This is the repository where I define all my important hosts on my server.
Install nix on your system.
To jump into the devshell: nix develop
-
To encrypt and decrypt files you have to create a PGP Key. Edit the .sops.yaml accordingly.
-
Update the sops keys
sops updatekeys {path/to/any/secrets.yaml}We use opentofu as our IaC tool.
- To provision the VM for the host, find it within:
/infra
tofu init
tofu apply- Pregenerate hostkeys
Pregenerate hostkeys using the hostkeys.sh. These will be copied to the target-machine.
The script prints an age-key which is created from the public host key.
- Update sops kes using the age key
Add the age-key to the .sops.yaml and run
sops updatekeys {path/to/any/secrets.yaml}- Deploy the Nixos-anywhere configuration to the provisioned VM
Don't forget to copy the host keys from the tmp directory to the target.
Note
I am using nix run github:nix-community/nixos-anywhere here as there seem to be issues with the pkgs.nixos-anywhere version when using --extra-files
nix run github:nix-community/nixos-anywhere -- --flake .#whatever --extra-files tmp/extra-files/ user@ip- Rebuild if you make any changes to the .nix files
If you make changes to the nix configurations, don't forget to rebuild the system:
nixos-rebuild switch --flake .#nextcloud --target-host "user@ip"