machine-config/bert
2024-11-06 00:00:16 -06:00
..
services Move /srv/* into /srv/www/* 2024-11-05 23:50:59 -06:00
configuration.nix bert: Disable ssh password auth 2024-11-06 00:00:16 -06:00
hardware-configuration.nix Start setting up bert 2024-10-31 01:06:38 -05:00
Makefile Start setting up bert 2024-10-31 01:06:38 -05:00
README.md Start setting up bert 2024-10-31 01:06:38 -05:00

Installation

  1. Install NixOS minimal
  2. ssh-keygen -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key
  3. Enable SSH server and add root SSH key
  4. Deploy updated config with make
  5. Set up Remote Disk Unlocking
    1. mkdir -p /etc/secrets/initrd && ssh-keygen -N "" -f /etc/secrets/initrd/ssh_host_25519_key
  6. Deploy content to web services

Notes on Caddy

Until 2.8 is released with 24.11, Caddy has a pretty limited sense of what content-types should be compressed:

https://github.com/caddyserver/caddy/blob/v2.7.6/modules/caddyhttp/encode/encode.go#L85-L101

Specifically, this doesn't include GeoJSON, which is a bit of a shame for maps.chandlerswift.com. That said, I'll probably be upgrading to 24.11 as soon as it comes out, so in the intervening time I'm just not going to worry about it.

The list was expanded in this PR:

https://github.com/caddyserver/caddy/pull/6081