# New Host Checklist

### Provisioning

- [ ] Add terraform entry for VM, then run `terraform plan`, verify, and then `terraform apply`
- [ ] Follow nixOS provisioning steps

### NixOS Configuration

- [ ] Create/copy config folder for host with intended name in hosts i.e. hosts/hostname. Copy the default.nix template, and the hardware-configuration.nix file from the actual host after installation
- [ ] Add the systemd-boot bootloader config to hardware-configuration.nix for the host
- [ ] Generate SOPS/Age private key and paste to /var/lib/sops/age/keys.txt
- [ ] Generate SOPS/Age public key and paste to .sops.yaml, create separate config section
- [ ] If backups are needed for this host, create the borgmatic\_pass section with local and remote subkeys, generate passwords in secrets/{hostname}.yml 
    - [ ] This is the bare minimum configuration for the encrypted sops file: ```yaml
        borgmatic_pass:
          local: someStrongPassword
          remote: someOtherStrongPassword
        ```

### Manual Steps

- [ ] If borgmatic was configured, follow these steps below  
    
    - [ ] Add the ssh host's ssh host public key to the backup server's configuration
    - [ ] Copy the ssh host's ssh host public key to the rsyncnet authorized\_keys file, then push up to rsync.net account
    - [ ] Manually run the command `borgmatic -v 2` to get the unknown ssh host prompt to appear, select yes for both