Start from scratch

Setup OS

1. Install NixOS on a RPi with dummy password, guide
2. Copy SSH keys to a RPi
3. Generate age key form SSH keys, guide
4. Clone this repo
5. Create a symlink from /etc/nixos to this repo's src dir
6. Rebuild the system

Setup Containers (WIP)

1. scp the docker dir to RPi to get all the env and cert files
2. Update docker/pihole/pihole/custom.list with content from push-sources.yml "Push Pihole DNS records" task
3. Run all the services

Setup router

1. Set persistent IP address to RPi
2. Add RPi as custom DNS (Asus RT-AX55 has out-of-the-box support for it in it's settings)

Add cert of client

MacOS

1. Open Keychain Access
2. Go to System->Certificates tab
3. Go to File->Import Items in top bar
4. Select pi.lan.crt from ansible/ssl
5. Double-click on newly added item
6. Expand Trust section
7. Change When using this certificate to Always Trust
8. Save the changes by closing the window (you'll be prompted for password)

iOS

1. Send ca.pem to iPhone via AirDrop or any other way
2. Open Settings and select Profile Downloaded
3. Click Install, enter PIN and approve installation
4. Go to Settings->General->About->Certificate Trust Settings trust the certificate

Stuff that requires backup / restore

1. SSH key of the machine
2. Whole PostgreSQL instance (via pg_dumpall)
3. Heimdall config (via its UI)
4. .env files of containers, that use it (manually)
5. SSL cert files of reverse proxy (manually)

Cheat sheet

Action	Command
ansible command example	ansible-playbook -i inventory.ini playbooks/setup-host.yml
enter postgres	docker exec -it postgres psql -U postgres
restart nginx	docker exec -it nginx nginx -s reload
backup postgres	pg_dumpall -h localhost -U postgres | gzip > full_backup.sql.gz
restore postgres	gunzip -c full_backup.sql.gz | psql -h localhost -U postgres -f - postgres