cd7658f452
- Updated AGENTS.md to specify one key per purpose for SSH access, including naming conventions and configuration tips. - Revised README.md to streamline the roadmap and link to SSH and secrets documentation. - Created docs/ssh-and-secrets.md to outline the strategy for managing SSH keys and secrets in a public repo. - Refined TODO.md to reflect the new approach for secrets and server configuration tasks.
27 lines
1.2 KiB
Markdown
27 lines
1.2 KiB
Markdown
# NixOS flake
|
||
|
||
Rebuild from dotfiles dir:
|
||
|
||
```bash
|
||
sudo nixos-rebuild switch --flake ~/dotfiles/nixos#macbookair
|
||
# or #wsl
|
||
# macOS: cd ~/dotfiles/nixos && darwin-rebuild switch --flake .
|
||
```
|
||
|
||
## Server (nixos-server)
|
||
|
||
One-time bootstrap (no git until first rebuild):
|
||
|
||
```bash
|
||
nix run --extra-experimental-features "nix-command flakes" nixpkgs#git -- clone https://github.com/DannyDannyDanny/dotfiles.git /tmp/dotfiles
|
||
sudo mv /tmp/dotfiles /etc/dotfiles
|
||
sudo nixos-rebuild switch --flake /etc/dotfiles/nixos#nixos-server --option accept-flake-config true
|
||
```
|
||
|
||
If the daemon doesn’t have flakes: copy [server-configuration-with-flakes.nix](server-configuration-with-flakes.nix) to `/etc/nixos/configuration.nix`, run `sudo nixos-rebuild switch`, then build and switch to the flake (see [server-quickstart.md](../server-quickstart.md) for SSH keys).
|
||
|
||
SSH keys (not in repo): `scp ~/.ssh/*.pub danny@server:/tmp/`, then on server `mkdir -p ~/.ssh; cat /tmp/*.pub >> ~/.ssh/authorized_keys`. See [docs/ssh-and-secrets.md](../docs/ssh-and-secrets.md).
|
||
|
||
Timer: every 15 min the server pulls and rebuilds when `main` changes. Config: `hosts/nixos-server.nix`, `hosts/nixos-server-hardware.nix`.
|
||
|
||
No git in PATH: `sudo nix run nixpkgs#git -- -C /etc/dotfiles pull origin main`.
|