diff --git a/README.md b/README.md index 1c7ab33..adb5e53 100644 --- a/README.md +++ b/README.md @@ -2,32 +2,41 @@ **A collection of Smallstep software packaged for NixOS/nixpkgs** -## Setup for NixOS +## Setup for NixOS with flakes Flakes is the suggested way to install the packages available on this repository, following are quick instructions to get it working. 1. Ensure flakes and experimental features are enabled in `/etc/nixos/configuration.nix`: + ``` nix.settings.experimental-features = [ "nix-command" "flakes" ]; ``` + 2. Ensure Git is installed: Flakes require git to clone dependencies: + ``` environment.systemPackages = with pkgs; [ git ]; ``` + 3. Rebuild: Run the following command to apply the changes: + ``` sudo nixos-rebuild switch ``` + 4. Initialize flakes: + ``` cd /etc/nixos sudo nix flake init ``` + 5. Add smallstep repository to `flake.nix`, this example also installs the latest `step-agent` package available. Important: + - Update `` to match your NixOS configured host name, as listed in `networking.hostName` in configuration.nix. - Update `"x86_64-linux"` to your CPU architecture, e.g. `"aarch64-linux"`. It will autodetect by default if builtins are available. @@ -42,7 +51,7 @@ Important: }; }; - outputs = { self, nixpkgs, smallstep, ... }: + outputs = { self, nixpkgs, smallstep, ... }: let system = if builtins ? currentSystem then builtins.currentSystem @@ -51,7 +60,7 @@ Important: { nixosConfigurations. = nixpkgs.lib.nixosSystem { inherit system; - modules = [ ./configuration.nix + modules = [ ./configuration.nix ({ pkgs, ... }: { programs.nix-ld.enable = true; environment.systemPackages = with pkgs; [ @@ -63,7 +72,9 @@ Important: }; } ``` + 6. Update flakes and install packages: + ``` sudo nix flake update sudo nixos-rebuild switch @@ -72,10 +83,62 @@ sudo nixos-rebuild switch **Note**: The first time you execute the commands above it will take a bit longer to finish. 7. Check that `step-agent` program was successfully installed by typing the following commmand on a terminal: + ``` $ step-agent version ``` -8. More information about `step-agent` can be found on the following page: [Step Agent docs](https://smallstep.com/docs/platform/smallstep-app/) - +## Setup for NixOS with npins + +If you do not want to use flakes but still want to pin your dependencies you can use a tool like `npins`, `niv`, ... +This guide assumes that you have advanced knowledge of nix, you know how to rebuild your host and have npins already initialized. +We will use `npins` in this example. + +1. Add this repository as an input + +``` +npins add github smallstep nur -b main --name smallstep +``` + +> If you want to manually update the package you can add the `--frozen` flag. + +2. Configure your host to install `step-agent` + +```nix +{ + sources ? (import ./npins), + pkgs ? (import sources.nixpkgs {}), + ... +}: +let + smallstep = import sources.smallstep { inherit pkgs; }; # if you pass pkgs, `step-agent` will use your nixpkgs instead of the locked one (advised) +in +{ + environment.systemPackages = [ + smallstep.step-agent + ]; + # [...] +} +``` + +3. Rebuild and test with `step-agent version` + +## Clasical NixOS setup (discouraged) + +```nix +{...}: +let + smallstep = builtins.getFlake "github:smallstep/nur"; +in +{ + environment.systemPackages = [ + smallstep.step-agent + ]; +} +``` + +More information about `step-agent` can be found on the following page: [Step Agent docs](https://smallstep.com/docs/platform/smallstep-app/) + + + ![Build and populate cache](https://github.com/smallstep/nur/workflows/Build%20and%20populate%20cache/badge.svg)