Merge branch 'no-substitute'
This commit is contained in:
commit
773616548c
@ -93,12 +93,6 @@
|
||||
vim
|
||||
];
|
||||
|
||||
# FIXME: Turn on the binary cache by commenting out the next line. When the
|
||||
# binary cache is enabled you are retrieving builds from a trusted third
|
||||
# party which can compromise your system. As a result, the cache should only
|
||||
# be enabled to speed up deployment of test systems.
|
||||
nix.binaryCaches = [];
|
||||
|
||||
# FIXME: Add custom options (like boot options, output of
|
||||
# nixos-generate-config, etc.):
|
||||
|
||||
|
@ -47,6 +47,7 @@ The following steps are meant to be run on the machine you deploy from, not the
|
||||
|
||||
## 2. Nix installation
|
||||
The following steps are meant to be run on the machine you deploy from, not the machine you deploy to.
|
||||
You can also build Nix from source by following the instructions at https://nixos.org/nix/manual/#ch-installing-source.
|
||||
|
||||
1. Install Dependencies (Debian 9 stretch)
|
||||
|
||||
@ -74,6 +75,12 @@ The following steps are meant to be run on the machine you deploy from, not the
|
||||
```
|
||||
you're likely not installing as multi-user because you forgot to pass the `--daemon` flag to the install script.
|
||||
|
||||
3. Optional: Disallow substitutes
|
||||
|
||||
You can put `substitute = false` to your `nix.conf` usually found in `/etc/nix/` to build the packages from source.
|
||||
This eliminates an attack vector where nix's build server or binary cache is compromised.
|
||||
|
||||
|
||||
## 3. Nixops deployment
|
||||
|
||||
1. Clone this project
|
||||
@ -127,6 +134,7 @@ This is borrowed from the [NixOS manual](https://nixos.org/nixos/manual/index.ht
|
||||
```
|
||||
wget https://releases.nixos.org/nixos/18.09/nixos-18.09.2257.235487585ed/nixos-graphical-18.09.2257.235487585ed-x86_64-linux.iso
|
||||
```
|
||||
Alternatively you can build NixOS from source by following the instructions at https://nixos.org/nixos/manual/index.html#sec-building-cd.
|
||||
|
||||
2. Write NixOS iso to install media (USB/CD). For example:
|
||||
|
||||
@ -249,6 +257,7 @@ This is borrowed from the [NixOS manual](https://nixos.org/nixos/manual/index.ht
|
||||
## 2. nix-bitcoin installation
|
||||
|
||||
On the machine you are deploying from:
|
||||
You can also build Nix from source by following the instructions at https://nixos.org/nix/manual/#ch-installing-source.
|
||||
|
||||
1. Install Dependencies (Debian 9 stretch)
|
||||
|
||||
@ -277,7 +286,12 @@ On the machine you are deploying from:
|
||||
```
|
||||
you're likely not installing as multi-user because you forgot to pass the `--daemon` flag to the install script.
|
||||
|
||||
3. Clone this project
|
||||
3. Optional: Disallow substitutes
|
||||
|
||||
You can put `substitute = false` to your `nix.conf` usually found in `/etc/nix/` to build the packages from source.
|
||||
This eliminates an attack vector where nix's build server or binary cache is compromised.
|
||||
|
||||
4. Clone this project
|
||||
|
||||
```
|
||||
cd
|
||||
@ -285,7 +299,7 @@ On the machine you are deploying from:
|
||||
cd ~/nix-bitcoin
|
||||
```
|
||||
|
||||
4. Create network file
|
||||
5. Create network file
|
||||
|
||||
```
|
||||
nano network/network-nixos.nix
|
||||
@ -302,7 +316,7 @@ On the machine you are deploying from:
|
||||
|
||||
Replace 1.2.3.4 with NixOS machine's IP address.
|
||||
|
||||
5. Edit `configuration.nix`
|
||||
6. Edit `configuration.nix`
|
||||
|
||||
```
|
||||
nano configuration.nix
|
||||
@ -310,14 +324,14 @@ On the machine you are deploying from:
|
||||
|
||||
Uncomment `./hardware-configuration.nix` line by removing #.
|
||||
|
||||
6. Create `hardware-configuration.nix`
|
||||
7. Create `hardware-configuration.nix`
|
||||
|
||||
```
|
||||
nano hardware-configuration.nix
|
||||
```
|
||||
Copy contents of NixOS machine's `hardware-configuration.nix` to file.
|
||||
|
||||
7. Add boot option to `hardware-configuration.nix`
|
||||
8. Add boot option to `hardware-configuration.nix`
|
||||
|
||||
Option 1: Enable systemd boot for UEFI
|
||||
```
|
||||
@ -328,7 +342,7 @@ On the machine you are deploying from:
|
||||
boot.loader.grub.device = "/dev/sda":
|
||||
```
|
||||
|
||||
8. Setup environment
|
||||
9. Setup environment
|
||||
|
||||
```
|
||||
nix-shell
|
||||
@ -336,15 +350,15 @@ On the machine you are deploying from:
|
||||
|
||||
This will set up your nix-bitcoin environment and might take a while without giving an output.
|
||||
|
||||
9. Create nixops deployment in nix-shell.
|
||||
10. Create nixops deployment in nix-shell.
|
||||
|
||||
```
|
||||
nixops create network/network.nix network/network-nixos.nix -d bitcoin-node
|
||||
```
|
||||
|
||||
10. Adjust configuration by opening `configuration.nix` and removing FIXMEs. Enable/disable the modules you want in `configuration.nix`.
|
||||
11. Adjust configuration by opening `configuration.nix` and removing FIXMEs. Enable/disable the modules you want in `configuration.nix`.
|
||||
|
||||
11. Deploy Nixops in nix-shell
|
||||
12. Deploy Nixops in nix-shell
|
||||
|
||||
```
|
||||
nixops deploy -d bitcoin-node
|
||||
@ -352,7 +366,7 @@ On the machine you are deploying from:
|
||||
|
||||
This will now create a nix-bitcoin node on the target machine.
|
||||
|
||||
12. Nixops automatically creates an ssh key for use with `nixops ssh`. Access `bitcoin-node` through ssh in nix-shell with
|
||||
13. Nixops automatically creates an ssh key for use with `nixops ssh`. Access `bitcoin-node` through ssh in nix-shell with
|
||||
|
||||
```
|
||||
nixops ssh operator@bitcoin-node
|
||||
|
Loading…
Reference in New Issue
Block a user