Compare commits

...

7 Commits

Author SHA1 Message Date
mrsu e6f0770f97 tidied disks 2024-06-28 20:21:27 +01:00
mrsu 05ee6da5ee removed admin deploykey in home and reverted persistance change 2024-06-28 18:16:15 +01:00
mrsu 739018e98f moved fonts.nix to fontconfig in display 2024-06-28 18:15:36 +01:00
mrsu 906d11b3b0 add enable persistance option 2024-06-28 16:05:12 +01:00
mrsu 89dceb1827 modified overseer to nebula, setup zfs 2024-06-28 15:26:16 +01:00
mrsu 0f83b32f2b deploy key added in hosts 2024-06-25 22:04:28 +01:00
mrsu 91eda4f7cd created overseer host, upgraded stateVersion to 24.04 2024-06-25 18:19:47 +01:00
23 changed files with 206 additions and 89 deletions

View File

@ -45,15 +45,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718846788, "lastModified": 1715070411,
"narHash": "sha256-9dtXYtEkmXoUJV+PGLqscqF7qTn4AIhAKpFWRFU2NYs=", "narHash": "sha256-5CNvkH0Nf7yMwgKhjUNg/lUK40C7DXB4zKOuA2jVO90=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "e1174d991944a01eaaa04bc59c6281edca4c0e6e", "rev": "4677f6c53482a8b01ee93957e3bdd569d51261d6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "v1.6.1",
"repo": "disko", "repo": "disko",
"type": "github" "type": "github"
} }
@ -141,11 +142,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718879355, "lastModified": 1719259945,
"narHash": "sha256-RTyqP4fBX2MdhNuMP+fnR3lIwbdtXhyj7w7fwtvgspc=", "narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "8cd35b9496d21a6c55164d8547d9d5280162b07a", "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -221,11 +222,11 @@
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1717932370, "lastModified": 1719091691,
"narHash": "sha256-7C5lCpiWiyPoIACOcu2mukn/1JRtz6HC/1aEMhUdcw0=", "narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "27979f1c3a0d3b9617a3563e2839114ba7d48d3f", "rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -261,11 +262,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718662658, "lastModified": 1719128254,
"narHash": "sha256-AKG7BsqtVWDlefgzyKz7vjaKTLi4+bmTSBhowbQoZtM=", "narHash": "sha256-I7jMpq0CAOZA/i70+HDQO/ulLttyQu/K70cSESiMX7A=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "29b3096a6e283d7e6779187244cb2a3942239fdf", "rev": "50581970f37f06a4719001735828519925ef8310",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -277,11 +278,11 @@
"nix-secrets": { "nix-secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1718651801, "lastModified": 1719601133,
"narHash": "sha256-YoYeg48dhvHzwcwb+TJMv4vlB4tcics9u6N/kXxfUYA=", "narHash": "sha256-2+e92LyX1fFj3mIZft+K8OzR9NT/1xtheO8hO/3DyRc=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "e02bf3cecdb9a49e9cc9e777b8406f5ab28a2566", "rev": "278ccbbd646e86cab5fd38d43d9134270d8123d0",
"revCount": 94, "revCount": 141,
"type": "git", "type": "git",
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
}, },
@ -292,11 +293,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1718835956, "lastModified": 1719426051,
"narHash": "sha256-wM9v2yIxClRYsGHut5vHICZTK7xdrUGfrLkXvSuv6s4=", "narHash": "sha256-yJL9VYQhaRM7xs0M867ZFxwaONB9T2Q4LnGo1WovuR4=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "dd457de7e08c6d06789b1f5b88fc9327f4d96309", "rev": "89c49874fb15f4124bf71ca5f42a04f2ee5825fd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -323,11 +324,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1718478900, "lastModified": 1719099622,
"narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=", "narHash": "sha256-YzJECAxFt+U5LPYf/pCwW/e1iUd2PF21WITHY9B/BAs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c884223af91820615a6146af1ae1fea25c107005", "rev": "5e8e3b89adbd0be63192f6e645e0a54080004924",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -339,11 +340,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1718895438, "lastModified": 1719254875,
"narHash": "sha256-k3JqJrkdoYwE3fHE6xGDY676AYmyh4U2Zw+0Bwe5DLU=", "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d603719ec6e294f034936c0d0dc06f689d91b6c3", "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -367,11 +368,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1718966331, "lastModified": 1719469291,
"narHash": "sha256-JKc3awrDQhdYT9LUAVgt74rFVcSrZ+VgNTsWLo2Kp24=", "narHash": "sha256-Efir01r7ThPabDBFOygX1UDyerJFHelbRGdMo/VNw14=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "1cd17226d5c75d20df2ebb754c3fc60ccc735a25", "rev": "8f52e4d1e34039937efb0ee05825b9963ef29739",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -383,11 +384,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1719053107, "lastModified": 1719596768,
"narHash": "sha256-gUnarEm0XN7xVK2s9t7eEEixctynaERMruLdzkDloV8=", "narHash": "sha256-quSWztqqMxvSJIKddYp1D0GdR7Kg8JjEVCIzMbtBTQ4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "f1b52ba4df9226117b0f33b5226ccea7aad08068", "rev": "35e48702118124ec52a071e300f55c78a4b7b338",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -418,11 +419,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1718506969, "lastModified": 1719268571,
"narHash": "sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg=", "narHash": "sha256-pcUk2Fg5vPXLUEnFI97qaB8hto/IToRfqskFqsjvjb8=",
"owner": "mic92", "owner": "mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "797ce4c1f45a85df6dd3d9abdc53f2691bea9251", "rev": "c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -454,11 +455,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718522839, "lastModified": 1719243788,
"narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=", "narHash": "sha256-9T9mSY35EZSM1KAwb7K9zwQ78qTlLjosZgtUGnw4rn4=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81", "rev": "065a23edceff48f948816b795ea8cc6c0dee7cdf",
"type": "github" "type": "github"
}, },
"original": { "original": {

