diff --git a/.github/workflows/nixos-tests.yaml b/.github/workflows/nixos-tests.yaml new file mode 100644 index 0000000..5d815ab --- /dev/null +++ b/.github/workflows/nixos-tests.yaml @@ -0,0 +1,24 @@ +name: "NixOS Tests" +on: + pull_request: + push: +jobs: + tests: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: cachix/install-nix-action@v27 + with: + extra_nix_config: "system-features = nixos-test benchmark big-parallel kvm" + + - uses: cachix/cachix-action@v15 + with: + name: esselius-config + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + extraPullNames: nix-community + + - uses: rrbutani/use-nix-shell-action@v1 + + - name: Monitoring Auth + run: nix run .#nixosTests.monitoring-auth \ No newline at end of file diff --git a/README.md b/README.md index c6f8b16..cc6aa81 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,43 @@ # Usage +## Local darwin config + Install nix with the [DeterminateSystems nix-installer](https://github.com/DeterminateSystems/nix-installer) ```shell $ nix-installer plan macos --case-sensitive --extra-conf "use-case-hack = false" --encrypt true > plan.json $ nix-installer install plan.json + +$ sudo mv /etc/nix/nix.conf{,.before-nix-darwin} +$ nix --extra-experimental-features 'flakes nix-command' run nix-darwin -- switch --flake . ``` -Switch darwin config +## Raspberry Pi bootstrap + +Generate SD card image ```shell -$ sudo mv /etc/nix/nix.conf{,.before-nix-darwin} -$ nix --extra-experimental-features 'flakes nix-command' run nix-darwin -- switch --flake . +$ nix build .#nixosConfigurations.adama.config.system.build.sdImage +$ unzstd result/sd-image/nixos-sd-image-24.05.20240706.49ee0e9-aarch64-linux.img.zst -o x.img +``` + +Flash SD card or USB stick with `x.img` using [Raspberry Pi Imager](https://www.raspberrypi.com/software/), put in RPi and start attached to network. + +Grab new ssh host key. + +```shell +$ ssh-keyscan 192.168.1.195 +``` + +Update host key in `secrets/secrets.nix` and rekey secrets. + +```shell +$ cd secrets +$ agenix --rekey +``` + +Deploy refreshed secrets. + +```shell +$ nixos-rebuild switch --flake . --target-host 192.168.1.195 --fast --use-remote-sudo ``` \ No newline at end of file diff --git a/home-modules/tools.nix b/home-modules/tools.nix index 81edf6e..88e5b07 100644 --- a/home-modules/tools.nix +++ b/home-modules/tools.nix @@ -19,5 +19,6 @@ nixpkgs-fmt jq zstd + nixos-rebuild ]; } diff --git a/secrets/authentik-env.age b/secrets/authentik-env.age index a94c76b..e188530 100644 Binary files a/secrets/authentik-env.age and b/secrets/authentik-env.age differ diff --git a/secrets/github-token.age b/secrets/github-token.age index 3877308..d165956 100644 Binary files a/secrets/github-token.age and b/secrets/github-token.age differ diff --git a/secrets/home-email.age b/secrets/home-email.age index 03aa3e3..6cbebce 100644 --- a/secrets/home-email.age +++ b/secrets/home-email.age @@ -1,5 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 q0q77g oRcBQhZIoKzLlVZdsRlf4LdxmX9SuTEefbF0mJ3s6lU -F1xEx2BBzLL9/G4pvuNyeV8foPy9XPCspiXRsRgsT+g ---- km9jGq8etKb4qrdyzmy6gSROuUuklHfYQ8/DQbrkwP4 -cSj}~jWKD˭BfBk%6': \ No newline at end of file +-> ssh-ed25519 q0q77g 9i/kyZ2fTApdkvxZtGQM8nr6Dm7Tr0Gk5HDfgcOLlSI +Z/zX899laT67h1+bzeDTu6gw/HpBi8xFa5QQovJuOzY +--- /f9vBC76yKogzwhVZt2QwELwGasnCiLWgFDxGtAhYWw +tmܶ7;j*g}*Pp{A4~m{;. \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 12ca996..6f63add 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -2,7 +2,7 @@ let home-peteresselius = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoqhLqzuQJEyn/M4WmBkpPlMou2zIXoJUikAcFgvx4C"; work-peteresselius = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJmUlguPPHN+XxAvF9OEmF8mnn7mXSWez5PjkG04ECL2"; - adama = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUVGYoACAxqrVXHBGiG+kxd6GwFULIHC/3luk59tize"; + adama = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTzyGpnD7Zlfj/7oxOq3ZQ1URPtRP60UaxOKyOm7Mgn"; in { "work-email.age".publicKeys = [ work-peteresselius ];