* dotfiles
[[https://builds.sr.ht/~euandreh/dotfiles][file:https://builds.sr.ht/~euandreh/dotfiles.svg]]
** Instructions - setting up a new NixOS installation
*** 1. Prepare the USB stick
Get the link for the [[https://nixos.org/nixos/download.html][NixOS ISO image]] and burn it to the USB stick:
#+BEGIN_SOURCE shell
NIXOS_URL='https://releases.nixos.org/nixos...linux.iso'
curl https://euandre.org/dotfiles/nixos/burn.sh | bash -s "$NIXOS_URL" /dev/sdb
#+END_SOURCE
*** 2. Performing a fresh install
Put the USB stick in the new laptop and boot from it.

First we need to get the internet connection working. Check that the wireless interface name is actually =wlp2s0= or something else (use =ip a= of =ifconfig= for that), and use =wpa_supplicant= to perform the connection:
#+BEGIN_SOURCE shell
wpa_supplicant -B -i wlp2s0 -c <(wpa_passphrase SSID PASSPHRASE)
#+END_SOURCE
Now we need to also double check the driver name with =lsblk=. We'll assume it's =/dev/sda=.

After that all we need is to download the installation script and run it with the correct arguments:
#+BEGIN_SOURCE shell
curl https://euandre.org/dotfiles/nixos/install.sh > install.sh
chmod +x install.sh
LAPTOP_NAME='velhinho-nixos'
./install.sh "${LAPTOP_NAME}" /dev/sda
#+END_SOURCE
*** 3. Bootstraping the new installation's configuration and data
After booting up from the freshly installed NixOS, we'll need the GPG keys to decrypt the Git Annex repo, decrypt the SSH keys and bootstrap from there.

Get the =keys.gpg= file with both private and public keys (see [[#exporting-gpg-key-pairs][exporting GPG keys]] below on how to do that) and run the setup script:
#+BEGIN_SOURCE shell
curl https://euandre.org/dotfiles/nixos/setup.sh | bash -s ~/path/to/keys.gpg
#+END_SOURCE
Now open up Firefox and login back to it! That's all!
** Resources
*** Exporting GPG key pairs
:PROPERTIES:
:CUSTOM_ID: exporting-gpg-key-pairs
:END:
** Instructions - setting up a new installation (NixOS)
*** 1. Download NixOS image from [[https://nixos.org/][the website]].
*** 2. Follow USB ISO installation steps in =nixos/os-installation.sh=
*** 3. Put =private.gpg= and =public.gpg= files in UTCLOUD (the actual HD drive)
#+BEGIN_SRC shell
  gpg --export -a EuAndreh > public.gpg
  gpg --export-secret-keys -a EuAndreh > private
  gpg --cipher-algo AES256 -c private
  shred private
  rm private
  mv public.gpg ~/UTCLOUD/public.gpg
  mv private.gpg ~/UTCLOUD/private.gpg
  cp $DOTFILES/encrypted/password-hash.txt ~/UTCLOUD/password-hash.txt
#+END_SRC
*** 4. Import GPG keys in new OS
#+BEGIN_SRC shell
  gpg -o private -d private.gpg
  gpg --import public.gpg
  gpg --import private
  gpg --edit-key EuAndreh

  # Inside GPG prompt
  trust
  5
  quit

  # end of GPG prompt
  shred private
  shred private.gpg
  rm private
  rm private.gpg
  rm public.gpg
#+END_SRC
*** 5. Clone annex repo from HD and setup remotes
#+BEGIN_SRC shell
git clone gcrypt::/media/andreh/UTCLOUD/annex.git
cd annex
git annex describe here "repo description"
git annex enableremote hd
git annex enableremote gitlab
git annex enableremote rsyncnet
git annex enableremote s3
#+END_SRC
** Paperkey
Paperkey generate using:
#+BEGIN_SRC shell
cat <<EOF
# Paper key
gpg --export-secret-keys EuAndreh | paperkey > paperkey-content.txt

# QR codes of paper key
gpg --export-secret-keys EuAndreh | paperkey | qrencode -o out.png -S -v 16
montage *.png -tile 1x2 -geometry +0+0 concatenate-out.png
rm out*
EOF
#+END_SRC
To recover a paperkey:
#+BEGIN_SRC shell
paperkey --pubring <(wget -O- https://euandre.org/public-key.txt | gpg --dearmor) --secrets paperkey-content.txt | gpg --batch --import
#+END_SRC