Payas Relekar
3061442291
- Generate binary cache signing keys on Enterprise - Add private key to enterprise config for signing - Add public key to Bebop for accepting packages signed by Enterprise - Setup hosts files on both systems to include other host name at local reserved ip address - Bebop: Enable OpenSSH access for root user - Via SSH only, NO password - Use same ssh public key as normal user - Enterprise: Enable Qemu for compiling aarch64 pacakges Deploy NixOS from enterprise to bebop with below: ``` nixos-rebuild boot --flake .#bebop -v --target-host root@bebop --build-host localhost ``` Notice lack of sudo. Remote server does not ask for password for root (usually), because it is supposed to use SSH key. TODO: Add payas as trusted user in nix config for bebop so deploying via root is not necessary. It is generally not best idea to expose root over network. |
||
|---|---|---|
| .. | ||
| bebop | ||
| enterprise | ||