forked from Deuxfleurs/nixcfg
doc updates
This commit is contained in:
parent
f5f0927b9e
commit
d7ff8bfa2e
GPG key ID:
0E496D15096376BE
1 changed files with 14 additions and 12 deletions
|
|
@ -96,9 +96,9 @@ Just enough so that basic tasks can be done from keyboard and remotely:
|
||||||
- keyboard layout
|
- keyboard layout
|
||||||
- font `sun12x22`
|
- font `sun12x22`
|
||||||
- vim
|
- vim
|
||||||
- user
|
- non-root user
|
||||||
- ssh
|
- ssh
|
||||||
- ssh port in firewall
|
- tcp port 22 in firewall
|
||||||
|
|
||||||
## Do the installation
|
## Do the installation
|
||||||
|
|
||||||
|
|
@ -111,10 +111,10 @@ nixos-install
|
||||||
Reboot machine. Login as `root`
|
Reboot machine. Login as `root`
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
passwd <user>
|
passwd <nonroot user>
|
||||||
```
|
```
|
||||||
|
|
||||||
If necessary, assign static IP: `ip addr add 192.168.1.40/24 dev eno1` or sth (replace ip and device appropriately)
|
If necessary, assign static IP. E.g. `ip addr add 192.168.1.40/24 dev eno1` or sth (replace ip and device appropriately)
|
||||||
|
|
||||||
Remotely: `ssh-copy-id <user>@<ip>`. Check SSH access is good.
|
Remotely: `ssh-copy-id <user>@<ip>`. Check SSH access is good.
|
||||||
|
|
||||||
|
|
@ -122,11 +122,11 @@ Remotely: `ssh-copy-id <user>@<ip>`. Check SSH access is good.
|
||||||
|
|
||||||
It's time!
|
It's time!
|
||||||
|
|
||||||
**Changes in this repo:**
|
**Files in this repo to create/change:**
|
||||||
|
|
||||||
- create node `.nix` file, site `.nix` file if neccessary, and symlink for node `.site.nix`
|
- create node `.nix` file and symlink for node `.site.nix` (create site and
|
||||||
(create site and cluster files if necessary; use existing files of e.g.
|
cluster `.nix` files if necessary; use existing files of e.g. the staging
|
||||||
the staging cluster as examples/templates)
|
cluster as examples/templates)
|
||||||
- make sure values are filled in correctly
|
- make sure values are filled in correctly
|
||||||
- add node to `ssh_config` with it's LAN IP, we don't have VPN at this stage
|
- add node to `ssh_config` with it's LAN IP, we don't have VPN at this stage
|
||||||
|
|
||||||
|
|
@ -152,10 +152,6 @@ Check remote unlocking works: `ssh -p 222 root@<ip>`
|
||||||
|
|
||||||
## Configure wireguard
|
## Configure wireguard
|
||||||
|
|
||||||
**Create wireguard keys:**
|
|
||||||
|
|
||||||
On the node:
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# On node being installed
|
# On node being installed
|
||||||
mkdir -p /var/lib/deuxfleurs/wireguard-keys
|
mkdir -p /var/lib/deuxfleurs/wireguard-keys
|
||||||
|
|
@ -170,6 +166,12 @@ and not only its LAN address.
|
||||||
|
|
||||||
Redo a deploy (`./deploy.sh <cluster> <nodename>`)
|
Redo a deploy (`./deploy.sh <cluster> <nodename>`)
|
||||||
|
|
||||||
|
Check VPN works. Change IP in `ssh_config` to use VPN IP instead of LAN IP (required for deploy when away from home).
|
||||||
|
|
||||||
|
## Commit changes to `nixcfg` repo
|
||||||
|
|
||||||
|
This is a good point to commit your new/modified `.nix` files.
|
||||||
|
|
||||||
## Configure Nomad and Consul TLS
|
## Configure Nomad and Consul TLS
|
||||||
|
|
||||||
If you are bootstraping a new cluster, you need to `./genpki.sh <cluster>` to
|
If you are bootstraping a new cluster, you need to `./genpki.sh <cluster>` to
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue