aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-02-25 22:00:10 +0100
committerAlex Auvolat <alex@adnab.me>2022-02-25 22:00:10 +0100
commitd7ff8bfa2efe4504497a352ee60331a50ec62743 (patch)
treeb2bf3078bbf6f05e3931629c4ace38d2536247be
parentf5f0927b9ecb781aca649b0ae32e665b0e06a95f (diff)
downloadnixcfg-d7ff8bfa2efe4504497a352ee60331a50ec62743.tar.gz
nixcfg-d7ff8bfa2efe4504497a352ee60331a50ec62743.zip
doc updates
-rw-r--r--doc/nixos-install.md26
1 files changed, 14 insertions, 12 deletions
diff --git a/doc/nixos-install.md b/doc/nixos-install.md
index f2fcd2d..7b3d137 100644
--- a/doc/nixos-install.md
+++ b/doc/nixos-install.md
@@ -96,9 +96,9 @@ Just enough so that basic tasks can be done from keyboard and remotely:
- keyboard layout
- font `sun12x22`
- vim
-- user
+- non-root user
- ssh
-- ssh port in firewall
+- tcp port 22 in firewall
## Do the installation
@@ -111,10 +111,10 @@ nixos-install
Reboot machine. Login as `root`
```bash
-passwd <user>
+passwd <nonroot user>
```
-If necessary, assign static IP: `ip addr add 192.168.1.40/24 dev eno1` or sth (replace ip and device appropriately)
+If necessary, assign static IP. E.g. `ip addr add 192.168.1.40/24 dev eno1` or sth (replace ip and device appropriately)
Remotely: `ssh-copy-id <user>@<ip>`. Check SSH access is good.
@@ -122,11 +122,11 @@ Remotely: `ssh-copy-id <user>@<ip>`. Check SSH access is good.
It's time!
-**Changes in this repo:**
+**Files in this repo to create/change:**
-- create node `.nix` file, site `.nix` file if neccessary, and symlink for node `.site.nix`
- (create site and cluster files if necessary; use existing files of e.g.
- the staging cluster as examples/templates)
+- create node `.nix` file and symlink for node `.site.nix` (create site and
+ cluster `.nix` files if necessary; use existing files of e.g. the staging
+ cluster as examples/templates)
- make sure values are filled in correctly
- add node to `ssh_config` with it's LAN IP, we don't have VPN at this stage
@@ -152,10 +152,6 @@ Check remote unlocking works: `ssh -p 222 root@<ip>`
## Configure wireguard
-**Create wireguard keys:**
-
-On the node:
-
```bash
# On node being installed
mkdir -p /var/lib/deuxfleurs/wireguard-keys
@@ -170,6 +166,12 @@ and not only its LAN address.
Redo a deploy (`./deploy.sh <cluster> <nodename>`)
+Check VPN works. Change IP in `ssh_config` to use VPN IP instead of LAN IP (required for deploy when away from home).
+
+## Commit changes to `nixcfg` repo
+
+This is a good point to commit your new/modified `.nix` files.
+
## Configure Nomad and Consul TLS
If you are bootstraping a new cluster, you need to `./genpki.sh <cluster>` to