Skip to main content

New Host Checklist

Provisioning

  • Add terraform entry for VM, then run terraform plan, verify, and then terraform apply 
  • Follow nixOS provisioning steps

NixOS Configuration

  • Create/copy config folder for host with intended name in hosts i.e. hosts/hostname. Copy the default.nix template, and the  hardware-configuration.nix file from the actual host after installation
  • Add the systemd-boot bootloader config to hardware-configuration.nix for the host
  • Generate SOPS/Age private key and paste to /var/lib/sops/age/keys.txt
  • Generate SOPS/Age public key and paste to .sops.yaml, create separate config section
  • If backups are needed for this host, create the borgmatic_pass section with local and remote subkeys, generate passwords in secrets/{hostname}.yml

Manual Steps

  • If borgmatic was configured, manually run the command borgmatic -v 2  to get the unknown ssh host prompt to appear, select yes for both

Back to top