From a9e5861b3f6b59465732174962005b205a8a361b Mon Sep 17 00:00:00 2001
From: Christian Ott <mail@christianott.ch>
Date: Mon, 15 Apr 2024 23:08:02 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=93=9D=20Add=20short=20documentation=20ab?=
 =?UTF-8?q?out=20the=20initial=20installation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..71f597e
--- /dev/null
+++ b/README.md
@@ -0,0 +1,33 @@
+# NixOS Configuration
+
+## Initial Framework 16 Setup
+
+1. Create LUKS key files for all Yubikeys by following the first 3 steps of [this guide](https://github.com/sgillespie/nixos-yubikey-luks)
+  - Attention: only run step 1) `ykpersonalize -2 -ochal-resp -ochal-hmac` if it's a new Yubikey or if you are sure that slot 2 is not used! You may loose access to existing devices otherwise
+  - use the same salt for all keys
+  - store a file with the content of the LUKS_KEYS variable
+2. Configure the `disko.nix` file to match your system.
+3. Run the NixOS installer, copy the files to /tmp
+   ```bash
+   cp -r yk /tmp/yk # contains the keys
+   cp disko.nix /tmp/disko.nix
+   ```
+4. Run disko
+    ```bash
+    nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko /tmp/disko.nix
+    ```
+5. Copy the salt's to the unencrypted partition
+    ```bash
+    mkdir /mnt/boot/crypt-storage
+    mkdir /mnt/backup-esp/crypt-storage
+    cp yk/yk_salt /mnt/boot/crypt-storage/default
+    cp yk/yk_salt /mnt/backup-esp/crypt-storage/default
+    ```
+6. Copy the configuration files
+    ```bash
+    cp configuration.nix /mnt/etc/nixos/configuration.nix
+    cp disko.nix /mnt/etc/nixos/disko.nix
+    cp hardware-configuration.nix /mnt/etc/nixos/hardware-configuration.nix
+    ```
+7. Run `nixos-install`
+