diff --git a/README.md b/README.md index 14fd0c4b..815c5a9c 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,8 @@ # NixOS Configuration Repository ## NOTE: These configs expect this repo to be cloned to /etc/nixos/git/ -``` -# First run as root: -nix-shell -p git --run git clone https://git.sysctl.io/albert/nix /etc/nixos/git -ln -s /etc/nixos/git/flake.nix /etc/nixos/flake.nix -nixos-rebuild switch --flake '/etc/nixos#' -mkdir /nix/var/nix/profiles/per-user/ +### For first-run, see `setup.sh` + -# as : -home-manager switch -b backup --flake /etc/nixos/git -``` ![Gruv'd Hyprland](./screenshot.png "Hyprland with a Gruvboxy theme") --- # To Do List diff --git a/sd-image.nix b/sd-image.nix deleted file mode 100644 index df9cb1cf..00000000 --- a/sd-image.nix +++ /dev/null @@ -1,28 +0,0 @@ -# Raspberry Pi SD Image -# $ nix-build '' -A config.system.build.sdImage -I nixos-config=./sd-image.nix -# https://nixos.wiki/wiki/NixOS_on_ARM#Installation -{ config, lib, ... }: -let - desktop = null; -in { - # Simple bootstrap SD image for the Raspberry Pi - imports = [ - - ]; - - users.users.albert = { - isNormalUser = true; - description = "Albert J. Copeland"; - extraGroups = [ "networkmanager" "wheel" ]; - # mkpasswd -m sha-512 - hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6"; - }; - - services.openssh = { - enable = true; - settings = { - PermitRootLogin = "no"; - PasswordAuthentication = true; - }; - }; -} \ No newline at end of file diff --git a/setup.sh b/setup.sh new file mode 100644 index 00000000..eaeed075 --- /dev/null +++ b/setup.sh @@ -0,0 +1,42 @@ +#!env /bin/bash +# First setup: + +user=albert +read -p "Hostname: " host; + +# run as root: +sudo nix-shell -p git --run git clone https://git.sysctl.io/albert/nix /etc/nixos/git +sudo ln -s /etc/nixos/git/flake.nix /etc/nixos/flake.nix +sudo chown -R $user:root /etc/nixos/git +sudo nixos-rebuild switch --flake '/etc/nixos#$host' +sudo mkdir /nix/var/nix/profiles/per-user/$user +echo "Host setup complete." + +# as $user: +home-manager switch -b backup --flake /etc/nixos/git +source ~/.bashrc + +# Import and trust the GPG key +read -p "Path to GPG Private Key: " gpgKey +gpg --import $gpgKey +echo -e "5\ny\n" | gpg --command-fd 0 --expert --edit-key 64F6C4EB46C4543A trust + +# Setup SOPS +sudo nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o /etc/nixos/git/keys/hosts/$(host).asc" +cd /etc/nixos/git +nix-shell +sops-update secrets/secrets.yaml + +# Set up ssh keys +ssh-keygen -t rsa -b 8192 -f ~/.ssh/id_rsa -N "" +echo "" >> /etc/nixos/git/keys/ssh/keys.txt +echo "# $user@$host" >> /etc/nixos/git/keys/ssh/keys.txt +cat .ssh/id_rsa.pub >> /etc/nixos/git/keys/ssh/keys.txt + + +# Add all changes to git and and push +git add keys/hosts/$(host).asc +git commit -am "Setup of host: $host" +git push + +echo "Complete. Reboot to complete the config" \ No newline at end of file