1
0
mirror of https://github.com/tboerger/nixos-config synced 2024-11-26 07:43:45 +01:00
Go to file
2022-11-23 14:34:46 +01:00
.github chore(deps): bump actions/checkout from 2.4.0 to 3 2022-03-07 14:26:19 +00:00
desktops chore: some restructuring of desktops 2022-11-23 14:34:46 +01:00
overlays chore: add some more stuff for new server 2022-11-17 09:45:04 +01:00
profiles chore: some restructuring of desktops 2022-11-23 14:34:46 +01:00
secrets chore: integrate new desktop anubis 2022-11-22 11:12:50 +01:00
servers chore: integrate new desktop anubis 2022-11-22 11:12:50 +01:00
shared chore: more changes to filesystems 2022-11-18 15:33:26 +01:00
.editorconfig chore: initial commit 2022-02-20 17:46:48 +01:00
.envrc chore: integrate deploy-rs and flake-utils 2022-09-28 22:28:36 +02:00
.gitignore chore: integrate deploy-rs and flake-utils 2022-09-28 22:28:36 +02:00
flake.lock chore: some restructuring of desktops 2022-11-23 14:34:46 +01:00
flake.nix chore: rename hathor to anubis 2022-11-22 11:15:02 +01:00
LICENSE chore: initial commit 2022-02-20 17:46:48 +01:00
Makefile chore: integrate deploy-rs and flake-utils 2022-09-28 22:28:36 +02:00
README.md chore: integrate new desktop anubis 2022-11-22 11:12:50 +01:00
TODO.md chore: some restructuring of desktops 2022-11-23 14:34:46 +01:00

nixos-config

Build

Provisioning for my NixOS systems based on Nix.

Prepare

Copy /etc/ssh/ssh_host_ed25519_key.pub into secrets and rekey the secrets via agenix. After pushing the rekeyed secrets execute the commands below.

Desktops

Generally after the installation I'm cloning this repository somewhere onto the desktop machine and just execute make switch within that repository to apply updates, if this is not the case I can always execute nixos-rebuild switch --flake github:tboerger/nixos-config#name to get the latest changes pulled in.

Anubis

sudo loadkeys de
sudo nix-shell --packages nixUnstable

bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/desktops/anubis/partitions.sh)"

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#anubis

Chnum

sudo loadkeys de
sudo nix-shell --packages nixUnstable

bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/desktops/chnum/partitions.sh)"

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#chnum

Osiris

sudo loadkeys de
sudo nix-shell --packages nixUnstable

bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/desktops/osiris/partitions.sh)"

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#osiris

Servers

Currently I'm applying the updates manually by cloning the repository into the machine and executing make switch, but on longterm it should also just work to use the deploy #name command, at least if it's executed from a NixOS desktop.

Niflheim

apt install -y sudo

mkdir -p /etc/nix
echo "build-users-group =" > /etc/nix/nix.conf

curl -L https://nixos.org/nix/install | sh
. $HOME/.nix-profile/etc/profile.d/nix.sh

nix-env -f https://github.com/nix-community/nixos-generators/archive/master.tar.gz -i -v

cat <<EOF > /root/config.nix
{
  services.openssh.enable = true;
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINaQYR0/Oj6k1H03kshz2J7rlGCaDSuaGPhhOs9FcZfn"
  ];
}
EOF

nixos-generate -o /root/result  -f kexec-bundle -c /root/config.nix
/root/result

bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/servers/niflheim/partitions.sh)"

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#niflheim

Asgard

sudo loadkeys de
sudo nix-shell --packages nixUnstable

bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/servers/asgard/partitions.sh)"

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#asgard

Utgard

sudo loadkeys de
sudo nix-shell --packages nixUnstable

bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/servers/utgard/partitions.sh)"

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#utgard

Midgard

sudo loadkeys de
sudo nix-shell --packages nixUnstable

mount /dev/disk/by-label/NIXOS_SD /mnt

mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#midgard

Security

If you find a security issue please contact thomas@webhippie.de first.

Contributing

Fork -> Patch -> Push -> Pull Request

Authors

License

Apache-2.0

Copyright (c) 2021 Thomas Boerger <thomas@webhippie.de>