enable fail2ban, fix network config

2026-03-27 01:17:42 -04:00 · 2024-02-05 22:38:53 -05:00 · 2024-02-05 22:38:53 -05:00 · 8753230721
commit 8753230721
parent d77634f7f7
5 changed files with 98 additions and 12 deletions
--- a/README.md
+++ b/README.md
@ -119,3 +119,16 @@ read -s ak
 read -s ap
 atuin login --key $ak --password $ap --username gene
 ```
+
+## Adding a NixOS host
+
+### Post-install
+
+1. clone this repo
+2. setup SOPS via `mkdir -p ~/.config/sops/age && nix run nixpkgs#ssh-to-age -- -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt && nix run nixpkgs#ssh-to-age --  -i ~/.ssh/id_ed25519.pub  > ~/.config/sops/age/pub-keys.txt`
+3. copy output of `~/.config/sops/age/pub-keys.txt`
+4. add entries to `.sops.yaml`
+5. run `sops modules/hosts/nixos/$(hostname)/secrets.yaml`
+  - if there is an empty yaml file in where you target you will get an error... just delete it and try again
+6. edit `sops modules/hosts/nixos/$(hostname)/default.nix` and add the tailscale service and the block of config for sops.
+  - if there is an empty yaml file in where you target you