Cloonar/nixos

Fork 0

Go to file

Dominik Polakovics 9e0624eaf1 try

2023-12-05 12:27:09 +01:00

hosts

try

2023-12-05 12:27:09 +01:00

iso

add iso, change networking for fw

2023-11-28 15:44:54 +01:00

utils

fix omada hash

2023-12-04 19:23:59 +01:00

.gitignore

test git hook for sops

2023-07-23 09:06:08 +02:00

.sops.yaml

add secrets

2023-12-02 12:29:38 +01:00

config.sh

remove local build

2023-07-13 14:28:09 +02:00

fleet.nix

update fleet ssh key

2023-11-28 18:49:09 +01:00

README.md

many changes to fw, small fixes to nb

2023-11-27 00:29:16 +01:00

todos.md

add nextcloud oidc

2023-08-18 20:15:53 +02:00

README.md

1. Installation of new servers

install ubuntu 20.04
get age key from SSH

nix-shell -p ssh-to-age --run 'ssh-keyscan example.com | ssh-to-age'

fix secrets files

nix-shell -p sops --run "sops updatekeys -y secrets.yaml"

run install command

./install.sh example.com

2. Sops command

nix-shell -p sops --run 'sops hosts/cloonar.com/secrets.yaml'

2. Web Server specific

change the permissions for /var/www

chown nginx:nginx /var/www
chmod 755 /var/www

3. Net data

Netdata data page: Add a node
Once you got the token, we will claim it to associate it to a node:
create /var/lib/netdata/cloud.d/token and write the token in it
run nix-shell -p netdata --run "netdata-claim.sh -id=$(uuidgen)" as root
your node should be registered in Netdata cloud

4. Add new Host

sftp host.cloonar.com@git.cloonar.com:/config/bootstrap.sh ./

5. Yubikey

ykman fido access change-pin --new-pin 654321
systemd-cryptenroll --fido2-device=auto --fido2-with-client-pin=yes /dev/nvme0n1p2

6. Wireguard

wg genkey | (umask 077 && tee privatekey) | wg pubkey > publickey
umask 0077; wg genpsk > psk

Languages

Nix 88.1%

Lua 5.8%

Shell 5.7%

CSS 0.2%

Dockerfile 0.1%