diff options
| author | EuAndreh <eu@euandre.org> | 2021-01-23 16:44:43 -0300 |
|---|---|---|
| committer | EuAndreh <eu@euandre.org> | 2021-01-23 16:44:43 -0300 |
| commit | ac297809424a1684789c2cb5f539b57db297366d (patch) | |
| tree | 352547e447d14cff1529b3db81a79a8b1f441133 /README.md | |
| parent | sh/templates/build-aux/assert-docs-spelling.sh: Move to POSIX sh (diff) | |
| download | dotfiles-ac297809424a1684789c2cb5f539b57db297366d.tar.gz dotfiles-ac297809424a1684789c2cb5f539b57db297366d.tar.xz | |
README.md: Remove old content
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 157 |
1 files changed, 6 insertions, 151 deletions
@@ -1,85 +1,9 @@ -# dotfiles - EuAndreh\'s personal repository +# dotfiles - EuAndreh's personal repository -## Instructions - setting up a new NixOS installation +## Paperkey -### 1. Prepare the USB stick - -Get the link for the [NixOS ISO -image](https://nixos.org/nixos/download.html) (prefer the KDE image for -easy network connection) and burn it to the USB stick (check the device -with `lsblk`): - -``` {.shell} -NIXOS_URL='https://releases.nixos.org/nixos...linux.iso' -wget https://euandre.org/dotfiles/nixos/burn.sh -chmod +x burn.sh -./burn.sh "${NIXOS_URL}" /dev/sdb -``` - -### 2. Performing a fresh install - -Put the USB stick in the new laptop and boot from it. - -First we need to get the internet connection working. Check that the -wireless interface name is actually `wlp2s0` or something else (use -`ip a` of `ifconfig` for that), and use `wpa_supplicant` to perform the -connection: - -``` {.shell} -wpa_supplicant -B -i wlp2s0 -c <(wpa_passphrase SSID PASSPHRASE) -``` - -Now we need to also double check the driver name with `lsblk`. We\'ll -assume it\'s `/dev/sda`. - -After that all we need is to download the installation script and run it -with the correct arguments: - -``` {.shell} -curl https://euandre.org/dotfiles/nixos/install.sh > install.sh -chmod +x install.sh -LAPTOP_NAME='velhinho-nixos' -sudo ./install.sh "${LAPTOP_NAME}" /dev/sda -``` - -### 3. Bootstraping the new installation\'s configuration and data - -After booting up from the freshly installed NixOS, login into the -**GNOME+Xorg** option on the top right corner. Connect again to the -internet using the network applet and launch a terminal window. - -Now we\'ll need the GPG keys to decrypt the Git Annex repo, decrypt the -SSH keys and bootstrap from there. - -Get the `keys.gpg` file with both private and public keys (see -[exporting GPG keys](#exporting-gpg-key-pairs) below on how to do that) -from the external disk and run the setup script: - -``` {.shell} -curl https://euandre.org/dotfiles/nixos/setup.sh | bash -s ~/path/to/keys.gpg -``` - -Now just follow the instructions of the script. - -That\'s all! - -## Resources - -### Exporting GPG key pairs - -Export the GPG data using `export-keys.sh` and put it in a disk drive to -do an offline transfer: - -``` {.shell} -export-keys.sh -mv EuAndreh.tar.gpg ~/UTCLOUD/ -``` - -### Paperkey - -Paperkey generate using: - -``` {.shell} +Paperkey generated using: +```shell cat <<EOF # Paper key gpg --export-secret-keys EuAndreh | paperkey > paperkey-content.txt @@ -91,77 +15,8 @@ rm out* EOF ``` -To recover a paperkey: - -``` {.shell} -paperkey --pubring <(wget -O- https://euandre.org/public-key.txt | gpg --dearmor) --secrets paperkey-content.txt | gpg --batch --import -``` - -### `export-keys.sh` +To recover from a paperkey: ```shell -#!/usr/bin/env bash -set -Eeuo pipefail - -yellow "Exporting public key..." -gpg --export --armor -a EuAndreh > keys.gpg -green "Done." - -yellow "Exporting private key..." -read -p "A prompt for the GPG password will appear! (Press any key to continue)" -n 1 -r -gpg --export-secret-keys --armor -a EuAndreh >> keys.gpg -green "Done." - -yellow "Exporting ownertrust..." -gpg --export-ownertrust > trust.txt -green "Done." - -yellow "Creating tar with key pair and trust content..." -tar -cvf EuAndreh.tar keys.gpg trust.txt -green "Done." - -yellow "Encrypting tar file..." -read -p "A prompt for the symmetric encryption key of the keys.gpg file will appear! (Press any key to continue)" -n 1 -r -gpg --cipher-algo AES256 -c EuAndreh.tar -green "Done." - -yellow "Removing traces of private key..." -shred trust.txt -rm trust.txt -shred keys.gpg -rm keys.gpg -shred EuAndreh.tar -rm EuAndreh.tar -green "Done." - -blue "File 'EuAndreh.tar.gpg' created!" -``` - -### `copy-public-key.sh` - -``` -#!/bin/sh -set -eux - -FINGERPRINT='5BDAE9B8B2F6C6BCBB0D6CE581F90EC3CD356060' -FILE="$(mktemp)" - -gpg --batch --yes --output "${FILE}" --armor --export "${FINGERPRINT}" - -# Update keyserver -# gpg --send-keys "${FINGERPRINT}" - -# Add to website -cp "${FILE}" ~/dev/libre/website/public-key.txt - -# Update in euandreh-guix-channel -cd ~/dev/libre/euandreh-guix-channel/ -git checkout keyring -cp "${FILE}" euandreh.key -cd - - -# Update in github: can't be done - -# Clean up -rm "${FILE}" +paperkey --pubring <(wget -O- https://euandre.org/public-key.txt | gpg --dearmor) --secrets paperkey-content.txt | gpg --batch --import ``` |