Provisioning scripts for my workstations
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
Thomas Boerger 77b8574980
feat: use pkg instead of hacky tarball for dockutil
2 days ago
.github chore: update github tags 1 week ago
machines feat: just install coreutils as part of tools 3 days ago
overlays feat: use pkg instead of hacky tarball for dockutil 2 days ago
profiles fix: install packages where they are required 3 days ago
.editorconfig chore: replace ansible by nixos 3 weeks ago
.gitignore fix: ignore result link 1 week ago
LICENSE chore: initial commit 1 month ago
Makefile chore: more refactoring of the repo structure 1 week ago
README.md docs: add step to install homebrew 5 days ago
flake.lock chore: more refactoring of the repo structure 1 week ago
flake.nix chore: more refactoring of the repo structure 1 week ago
shell.nix chore: refactoring for multiple os 2 weeks ago

README.md

workstation

Build

Provisioning for my Macbook's based on Nix.

Secrets

Generally all secrets are encrypted with agenix, so make sure to copy the SSH keys from the secrets stick with these commands:

mkdir -p $HOME/.ssh
cp /Volumes/secrets/ssh/id_* $HOME/.ssh/
chmod u=rw,g=,o= $HOME/.ssh/id_*

Prepare

Generally we disable SIP, just boot into the recovery system and open a terminal to execute csrutil disable, after rebooting into the regular system you can check with csrutil status if it's still disabled.

Generally it's a good idea to install all apps from the store which have been bought, especially Xcode, otherwise it fails to build macOS applications.

Osiris

Bootstrap

bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
sh <(curl -L https://nixos.org/nix/install)
echo "run\tprivate/var/run" | sudo tee -a /etc/synthetic.conf
reboot

nix \
    --extra-experimental-features "nix-command flakes" \
    build \
    github:tboerger/workstation\#osiris \
    --no-write-lock-file

./result/sw/bin/darwin-rebuild switch \
    --flake github:tboerger/workstation\#osiris

Updates

If the repository had been cloned you could just execute make switch, otherwise there is still this long option to update the deployment:

darwin-rebuild switch \
    --flake github:tboerger/workstation\#osiris

Hathor

Bootstrap

sh <(curl -L https://nixos.org/nix/install)
echo "run\tprivate/var/run" | sudo tee -a /etc/synthetic.conf
reboot

nix \
    --extra-experimental-features "nix-command flakes" \
    build \
    github:tboerger/workstation\#hathor \
    --no-write-lock-file

./result/sw/bin/darwin-rebuild switch \
    --flake github:tboerger/workstation\#hathor

Updates

If the repository had been cloned you could just execute make switch, otherwise there is still this long option to update the deployment:

darwin-rebuild switch \
    --flake github:tboerger/workstation\#hathor

Anubis

Bootstrap

sh <(curl -L https://nixos.org/nix/install)
echo "run\tprivate/var/run" | sudo tee -a /etc/synthetic.conf
reboot

nix \
    --extra-experimental-features "nix-command flakes" \
    build \
    github:tboerger/workstation\#anubis \
    --no-write-lock-file

./result/sw/bin/darwin-rebuild switch \
    --flake github:tboerger/workstation\#anubis

Updates

If the repository had been cloned you could just execute make switch, otherwise there is still this long option to update the deployment:

darwin-rebuild switch \
    --flake github:tboerger/workstation\#anubis

Security

If you find a security issue please contact thomas@webhippie.de first.

Contributing

Fork -> Patch -> Push -> Pull Request

Authors

License

Apache-2.0

Copyright (c) 2021 Thomas Boerger <thomas@webhippie.de>