS to the host system with our age identity -nix run github:numtide/nixos-anywhere -- --extra-files "$temp" --flake '.#hypervisor' "root@$servername.hyp" +nixos-anywhere --extra-files "$temp" --flake ".#${servername}" "root@${servername}.hyp"