View File

@ -26,7 +26,7 @@
# Declarative partitioning and formatting # Declarative partitioning and formatting
disko = { disko = {
url = "github:nix-community/disko"; url = "github:nix-community/disko/v1.6.1";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@ -115,6 +115,16 @@
} }
]; ];
}; };
nebula = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/nebula
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
}; };
}; };
} }

View File

@ -4,7 +4,6 @@
inputs.nix-colors.homeManagerModules.default inputs.nix-colors.homeManagerModules.default
./zsh.nix ./zsh.nix
./nixvim ./nixvim
./fonts.nix
]; ];
nixpkgs.overlays = [ nixpkgs.overlays = [
@ -29,5 +28,5 @@
libqalculate libqalculate
; ;
}; };
home.stateVersion = "23.11"; home.stateVersion = "24.05";
} }

View File

@ -1,15 +0,0 @@
{ pkgs, ... }:
{
fonts.fontconfig.enable = true;
home.packages = with pkgs; [
nerdfonts
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
hack-font
liberation_ttf
libertine
font-awesome
];
}

View File

@ -1,4 +1,16 @@
{ ... }: { { ... }:
{
fonts.fontconfig.enable = true;
home.packages = with pkgs; [
nerdfonts
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
hack-font
liberation_ttf
libertine
font-awesome
];
fonts = { fonts = {
fontconfig = { fontconfig = {
defaultFonts = { defaultFonts = {

13
home/nebula.nix Normal file
View File

@ -0,0 +1,13 @@
{ ...
}: {
imports = [
# Import users
./users/admin
./common/core
# Import optional
./common/optional/git.nix
];
}

View File

@ -3,7 +3,6 @@
{ {
home.username = "admin"; home.username = "admin";
home.homeDirectory = "/home/admin"; home.homeDirectory = "/home/admin";
home.stateVersion = "23.11";
imports = [ imports = [
] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules? ] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules?

View File

@ -3,7 +3,6 @@
{ {
home.username = "media"; home.username = "media";
home.homeDirectory = "/home/media"; home.homeDirectory = "/home/media";
home.stateVersion = "23.11";
imports = [ imports = [
inputs.impermanence.nixosModules.home-manager.impermanence inputs.impermanence.nixosModules.home-manager.impermanence

View File

@ -3,7 +3,6 @@
{ {
home.username = "sam"; home.username = "sam";
home.homeDirectory = "/home/sam"; home.homeDirectory = "/home/sam";
home.stateVersion = "23.11";
imports = [ imports = [
] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules? ] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules?

