Find a file
2023-09-06 22:12:41 +02:00
hosts WIP 2023-09-05 23:01:07 +02:00
lib feat: switched desktop 2023-09-01 20:07:03 +02:00
modules feat: smb mounts gehen wuhu 2023-09-05 23:33:38 +02:00
nix chore: systemd update 2023-09-02 20:11:06 +02:00
secrets fix: switched passwd encryption method to prevent user logout if agenix 2023-06-02 14:53:17 +09:00
users feat: more smb conf 2023-09-06 22:12:41 +02:00
.envrc chore: system update 2023-07-28 23:21:31 +09:00
.gitignore feat: added test system 2023-08-31 22:34:22 +02:00
.luacheckrc Switched to new folder layout 2023-05-18 18:47:55 +09:00
flake.lock WIP 2023-09-05 21:00:29 +02:00
flake.nix WIP 2023-09-05 21:00:29 +02:00
hosts.toml feat: added test system 2023-08-31 22:34:22 +02:00
README.md reworked file layout 2023-09-02 17:30:09 +02:00

Meine wundervolle nix config

Structure

  • hosts/ contain nixos configuration for hosts
    • <hostname>/ configuration for hosts
      • default.nix Toplevel system definition
      • fs.nix file system definiton
      • net.nix network setup
      • secrets/ secrets local to this hosts
        • secrets.nix.age local secrets usable on deploy
        • host.pub host public key, needed for rekeying agenix secrets
  • modules/ extra nixos modules and shared configurations
    • secrets.nix module to enable deploy-time secrets
    • config/ base configuration used on all machines
    • dev/ configuration options enabling developer environment
    • graphical/ configuration for graphical environments
    • hardware/ configuration for hardware components
    • impermanence/ impermanence modules for hosts
  • nix/ additional nix functions
    • checks.nix pre-commit checks
    • colmena.nix Setup for using colmena to deploy
    • devshell.nix Development shell
    • extra-builtins.nix Extra builtin plugin file to enable repository secrets
    • generate-node.nix logic to generate nodes for colmena
    • lib.nix additional library functions
  • secrets/ global secrets
    • <name>.key.pub public key handles to decrypt secrets using yubikey
    • recipients.txt rage recipient file for encrypting secrets
      • currently containing both yubikeys and a rage backup key
    • secrets.nix.age global secrets available at deploy
  • users/ home manager user configuration
    • common/ shared home-manager modules
      • graphical/ configuration for graphical programs
      • programs/ configuration for miscellaneous programs
      • shells/ configuration for shells
      • default.nix minimal setup for all users
      • interactive.nix minimal setup for interactive users on a command line
      • graphical.nix configuration for users utilizing a graphical interface
    • <username>/ configuration for users
      • impermanence.nix users persistence configuration

Hosts

  • patricknix my main laptop
  • desktopnix my main desktop
  • testienix old laptop for testing

Users

  • patrick my normal everyday unprivileged user
  • root root user imported by every host

Flake output structure

  • apps executables used for editing this configuration
    • edit-secret edit an age encrypted secret
    • rekey rekey all secret files for the host's secret key, enabling agenix
    • rekey-save-output only internal use
  • checks linting and other checks for this repository
    • pre-commit-check automatic checks executed as pre-commit hooks
  • colmena outputs used by colmena
  • colmenaNodes per node configuration
  • nodes alias to colmenaNodes
  • devshell development shell using devshell
  • formatter nix code formatter
  • hosts host meta declaration
  • pkgs nixpkgs
  • packages additional packages
  • secretsConfig meta configuration for secrets
  • stateVersion global stateversion used by nixos and home-manager to determine default config

How-To

Add additional hosts

  1. Add host definition to hosts.toml
  2. Create host configuration in hosts/<name>
    1. Create and fill default.nix
    2. Fill net.nix
    3. Fill fs.nix
    4. Don't forget to add necesarry config for filesystems, etc.
  3. Generate ISO image with nix build --print-out-paths --no-link .#images.<target-system>.live-iso
    • This might take multiple minutes(~10)
    • Alternatively boot an official nixos image connect with password
  4. Copy ISO to usb using dd
  5. After booting copy the installer to the live system using nix copy --to <target> .#packages.<target-system>.installer-package.<target>
  6. Run the installer script from the nix store of the live system
    • you can get the path using nix path-info .#packages.<target-system>.installer-package.<target>
  7. Export all zpools and reboot into system
  8. Retrieve hostkeys using `ssh-keyscan | grep -o 'ssh-ed25519.*' > host//secrets/host.pub
  9. Deploy system using colmena

Deploy

colmena apply --on <hostname>

If deploying from a host not containing the necessary nix configuration option append

--nix-option plugin-files "$NIX_PLUGINS"/lib/nix/plugins --nix-option extra-builtins-file ./nix/extra-builtins`