This repository contains the NixOS files used to maintain and configure the servers and desktops used by the Open Computing Facility at UC Berkeley.
Enable PXE boot on the box in question and make sure it's set to boot from UEFI.
If your boot order is set correctly, the device should boot to the PXECore menu.
Select:
Distributions > Linux Network Installs (64-bit) > "NixOS" > unstable
After boot you should be dropped into a shell. The following command will run the bootstrap script:
sudo nix run --extra-experimental-features "nix-command flakes" github:ocf/nix#bootstrap
...then you can run one.
Get EFI images from netboot.xyz:
wget https://boot.netboot.xyz/ipxe/netboot.xyz.efi
Install Pixiecore on a device on the same network)
go install go.universe.tf/netboot/cmd/pixiecore@latest # up-to-date go installation
nix profile install nixpkgs#pixiecore # nixos/nixpkgs installation
...then run it:
pixiecore boot /dev/null --ipxe-efi64 netboot.xyz.efi
Note
You can also use netboot.xyz's server instead of Pixiecore.
if github actions deploy is broken (often, ocf-nix-deploy-user can't ssh):
- make a branch, commit and push changes to it
- open an ssh tunnel on your machine:
ssh -D 8000 -N koi, or use supernova/tsunami if both login servers are down. youll have to go irl if those are ALSO down. - go to https://doorplug.ocf.berkeley.edu:8006, open a console on the host you want to deploy to.
- log in as root (general root password is in 1pass), then:
git clone -b yourbranchname https://ocf.io/github/nix /tmp/nix
cd /tmp/nix
nix develop
colmena apply-local --sudo
if necessary, reboot the host. but most nix changes should apply in-place just fine.
- maybe different way of doing admin for IRC. tls certs on yubikey, LDAP, etc..
- use agenix rekey generators in place of manually generating irc pass hash with ergo