dotfiles/README.org -rw-r--r-- 2.8 KiB View raw
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
* [[https://git.sr.ht/~euandreh/dotfiles][dotfiles]] - EuAndreh's personal repository
#+BEGIN_HTML
<p>
  <a href="https://builds.sr.ht/~euandreh/dotfiles">
    <img data-external="1" src="https://builds.sr.ht/~euandreh/dotfiles.svg" />
  </a>
</p>
#+END_HTML
** Instructions - setting up a new NixOS installation
*** 1. Prepare the USB stick
Get the link for the [[https://nixos.org/nixos/download.html][NixOS ISO image]] and burn it to the USB stick:
#+BEGIN_SRC shell
NIXOS_URL='https://releases.nixos.org/nixos...linux.iso'
wget https://euandre.org/dotfiles/nixos/burn.sh
./burn.sh "$NIXOS_URL" /dev/sdb
#+END_SRC
*** 2. Performing a fresh install
Put the USB stick in the new laptop and boot from it.

First we need to get the internet connection working. Check that the wireless interface name is actually =wlp2s0= or something else (use =ip a= of =ifconfig= for that), and use =wpa_supplicant= to perform the connection:
#+BEGIN_SRC shell
wpa_supplicant -B -i wlp2s0 -c <(wpa_passphrase SSID PASSPHRASE)
#+END_SRC
Now we need to also double check the driver name with =lsblk=. We'll assume it's =/dev/sda=.

After that all we need is to download the installation script and run it with the correct arguments:
#+BEGIN_SRC shell
curl https://euandre.org/dotfiles/nixos/install.sh > install.sh
chmod +x install.sh
LAPTOP_NAME='velhinho-nixos'
./install.sh "${LAPTOP_NAME}" /dev/sda
#+END_SRC
*** 3. Bootstraping the new installation's configuration and data
After booting up from the freshly installed NixOS, login into the *GNOME+Xorg* option on the top right corner. Connect again to the internet using the network applet and launch a terminal window.

Now we'll need the GPG keys to decrypt the Git Annex repo, decrypt the SSH keys and bootstrap from there.

Get the =keys.gpg= file with both private and public keys (see [[#exporting-gpg-key-pairs][exporting GPG keys]] below on how to do that) from the external disk and run the setup script:
#+BEGIN_SRC shell
curl https://euandre.org/dotfiles/nixos/setup.sh | bash -s ~/path/to/keys.gpg
#+END_SRC
Now just follow the instructions of the script.

That's all!
** Resources
*** Exporting GPG key pairs
:PROPERTIES:
:CUSTOM_ID: exporting-gpg-key-pairs
:END:
Export the GPG data using =export-keys.sh= and put it in a disk drive to do an offline transfer:
#+BEGIN_SRC shell
export-keys.sh
mv EuAndreh.tar.gpg ~/UTCLOUD/
#+END_SRC
*** Paperkey
Paperkey generate using:
#+BEGIN_SRC shell
cat <<EOF
# Paper key
gpg --export-secret-keys EuAndreh | paperkey > paperkey-content.txt

# QR codes of paper key
gpg --export-secret-keys EuAndreh | paperkey | qrencode -o out.png -S -v 16
montage *.png -tile 1x2 -geometry +0+0 concatenate-out.png
rm out*
EOF
#+END_SRC
To recover a paperkey:
#+BEGIN_SRC shell
paperkey --pubring <(wget -O- https://euandre.org/public-key.txt | gpg --dearmor) --secrets paperkey-content.txt | gpg --batch --import
#+END_SRC