steffen/cryodev
1
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions

translate all docs to English

Browse source 
Translate 8 documentation files from German to English:
- docs/index.md (complete)
- docs/getting-started/first-install.md (complete)
- docs/getting-started/new-client.md (complete)
- docs/getting-started/reinstall.md (complete)
- docs/getting-started/sd-image.md (complete)
- docs/deployment/dns.md (PTR, Hetzner, checklist sections)
- docs/services/tailscale.md (code comments)
- docs/services/forgejo.md (placeholder names)
This commit is contained in:
steffen 2026-03-14 15:31:50 +01:00
parent c81b43530a
commit a0da5be8fc
8 changed files with 386 additions and 386 deletions
Download patch file Download diff file Expand all files Collapse all files

170
docs/getting-started/new-client.md
View file

@ -1,60 +1,60 @@
# Neuen Raspberry Pi Client hinzufügen
# Adding a New Raspberry Pi Client
Diese Anleitung beschreibt das Hinzufügen eines **neuen Raspberry Pi Clients** zur Infrastruktur.
This guide describes how to add a **new Raspberry Pi client** to the infrastructure.
## Übersicht: Der Ablauf
## Overview: The Process
```
1. Konfiguration erstellen ──► Template kopieren, anpassen
1. Create configuration ──► Copy template, customize
2. Zur Image-Pipeline hinzufügen ──► Workflow-Matrix erweitern
2. Add to image pipeline ──► Extend workflow matrix
3. Push auf main ──► Forgejo baut automatisch SD-Image
3. Push to main ──► Forgejo automatically builds SD image
4. Image flashen & booten ──► SD-Karte beschreiben, Pi starten
4. Flash image & boot ──► Write SD card, start Pi
5. SOPS konfigurieren ──► Age-Key holen, Secrets erstellen
5. Configure SOPS ──► Retrieve age key, create secrets
6. Finales Deployment ──► Tailscale etc. aktivieren
6. Final deployment ──► Activate Tailscale etc.
```
## Voraussetzungen
## Prerequisites
- SSH-Zugang zu cryodev-main (für Tailscale Auth-Key)
- Entwicklungsrechner mit Repository-Zugriff
- SD-Karte (mindestens 8 GB)
- SSH access to cryodev-main (for Tailscale auth key)
- Development machine with repository access
- SD card (at least 8 GB)
---
## Schritt 1: Tailscale Auth-Key generieren
## Step 1: Generate Tailscale Auth Key
**Auf cryodev-main** (per SSH):
**On cryodev-main** (via SSH):
```bash
# User-ID ermitteln
# Determine user ID
sudo headscale users list
# Preauth-Key erstellen (User-ID von "default" einsetzen)
# Create preauth key (use user ID of "default")
sudo headscale preauthkeys create --expiration 99y --reusable --user <ID>
```
**Ausgabe notieren!** (z.B. `tskey-preauth-abc123...`)
**Take note of the output!** (e.g. `tskey-preauth-abc123...`)
---
## Schritt 2: Host-Konfiguration erstellen
## Step 2: Create Host Configuration
### 2.1 Template kopieren
### 2.1 Copy Template
```bash
cp -r templates/raspberry-pi hosts/neuer-pi
```
### 2.2 Hostname setzen
### 2.2 Set Hostname
`hosts/neuer-pi/networking.nix`:
@ -64,58 +64,58 @@ cp -r templates/raspberry-pi hosts/neuer-pi
}
```
### 2.3 In flake.nix registrieren
### 2.3 Register in flake.nix
```nix
nixosConfigurations = {
# ... bestehende Hosts ...
# ... existing hosts ...
neuer-pi = mkNixosConfiguration "aarch64-linux" [ ./hosts/neuer-pi ];
};
```
### 2.4 In constants.nix eintragen
### 2.4 Add to constants.nix
```nix
{
hosts = {
# ... bestehende Hosts ...
# ... existing hosts ...
neuer-pi = {
ip = "100.64.0.X"; # Wird von Headscale vergeben
ip = "100.64.0.X"; # Assigned by Headscale
};
};
}
```
### 2.5 Placeholder secrets.yaml erstellen
### 2.5 Create Placeholder secrets.yaml
```bash
touch hosts/neuer-pi/secrets.yaml
```
### 2.6 SOPS temporär deaktivieren
### 2.6 Temporarily Disable SOPS
In `hosts/neuer-pi/default.nix` die `sops.secrets.*` Referenzen auskommentieren, damit das Image ohne Secrets gebaut werden kann.
