infra/README.md

# steveej's infra
This repository helps me to manage all computer infrastructure.
This is mostly achieved with the help of [Nix](https://nixos.org).

In the unlikely case that you actually read this and have any questions please don't hesitate to reach out.

## Initial Roadmap

- All graphical systems (incl. install media) must have
  - [x] Full-disk encryption by default
  - [x] Yubikey support with SSH auth
- [x] Migrate all devices to new structure
  - [x] Encrypted Install media
  - [x] steveej-laptop
  - [x] steveej-laptop-work
- [ ] Migrate home environment to new structure
  - [x] home-manager
  - [x] pkgs-configuration
  - [ ] development environments
- [x] (Semi-) automatic synchronization of important repositories
  - [x] Modification strategy
      The approach is to use vcsh for the dotfiles
  - [x] dotfiles
- [x] Toplevel Justfile for simple actions
  - [x] mount/umount disks
  - [x] install to mounted disk
  - [x] rebuild running system
  - [x] update running system
  - [x] annotate recipes with some documentation
  - [x] declare shell.nix with runtime deps
  - [x] partition/encrypt/format disks
- [ ] Document bootstrap process
  - [ ] a new machine
  - [ ] an install media
- [ ] Design disaster recovery
- [ ] Automatic synchronization of other state files - see https://gitlab.com/steveeJ/nix-expressions/issues/2
- [ ] Recycle *\_archived*
- [x] Maybe make this a nix-overlay

## Bugs
- [ ] home-manager leaves ~/.gnupg at 0755

## Usage
*(These are reminders for my future self)*

```
just --list
```

## Bootstrap

### A new machine
* ensure the dotfiles repo has a branch with the new machine's hostname

* boot with an install media and go through setup

#### Post-Install Setup
* clone password-manager and infra repositories
* `chmod --recursive g-rwx,o-rwx ~/.gnupg`
* gpg2: ultimately trust my own key
* `gpg2 --edit-card; fetch`