- Install NixOS on a RPi with dummy password, guide
- Copy SSH keys to a RPi
- Generate
agekey form SSH keys, guide - Clone this repo
- Create a symlink from
/etc/nixosto this repo'ssrcdir - Rebuild the system
scpthedockerdir to RPi to get all the env and cert files- Update
docker/pihole/pihole/custom.listwith content frompush-sources.yml"Push Pihole DNS records" task - Run all the services
- Set persistent IP address to RPi
- Add RPi as custom DNS (Asus RT-AX55 has out-of-the-box support for it in it's settings)
- Open Keychain Access
- Go to
System->Certificatestab - Go to
File->Import Itemsin top bar - Select
pi.lan.crtfromansible/ssl - Double-click on newly added item
- Expand
Trustsection - Change
When using this certificatetoAlways Trust - Save the changes by closing the window (you'll be prompted for password)
- Send
ca.pemto iPhone via AirDrop or any other way - Open
Settingsand selectProfile Downloaded - Click
Install, enter PIN and approve installation - Go to
Settings->General->About->Certificate Trust Settingstrust the certificate
- SSH key of the machine
- Whole PostgreSQL instance (via
pg_dumpall) - Heimdall config (via its UI)
.envfiles of containers, that use it (manually)- SSL cert files of reverse proxy (manually)
| Action | Command |
|---|---|
| ansible command example | ansible-playbook -i inventory.ini playbooks/setup-host.yml |
| enter postgres | docker exec -it postgres psql -U postgres |
| restart nginx | docker exec -it nginx nginx -s reload |
| backup postgres | pg_dumpall -h localhost -U postgres | gzip > full_backup.sql.gz |
| restore postgres | gunzip -c full_backup.sql.gz | psql -h localhost -U postgres -f - postgres |