Clone the configuration into /etc/nixos.
On a new machine run:
scripts/setup-partitionsThen move the resulting /mnt/etc/nixos/hardware-configuration.nix to ./hardware/<config>.nix.
Update the configuration according to the script output, if necessary. Btrfs mount options likely need to be added, for example.
Copy the configuration from /etc/nixos to /mnt/etc/nixos.
Reference this hardware config in a nixosConfigurations.<config> section in flake.nix.
Now set up a device key that will be used by agenix.
Create a new key and re-encrypt the secrets on an existing device & pull the changes.
To create a new key run:
mkdir -p /mnt/etc/secrets/initrd
ssh-keygen -t ed25519 -N "" -f /mnt/etc/secrets/initrd/ssh_host_ed25519_keyYou will likely need to temporarily set age.identityPaths for the installation to succeed:
age.identityPaths = "/etc/secrets/initrd/ssh_host_ed25519_key";To install run the following command where <config> matches outputs.nixosConfigurations.<config> in flake.nix:
nixos-install --flake '/mnt/etc/nixos#<config>'After the installation finished, set a password for the user:
passwd <user>
Update all flake inputs:
nix flake updateUpdate a specific flake input:
nix flake lock --update-input <input>
Rebuild the system:
sudo nixos-rebuild switchRebuild the system for a remote machine:
sudo nixos-rebuild switch --flake '/etc/nixos#<config>' --target-host user@hostname --use-remote-sudo