diff options
author | Alex Auvolat <alex@adnab.me> | 2022-02-25 22:00:10 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-02-25 22:00:10 +0100 |
commit | d7ff8bfa2efe4504497a352ee60331a50ec62743 (patch) | |
tree | b2bf3078bbf6f05e3931629c4ace38d2536247be | |
parent | f5f0927b9ecb781aca649b0ae32e665b0e06a95f (diff) | |
download | nixcfg-d7ff8bfa2efe4504497a352ee60331a50ec62743.tar.gz nixcfg-d7ff8bfa2efe4504497a352ee60331a50ec62743.zip |
doc updates
-rw-r--r-- | doc/nixos-install.md | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/doc/nixos-install.md b/doc/nixos-install.md index f2fcd2d..7b3d137 100644 --- a/doc/nixos-install.md +++ b/doc/nixos-install.md @@ -96,9 +96,9 @@ Just enough so that basic tasks can be done from keyboard and remotely: - keyboard layout - font `sun12x22` - vim -- user +- non-root user - ssh -- ssh port in firewall +- tcp port 22 in firewall ## Do the installation @@ -111,10 +111,10 @@ nixos-install Reboot machine. Login as `root` ```bash -passwd <user> +passwd <nonroot user> ``` -If necessary, assign static IP: `ip addr add 192.168.1.40/24 dev eno1` or sth (replace ip and device appropriately) +If necessary, assign static IP. E.g. `ip addr add 192.168.1.40/24 dev eno1` or sth (replace ip and device appropriately) Remotely: `ssh-copy-id <user>@<ip>`. Check SSH access is good. @@ -122,11 +122,11 @@ Remotely: `ssh-copy-id <user>@<ip>`. Check SSH access is good. It's time! -**Changes in this repo:** +**Files in this repo to create/change:** -- create node `.nix` file, site `.nix` file if neccessary, and symlink for node `.site.nix` - (create site and cluster files if necessary; use existing files of e.g. - the staging cluster as examples/templates) +- create node `.nix` file and symlink for node `.site.nix` (create site and + cluster `.nix` files if necessary; use existing files of e.g. the staging + cluster as examples/templates) - make sure values are filled in correctly - add node to `ssh_config` with it's LAN IP, we don't have VPN at this stage @@ -152,10 +152,6 @@ Check remote unlocking works: `ssh -p 222 root@<ip>` ## Configure wireguard -**Create wireguard keys:** - -On the node: - ```bash # On node being installed mkdir -p /var/lib/deuxfleurs/wireguard-keys @@ -170,6 +166,12 @@ and not only its LAN address. Redo a deploy (`./deploy.sh <cluster> <nodename>`) +Check VPN works. Change IP in `ssh_config` to use VPN IP instead of LAN IP (required for deploy when away from home). + +## Commit changes to `nixcfg` repo + +This is a good point to commit your new/modified `.nix` files. + ## Configure Nomad and Consul TLS If you are bootstraping a new cluster, you need to `./genpki.sh <cluster>` to |