2023-01-28 02:50:14 +01:00
|
|
|
# Meine wundervolle nix config
|
|
|
|
|
2023-06-03 11:05:10 +02:00
|
|
|
## Structure
|
|
|
|
|
|
|
|
- `hosts/` contain nixos configuration for hosts
|
|
|
|
- `<hostname>/` configuration for hosts
|
|
|
|
- `default.nix` Toplevel system definition
|
|
|
|
- `fs.nix` file system definiton
|
|
|
|
- `net.nix` network setup
|
|
|
|
- `secrets/` secrets local to this hosts
|
|
|
|
- `secrets.nix.age` local secrets usable on deploy
|
|
|
|
- `host.pub` host public key, needed for rekeying agenix secrets
|
2023-09-02 17:30:09 +02:00
|
|
|
- `modules/` extra nixos modules and shared configurations
|
2023-06-03 11:05:10 +02:00
|
|
|
- `secrets.nix` module to enable deploy-time secrets
|
2023-09-02 17:30:09 +02:00
|
|
|
- `config/` base configuration used on all machines
|
|
|
|
- `dev/` configuration options enabling developer environment
|
|
|
|
- `graphical/` configuration for graphical environments
|
|
|
|
- `hardware/` configuration for hardware components
|
|
|
|
- `impermanence/` impermanence modules for hosts
|
2023-06-03 11:05:10 +02:00
|
|
|
- `nix/` additional nix functions
|
|
|
|
- `checks.nix` pre-commit checks
|
|
|
|
- `colmena.nix` Setup for using colmena to deploy
|
|
|
|
- `devshell.nix` Development shell
|
|
|
|
- `extra-builtins.nix` Extra builtin plugin file to enable repository secrets
|
|
|
|
- `generate-node.nix` logic to generate nodes for colmena
|
|
|
|
- `lib.nix` additional library functions
|
|
|
|
- `secrets/` global secrets
|
|
|
|
- `<name>.key.pub` public key handles to decrypt secrets using yubikey
|
|
|
|
- `recipients.txt` rage recipient file for encrypting secrets
|
|
|
|
- currently containing both yubikeys and a rage backup key
|
|
|
|
- `secrets.nix.age` global secrets available at deploy
|
|
|
|
- `users/` home manager user configuration
|
|
|
|
- `common/` shared home-manager modules
|
|
|
|
- `graphical/` configuration for graphical programs
|
|
|
|
- `programs/` configuration for miscellaneous programs
|
|
|
|
- `shells/` configuration for shells
|
|
|
|
- `default.nix` minimal setup for all users
|
|
|
|
- `interactive.nix` minimal setup for interactive users on a command line
|
|
|
|
- `graphical.nix` configuration for users utilizing a graphical interface
|
|
|
|
- `<username>/` configuration for users
|
|
|
|
- `impermanence.nix` users persistence configuration
|
|
|
|
|
|
|
|
## Hosts
|
|
|
|
- `patricknix` my main laptop
|
2023-08-30 14:25:52 +02:00
|
|
|
- `desktopnix` my main desktop
|
2023-08-31 22:34:22 +02:00
|
|
|
- `testienix` old laptop for testing
|
2023-06-03 11:05:10 +02:00
|
|
|
|
|
|
|
## Users
|
|
|
|
- `patrick` my normal everyday unprivileged user
|
|
|
|
- `root` root user imported by every host
|
|
|
|
|
2023-06-03 13:10:41 +02:00
|
|
|
## Flake output structure
|
|
|
|
- `apps` executables used for editing this configuration
|
|
|
|
- `edit-secret` edit an age encrypted secret
|
|
|
|
- `rekey` rekey all secret files for the host's secret key, enabling agenix
|
|
|
|
- `rekey-save-output` only internal use
|
|
|
|
- `checks` linting and other checks for this repository
|
|
|
|
- `pre-commit-check` automatic checks executed as pre-commit hooks
|
|
|
|
- `colmena` outputs used by colmena
|
|
|
|
- `colmenaNodes` per node configuration
|
|
|
|
- `nodes` alias to `colmenaNodes`
|
|
|
|
- `devshell` development shell using devshell
|
|
|
|
- `formatter` nix code formatter
|
|
|
|
- `hosts` host meta declaration
|
|
|
|
- `pkgs` nixpkgs
|
2023-08-30 20:18:26 +02:00
|
|
|
- `packages` additional packages
|
2023-06-03 13:10:41 +02:00
|
|
|
- `secretsConfig` meta configuration for secrets
|
|
|
|
- `stateVersion` global stateversion used by nixos and home-manager to determine default config
|
2023-06-03 11:05:10 +02:00
|
|
|
|
|
|
|
## How-To
|
|
|
|
|
2023-08-26 14:01:58 +02:00
|
|
|
### Add additional hosts
|
|
|
|
|
|
|
|
1. Add host definition to `hosts.toml`
|
2023-08-30 14:25:52 +02:00
|
|
|
2. Create host configuration in `hosts/<name>`
|
|
|
|
1. Create and fill `default.nix`
|
|
|
|
1. Fill `net.nix`
|
|
|
|
1. Fill `fs.nix`
|
2023-08-30 16:38:30 +02:00
|
|
|
2. Don't forget to add necesarry config for filesystems, etc.
|
|
|
|
3. Generate ISO image with `nix build --print-out-paths --no-link .#images.<target-system>.live-iso`
|
2023-08-30 20:18:26 +02:00
|
|
|
- This might take multiple minutes(~10)
|
2023-08-31 22:34:22 +02:00
|
|
|
- Alternatively boot an official nixos image connect with password
|
|
|
|
3. Copy ISO to usb using dd
|
|
|
|
3. After booting copy the installer to the live system using `nix copy --to <target> .#packages.<target-system>.installer-package.<target>`
|
2023-09-01 20:07:03 +02:00
|
|
|
4. Run the installer script from the nix store of the live system
|
|
|
|
- you can get the path using `nix path-info .#packages.<target-system>.installer-package.<target>`
|
|
|
|
4. Export all zpools and reboot into system
|
|
|
|
6. Retrieve hostkeys using `ssh-keyscan <host> | grep -o 'ssh-ed25519.*' > host/<target>/secrets/host.pub
|
|
|
|
5. Deploy system using colmena
|
2023-08-30 14:25:52 +02:00
|
|
|
|
2023-06-03 11:05:10 +02:00
|
|
|
|
|
|
|
## Deploy
|
|
|
|
|
|
|
|
```bash
|
|
|
|
colmena apply --on <hostname>
|
|
|
|
```
|
|
|
|
If deploying from a host not containing the necessary nix configuration option append
|
|
|
|
```bash
|
|
|
|
--nix-option plugin-files "$NIX_PLUGINS"/lib/nix/plugins --nix-option extra-builtins-file ./nix/extra-builtins`
|
|
|
|
```
|