In `hosts/neuer-pi/default.nix`, comment out the `sops.secrets.*` references so the image can be built without secrets.
---
## Schritt 3: Zur Image-Pipeline hinzufügen
## Step 3: Add to Image Pipeline
Bearbeite `.forgejo/workflows/build-pi-image.yml`:
Edit `.forgejo/workflows/build-pi-image.yml`:
```yaml
jobs:
build-pi-images:
strategy:
matrix:
# Neuen Host hier hinzufügen:
# Add new host here:
host: [cryodev-pi, neuer-pi]
```
---
## Schritt 4: Push und Image bauen lassen
## Step 4: Push and Build Image
```bash
git add .
@ -123,86 +123,86 @@ git commit -m "Add neuer-pi host configuration"
git push
```
Der Forgejo Workflow baut jetzt automatisch ein SD-Image für `neuer-pi`.
The Forgejo workflow will now automatically build an SD image for `neuer-pi`.
**Warten** bis der Workflow fertig ist (30-60 Minuten). Status prüfen unter:
**Wait** until the workflow completes (30-60 minutes). Check the status at:
`https://git.cryodev.xyz/steffen/cryodev-server/actions`
---
## Schritt 5: Image flashen
## Step 5: Flash Image
### 5.1 Image herunterladen
### 5.1 Download Image
Nach erfolgreichem Build unter **Releases**:
After a successful build, find the image under **Releases**:
```bash
wget https://git.cryodev.xyz/steffen/cryodev-server/releases/latest/download/neuer-pi-sd-image.img.zst
```
### 5.2 Dekomprimieren
### 5.2 Decompress
```bash
zstd -d neuer-pi-sd-image.img.zst -o neuer-pi.img
```
### 5.3 Auf SD-Karte schreiben
### 5.3 Write to SD Card
**Achtung:** `/dev/sdX` durch das richtige Gerät ersetzen!
**Warning:** Replace `/dev/sdX` with the correct device!
```bash
lsblk # Richtiges Gerät finden
lsblk # Identify the correct device
sudo dd if=neuer-pi.img of=/dev/sdX bs=4M conv=fsync status=progress
```
### 5.4 Booten
### 5.4 Boot
1. SD-Karte in den Raspberry Pi einlegen
2. Ethernet anschließen
3. Strom anschließen
4. Warten bis gebootet (ca. 2 Minuten)
1. Insert the SD card into the Raspberry Pi
2. Connect Ethernet
3. Connect power
4. Wait until booted (approximately 2 minutes)
---
## Schritt 6: SOPS konfigurieren
## Step 6: Configure SOPS
### 6.1 IP-Adresse finden
### 6.1 Find IP Address
Der Pi sollte per DHCP eine IP bekommen. Prüfe deinen Router oder scanne das Netzwerk:
The Pi should receive an IP address via DHCP. Check your router or scan the network:
```bash
nmap -sn 192.168.1.0/24 | grep -B2 "Raspberry"
```
### 6.2 SSH verbinden
### 6.2 Connect via SSH
```bash
ssh steffen@<IP> # oder der konfigurierte User
ssh steffen@<IP> # or the configured user
```
Standard-Passwort siehe `hosts/neuer-pi/users.nix`.
For the default password, see `hosts/neuer-pi/users.nix`.
