Declarative configuration of my machines & dotfiles.
git clone https://github.com/otosky/nix-config
cd nix-configThe following requires custom boot media built from manifests under
installer/.
To build the install-usb media, run
just build-isoecho -n "<luks-secret-key>" > /tmp/secret.key
# set up the drive partitions
just disko-init <host>
# mount the drives so that you can perform nix installation
just disko-mount <host>
# import gpg key
just setup
# copy ssh keys from live-media to nixos fs
just init-keysCaution
I need to figure out a way to get sops-nix to recognize my gpg key from a yubikey. Right now this blocks a successful bootstrap install.
To get this working at the moment, I use ssh-to-age to convert the new ed25519 key to an age key, update the host key in .sops.yaml, and then re-encrypt the password file at ./hosts/common/secrets.yaml.
This is an admittedly clunky process.
just install <host>just rebuild <host># just home-manager modules
home-manager switch --flake .#olivertosky@ot-desktop