View File

@ -4,6 +4,7 @@ let
in in
{ {
imports = [ imports = [
inputs.impermanence.nixosModules.impermanence
./sops.nix ./sops.nix
./locale.nix ./locale.nix
]; ];
@ -44,5 +45,5 @@ in
pkgs.vim pkgs.vim
]; ];
system.stateVersion = "23.11"; system.stateVersion = "24.05";
} }

View File

@ -0,0 +1,21 @@
{
type = "btrfs";
extraArgs = ["-f"];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountOptions = [ "subvol=nix" "noatime" ];
mountpoint = "/nix";
};
"/swap" = {
mountOptions = [ "noatime" ];
mountpoint = "/.swapvol";
swap.swapfile.size = "8192M";
};
};
}

View File

@ -1,11 +1,11 @@
{ device, fsType, encrypted, ... }: { device, fsType, encrypted, impermanence, ... }:
let let
# basic and perists configs. basic fs = ext4, persist fs = btrfs either encrypted or under lvm fsModule = if impermanence then ./${fsType}/persist.nix else ./${fsType}/standard.nix;
basic = import ./gpt-bios-compact.nix { inherit device; }; basic = import ./${fsType}/basic.nix { inherit device; };
btrfs-persist-lvm = import ./btrfs-lvm.nix { inherit device; }; lvm = import ./lvm.nix { inherit device; fsModule = fsModule; };
btrfs-persist-luks = import ./btrfs-luks.nix { inherit device; }; luks = import ./luks.nix { inherit device; fsModule = fsModule; };
in in
if fsType == "ext4" then basic if fsType == "ext4" then basic
else if fsType == "btrfs" && encrypted then btrfs-persist-luks else if fsType == "btrfs" && encrypted then luks
else if fsType == "btrfs" then btrfs-persist-lvm else if fsType == "btrfs" then lvm
else null # or some default value else null

View File

@ -1,4 +1,7 @@
{device ? throw "Must define a device, e.g. /dev/sda"}: {
device ? throw "Must define a device, e.g. /dev/sda",
fsModule ? "Must specify submodule"
}:
{ {
disko.devices = { disko.devices = {
disk = { disk = {
@ -26,7 +29,7 @@
type = "luks"; type = "luks";
name = "crypted"; name = "crypted";
passwordFile = "/tmp/luks_secret.key"; # Interactive passwordFile = "/tmp/luks_secret.key"; # Interactive
content = (import ./btrfs-persist.nix); content = (import "${fsModule}");
}; };
}; };
}; };

View File

@ -1,4 +1,7 @@
{device ? throw "Must define a device, e.g. /dev/sda"}: {
device ? throw "Must define a device, e.g. /dev/sda",
fsModule ? "Must specify submodule"
}:
{ {
disko.devices = { disko.devices = {
disk.main = { disk.main = {
@ -36,7 +39,7 @@
lvs = { lvs = {
root = { root = {
size = "100%FREE"; size = "100%FREE";
content = (import ./btrfs-persist.nix); content = (import "${fsModule}");
}; };
}; };
}; };

View File

@ -15,14 +15,9 @@ in
hashedPasswordFile = sopsHashedPasswordFile; hashedPasswordFile = sopsHashedPasswordFile;
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
extraGroups = extraGroups = ["wheel"];
[
"wheel"
];
packages = with pkgs; [ packages = with pkgs; [
flatpak
gnome.gnome-software
]; ];
}; };

51
hosts/nebula/default.nix Normal file
View File

@ -0,0 +1,51 @@
{ inputs, config, lib, pkgs, outputs, ... }:
let
# Disko setup
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
dev = "/dev/sda"; # depends on target hardware
encrypted = false; # currrently only applies to btrfs
impermanence = false; # currrently only applies to btrfs
btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root";
user = "admin";
in
{
imports =
[
# Create users for this host
../common/users/${user}
# Disk configuration
inputs.disko.nixosModules.disko
(import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; })
# Import core options
./hardware-configuration.nix
../common/core
# Import optional options
../common/optional/openssh.nix
];
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
timeout = 3;
};
};
networking = {
hostName = "nebula";
networkmanager.enable = true;
enableIPv6 = false;
};
boot.supportedFilesystems = [ "zfs" ];
boot.zfs.forceImportRoot = false;
networking.hostId = "18aec5d7";
services.libinput.enable = true;
}

