mirror of https://github.com/tboerger/nixos-config synced 2024-11-22 00:01:57 +01:00

nix nixpkgs

Go to file

Thomas Boerger 221c398a5f feat: integrate most required services		2024-07-17 16:05:33 +02:00
.github	chore(deps): update actions/checkout action to v4	2023-09-04 14:53:33 +00:00
desktops	feat: integrate most required services	2024-07-17 16:05:33 +02:00
home	feat: integrate most required services	2024-07-17 16:05:33 +02:00
overlays	feat: integrate most required services	2024-07-17 16:05:33 +02:00
secrets	feat: integrate most required services	2024-07-17 16:05:33 +02:00
servers	feat: integrate most required services	2024-07-17 16:05:33 +02:00
shared	feat: integrate most required services	2024-07-17 16:05:33 +02:00
.editorconfig	chore: initial commit	2022-02-20 17:46:48 +01:00
.envrc	chore: integrate deploy-rs and flake-utils	2022-09-28 22:28:36 +02:00
.gitignore	feat: integrate most required services	2024-07-17 16:05:33 +02:00
flake.lock	feat: integrate most required services	2024-07-17 16:05:33 +02:00
flake.nix	feat: integrate most required services	2024-07-17 16:05:33 +02:00
LICENSE	chore: initial commit	2022-02-20 17:46:48 +01:00
README.md	fix(minecraft): drop temurin-bin-8/temurin-bin-17 as it's part of prism	2024-01-31 14:05:56 +01:00

README.md

nixos-config

Provisioning for my NixOS systems based on Nix.

Prepare

Copy /etc/ssh/ssh_host_ed25519_key.pub into secrets and rekey the secrets via agenix, you could also just execute ssh-keyscan ip_or_fqdn to fetch the current public keys. After pushing the rekeyed secrets execute the commands below.

Desktops

Generally after the installation I'm cloning this repository somewhere onto the desktop machine and just execute make switch within that repository to apply updates, if this is not the case I can always execute the following command to get the latest changes pulled in:

nixos-rebuild switch --flake github:tboerger/nixos-config#hostname

Anubis

sudo loadkeys de
sudo nix-shell --packages nixUnstable

nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko --flake github:tboerger/nixos-config#anubis

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#anubis

After a reboot of the system it should be fully provisioned with the regular flake which includes all defined services:

nixos-rebuild switch --flake github:tboerger/nixos-config#anubis

Chnum

sudo loadkeys de
sudo nix-shell --packages nixUnstable

nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko --flake github:tboerger/nixos-config#chnum

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#chnum

After a reboot of the system it should be fully provisioned with the regular flake which includes all defined services:

nixos-rebuild switch --flake github:tboerger/nixos-config#chnum

Servers

To apply updates for servers this repository should be updated to the latest version, after that it is possible to use deploy-rs to upgrade the deployment with a command like this:

nix run github:serokell/deploy-rs github:tboerger/nixos-config#hostname

Asgard

sudo loadkeys de
sudo nix-shell --packages nixUnstable

nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko --flake github:tboerger/nixos-config#asgard

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#asgard

After a reboot of the system it should be fully provisioned with the regular flake which includes all defined services:

nix run github:serokell/deploy-rs github:tboerger/nixos-config#asgard

Utgard

sudo loadkeys de
sudo nix-shell --packages nixUnstable

nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko --flake github:tboerger/nixos-config#utgard

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#utgard

After a reboot of the system it should be fully provisioned with the regular flake which includes all defined services:

nix run github:serokell/deploy-rs github:tboerger/nixos-config#utgard

Vanaheim

sudo loadkeys de
sudo nix-shell --packages nixUnstable

nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko --flake github:tboerger/nixos-config#vanaheim

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#vanaheim

After a reboot of the system it should be fully provisioned with the regular flake which includes all defined services:

nix run github:serokell/deploy-rs github:tboerger/nixos-config#vanaheim

Yggdrasil

sudo loadkeys de
sudo nix-shell --packages nixUnstable

mount /dev/disk/by-label/NIXOS_SD /mnt

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#yggdrasil

After a reboot of the system it should be fully provisioned with the regular flake which includes all defined services:

nix run github:serokell/deploy-rs github:tboerger/nixos-config#yggdrasil

Finish

Finally after I have setup the whole system I usually copy the remaining credentials from my securely stored USB stick to get access to my SSH keys and Gnupg keys if this is required on the machine. It should not be required for servers.

SSH

mkdir -p ${HOME}/.ssh/
cp /media/$(whoami)/secrets/ssh/id_* ${HOME}/.ssh/
chown -R $(id -u):$(id -g) ${HOME}/.ssh
chmod u=rw,g=,o= ${HOME}/.ssh/id_*

Gnupg

for FILE in /media/$(whoami)/secrets/gpg/*.asc; do
    gpg --import ${FILE}
done

Security

If you find a security issue please contact thomas@webhippie.de first.

Contributing

Fork -> Patch -> Push -> Pull Request

Authors

Thomas Boerger

License

Apache-2.0

Copyright

Copyright (c) 2021 Thomas Boerger <thomas@webhippie.de>