diff options
| author | EuAndreh <eu@euandre.org> | 2020-08-10 17:16:22 -0300 |
|---|---|---|
| committer | EuAndreh <eu@euandre.org> | 2020-08-10 17:16:22 -0300 |
| commit | 1ec6471eb4dcb4671ee125113a529adbfb2e10a3 (patch) | |
| tree | cdf83293d6682a3f832cea71977d8fd7bc7005ba /README.md | |
| parent | Interactive Terraform plan -> apply cycle (diff) | |
| download | toph-1ec6471eb4dcb4671ee125113a529adbfb2e10a3.tar.gz toph-1ec6471eb4dcb4671ee125113a529adbfb2e10a3.tar.xz | |
Semi working setup: Terraform and LetsEncrypt working
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 59 |
1 files changed, 56 insertions, 3 deletions
@@ -1,6 +1,7 @@ # VPS -## Re-creating everything from scratch +## Workflow +### Re-creating everything from scratch ```shell git crypt unlock @@ -10,10 +11,62 @@ direnv allow ./nixos-update.sh ``` -## After an update on `vps.tf` +### After an update on `vps.tf` Same as above. -## After editing `vps-configuration.nix` or other OS files +### After editing `vps-configuration.nix` or other OS files Just run the `./nixos-update.sh` script. + +## Base image +The basic `configuration.nix` file in the current snapshots looks just like this: + +```nix +{ config, pkgs, ... }: + +{ + imports = [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only + + networking.useDHCP = false; + networking.interfaces.ens3.useDHCP = true; + + environment.systemPackages = with pkgs; [ vim ]; + + services.openssh.enable = true; + services.openssh.permitRootLogin = "no"; + + users.extraUsers.andreh = { + uid = 1000; + isNormalUser = true; + extraGroups = [ "wheel" ]; + password = "...password..."; + openssh.authorizedKeys.keys = [ + "...ssh public key..." + ]; + }; + + system.stateVersion = "19.09"; +} +``` + +This basic setup allows it to boot, starts the OpenSSH server agent and allows +the listed `openssh.authorizedKeys.keys` to login. + +I've also changed the nix-channel to the `nixos-unstable` imperatively before +creating the image snapshot: + +```shell +sudo nix-channel --remove nixos +sudo nix-channel --add https://nixos.org/channels/nixos-unstable nixos +``` + +So the first run of `./nixos-update.sh` will already get the latest channel from +unstable, which makes this image not tied to the particular original 19.09 NixOS +distribution. |