View File

@ -0,0 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View File

@ -6,6 +6,7 @@ let
encrypted = true; # currrently only applies to btrfs encrypted = true; # currrently only applies to btrfs
btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root"; btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root";
user = "sam"; user = "sam";
impermanence = true;
in in
{ {
imports = imports =
@ -15,11 +16,10 @@ in
# Disk configuration # Disk configuration
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
(import ../common/disks { device = dev; fsType = fsType; encrypted = encrypted; }) (import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; })
# Impermanence # Impermanence
inputs.impermanence.nixosModules.impermanence (import ../common/disks/btrfs/impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; })
(import ../common/disks/btrfs-impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; })
# Import core options # Import core options
./hardware-configuration.nix ./hardware-configuration.nix

View File

@ -5,6 +5,7 @@ let
dev = "/dev/sda"; # depends on target hardware dev = "/dev/sda"; # depends on target hardware
encrypted = false; # currrently only applies to btrfs encrypted = false; # currrently only applies to btrfs
btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root"; btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root";
impermanence = true;
in in
{ {
imports = imports =
@ -14,11 +15,10 @@ in
# Disk configuration # Disk configuration
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
(import ../common/disks { device = dev; fsType = fsType; encrypted = encrypted; }) (import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; })
# Impermanence # Impermanence
inputs.impermanence.nixosModules.impermanence (import ../common/disks/btrfs/impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; })
(import ../common/disks/btrfs-impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; })
# Import core options # Import core options
./hardware-configuration.nix ./hardware-configuration.nix

View File

@ -17,6 +17,8 @@ read -p "Enter hostname of target: " hostname
read -p "Enter IP of target: " ip read -p "Enter IP of target: " ip
read -p "Enter config to install on target: " config read -p "Enter config to install on target: " config
read -p "Enter username (if none, use 'root'): " username read -p "Enter username (if none, use 'root'): " username
read -p "Using impermanence? (yes|no): " impermanence
[ "$impermanence" = "yes" ] && persist="/persist"
# Delete key in known hosts if exists # Delete key in known hosts if exists
sed -i "/$ip/d" ~/.ssh/known_hosts sed -i "/$ip/d" ~/.ssh/known_hosts
@ -36,11 +38,11 @@ cleanup() {
trap cleanup EXIT trap cleanup EXIT
# Create the directory for target host keys # Create the directory for target host keys
install -d -m755 "$temp/persist/etc/ssh" install -d -m755 "$temp$persist/etc/ssh"
# Create ssh keys # Create ssh keys
echo "Creating '$hostname' ssh keys" echo "Creating '$hostname' ssh keys"
ssh-keygen -t ed25519 -f "$temp/persist/etc/ssh/ssh_host_ed25519_key" -C root@"$hostname" -N "" ssh-keygen -t ed25519 -f "$temp$persist/etc/ssh/ssh_host_ed25519_key" -C root@"$hostname" -N ""
# Extract luks key from secrets # Extract luks key from secrets
luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ../nix-secrets/secrets.yaml") luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ../nix-secrets/secrets.yaml")
@ -48,7 +50,7 @@ echo "$luks_secret" > /tmp/luks_secret.key
# Generate age key from target host and user public ssh key # Generate age key from target host and user public ssh key
echo "Generating age key from target host and user ssh key" echo "Generating age key from target host and user ssh key"
HOST_AGE_KEY=$(nix-shell -p ssh-to-age --run "cat $temp/persist/etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age") HOST_AGE_KEY=$(nix-shell -p ssh-to-age --run "cat $temp$persist/etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age")
echo -e "Host age key:\n$HOST_AGE_KEY\n" echo -e "Host age key:\n$HOST_AGE_KEY\n"
# Update .sops.yaml with new age key: # Update .sops.yaml with new age key:
@ -67,10 +69,10 @@ sed -i "{
just update-sops-secrets && just update-flake-secrets && just update-flake just update-sops-secrets && just update-flake-secrets && just update-flake
# Copy current nix config over to target # Copy current nix config over to target
cp -prv . "$temp/persist/etc/nixos" cp -prv . "$temp$persist/etc/nixos"
# Install Nixos to target # Install Nixos to target
SHELL=/bin/sh nix run github:nix-community/nixos-anywhere -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519" SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.3.0 -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519"
[ $? != 0 ] && echo "Error installing Nixos" && exit 1 [ $? != 0 ] && echo "Error installing Nixos" && exit 1
## Delete keys from local known_hosts ## Delete keys from local known_hosts