### 6.3 Age-Key ermitteln
### 6.3 Determine Age Key
Auf dem Pi:
On the Pi:
```bash
nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
```
**Ausgabe notieren!** (z.B. `age1xyz...`)
**Take note of the output!** (e.g. `age1xyz...`)
### 6.4 .sops.yaml aktualisieren
### 6.4 Update .sops.yaml
Auf dem Entwicklungsrechner:
On the development machine:
```yaml
keys:
- &steffen_key age1e8p35795htf7twrejyugpzw0qja2v33awcw76y4gp6acnxnkzq0s935t4t # steffen (local)
- &neuer_pi_key age1xyz... # Der neue Key
- &neuer_pi_key age1xyz... # The new key
creation_rules:
# ... bestehende Regeln ...
# ... existing rules ...
- path_regex: hosts/neuer-pi/secrets.yaml$
key_groups:
@ -211,30 +211,30 @@ creation_rules:
- *neuer_pi_key
```
### 6.5 Secrets erstellen
### 6.5 Create Secrets
```bash
sops hosts/neuer-pi/secrets.yaml
```
Inhalt:
Contents:
```yaml
tailscale:
auth-key: "tskey-preauth-abc123..." # Key aus Schritt 1
auth-key: "tskey-preauth-abc123..." # Key from Step 1
netdata:
stream:
child-uuid: "..." # uuidgen
```
### 6.6 SOPS-Referenzen aktivieren
### 6.6 Activate SOPS References
Die in Schritt 2.6 auskommentierten `sops.secrets.*` Referenzen wieder aktivieren.
Re-enable the `sops.secrets.*` references that were commented out in Step 2.6.
---
## Schritt 7: Finales Deployment
## Step 7: Final Deployment
```bash
git add .
@ -242,9 +242,9 @@ git commit -m "Configure SOPS secrets for neuer-pi"
git push
```
Da Comin auf dem Pi läuft, wird er die neue Konfiguration automatisch pullen.
Since Comin is running on the Pi, it will automatically pull the new configuration.
Alternativ manuell:
Alternatively, deploy manually:
```bash
NIX_SSHOPTS="-p 2299" nixos-rebuild switch --flake .#neuer-pi \
@ -253,34 +253,34 @@ NIX_SSHOPTS="-p 2299" nixos-rebuild switch --flake .#neuer-pi \
---
## Schritt 8: Verifizieren
## Step 8: Verify
### Tailscale-Verbindung
### Tailscale Connection
```bash
# Auf dem Pi
# On the Pi
tailscale status
# Auf cryodev-main
# On cryodev-main
sudo headscale nodes list
```
### Netdata-Streaming
### Netdata Streaming
Prüfe ob der neue Client im Netdata-Dashboard erscheint:
Check whether the new client appears in the Netdata dashboard:
`https://netdata.cryodev.xyz`
---
## Checkliste
## Checklist
- [ ] Tailscale Auth-Key auf cryodev-main generiert
- [ ] Host-Konfiguration erstellt (Template, flake.nix, constants.nix)
- [ ] Host zur Workflow-Matrix hinzugefügt
- [ ] Gepusht und auf Image-Build gewartet
- [ ] SD-Karte geflasht und Pi gebootet
- [ ] Age-Key ermittelt und in .sops.yaml eingetragen
- [ ] secrets.yaml erstellt (Tailscale-Key, Netdata-UUID)
- [ ] SOPS-Referenzen aktiviert und deployed
- [ ] Tailscale-Verbindung funktioniert
- [ ] Netdata-Streaming funktioniert
- [ ] Tailscale auth key generated on cryodev-main
- [ ] Host configuration created (template, flake.nix, constants.nix)
- [ ] Host added to workflow matrix
- [ ] Pushed and waited for image build
- [ ] SD card flashed and Pi booted
- [ ] Age key determined and added to .sops.yaml
- [ ] secrets.yaml created (Tailscale key, Netdata UUID)
- [ ] SOPS references activated and deployed
- [ ] Tailscale connection working
- [ ] Netdata streaming working