| .github | ||
| desktops | ||
| overlays | ||
| profiles | ||
| scripts | ||
| secrets | ||
| servers | ||
| shared | ||
| .editorconfig | ||
| .envrc | ||
| .gitignore | ||
| flake.lock | ||
| flake.nix | ||
| LICENSE | ||
| Makefile | ||
| README.md | ||
| TODO.md | ||
nixos-config
Provisioning for my NixOS systems based on Nix.
Prepare
Copy /etc/ssh/ssh_host_ed25519_key.pub into secrets
and rekey the secrets via agenix. After pushing the rekeyed secrets
execute the commands below.
Desktops
Generally after the installation I'm cloning this repository somewhere onto the
desktop machine and just execute make switch within that repository to apply
updates, if this is not the case I can always execute
nixos-rebuild switch --flake github:tboerger/nixos-config#name to get the
latest changes pulled in.
Chnum
sudo loadkeys de
sudo nix-shell --packages nixUnstable
bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/scripts/chnum-partitions)"
mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#chnum
Hathor
sudo loadkeys de
sudo nix-shell --packages nixUnstable
bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/scripts/hathor-partitions)"
mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#hathor
Osiris
sudo loadkeys de
sudo nix-shell --packages nixUnstable
bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/scripts/osiris-partitions)"
mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#osiris
Servers
Currently I'm applying the updates manually by cloning the repository into the
machine and executing make switch, but on longterm it should also just work to
use the deploy #name command, at least if it's executed from a NixOS desktop.
Niflheim
sudo loadkeys de
sudo nix-shell --packages nixUnstable
bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/scripts/niflheim-partitions)"
mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#niflheim
Asgard
sudo loadkeys de
sudo nix-shell --packages nixUnstable
bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/scripts/asgard-partitions)"
mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#asgard
Utgard
sudo loadkeys de
sudo nix-shell --packages nixUnstable
bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/scripts/utgard-partitions)"
mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#utgard
Midgard
sudo loadkeys de
sudo nix-shell --packages nixUnstable
mount /dev/disk/by-label/NIXOS_SD /mnt
mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#midgard
Security
If you find a security issue please contact thomas@webhippie.de first.
Contributing
Fork -> Patch -> Push -> Pull Request
Authors
License
Apache-2.0
Copyright
Copyright (c) 2021 Thomas Boerger <thomas@webhippie.de>