Skip to content

Latest commit

 

History

History
258 lines (184 loc) · 8.56 KB

README.md

File metadata and controls

258 lines (184 loc) · 8.56 KB

nix-config

A nix config based flakes.

NixOS config is already, Darwin config is processing.

Highlight

  • impermanence with btrfs
  • disk manage by disko
  • home manage by home-manager
  • manage user and host info by settings file
  • can set different ability to different host for single user
  • manage development environment by devenv
  • manage secert by sops
  • ...

Structure

├── home                               # home manage
│   ├── __global                       # global config for user
│   ├── __optional                     # optional config for user
│   └── *                              # user dir
│    ├── default.nix                   # user config
│    ├── pgp-public-key.asc            # public pgp key for gpg
│    ├── ssh-authorized-keys.pub       # ssh authorized keys
│    └── <hostname>.nix                # special host config for user
├── hosts                              # host manage
│   ├── __global                       # global config for host
│   ├── __optional                     # optional config for host
│   └── *                              # host dir
│    ├── configuration.nix             # host config
│    ├── hardware-configuration.nix    # generated by nixos-generate-config
│    ├── disko-config.nix              # disko config
│    ├── secrets.yaml                  # secrets for current host
│    ├── ssh_host_ed25519_key.pub
│    └── ssh_host_rsa_key.pub
│   └── secrets.yaml                   # secrets for all host
├── lib                                # some useful lib for nix
├── modules
│   ├── darwin
│   └── nixos
├── overlays
├── pkgs
└── shell                              # shell managed with devenv

Usage

First Time Install

0. Manage keys for sops (optional)

Generating a new SSH key

Generate ssh keys, name as:

ssh_host_rsa_key ssh_host_ed25519_key

copy these keys to right position (eg: /etc/ssh) after install and before first reboot,

change key (not include pub) file mode, chmod 0600 /path/to/key

use another key.txt file when decrypting, like:

sudo SOPS_AGE_KEY_FILE=/run/secrets.d/age-keys.txt sops hosts/secrets.yaml

  1. Boot from nixos live cd

  2. Clone this repo

  3. CD to current repo dir

  4. Enable flakes environment

# enable flakes in live
export NIX_CONFIG="experimental-features = nix-command flakes"

# enable flakes environment
nix develop
  1. Config new user and host

  2. Manage disk and partition

By disko:

Need add disko config file in host/<hostname>/ and import in host/<hostname>/configuration.nix file before. More disko config example, see github:nix-community/disko/example

## **Be aware of data**
disko --mode disko --flake /absolute/path/to/current/repo#<hostname>

# check label,
lsblk -o name,fstype,label,mountpoints,parttypename,partlabel,size

# set manually if not exit or not same with hostname
btrfs filesystem label /dev/<part> <hostname>

By hand:

Just like a regular linux installation. Partition, format, and mount.

  1. Generate hardware-configuration.nix
# if you manage disk by disko
nixos-generate-config --no-filesystems --root /mnt

# else by hand
nixos-generate-config --root /mnt

Then copy hardware-configuration.nix to host/<hostname>/ dir. And import it in host/<hostname>/configuration.nix file.

  1. Install
# install
nixos-install --flake .#<hostname> --show-trace --no-root-passwd
  1. Reboot

NOTE: Before reboot, make sure you have copied ssh keys to right position and change file mode if needed (see step 0).

reboot

Rebuild(Update) After

sudo nixos-rebuild switch --flake .#<hostname> --show-trace

Add New User and Host

Add new user

Add new user inside userAttrs. And then add user nix file in home/<username>/.

  1. default.nix is needed. Like this:
# See https://nix-community.github.io/home-manager/options.xhtml

{inputs, outputs, host, user, pkgs, ... }: {
  imports = [
    ../__optional/cli
  ];
}
  1. <hostname>.nix is optional. Just create and config it if you want to set extra for target host.

Add new host

Add new host inside hostAttrs. And then add host nix files in host/<hostname>/.

  1. configuration.nix is needed.

Like this:

{
  config,
  lib,
  pkgs,
  ...
}: {
  imports = [
    ./hardware-configuration.nix
    ../__optional/systemd-boot.nix
  ];

  # See https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
  system.stateVersion = "23.11"; # Did you read the comment?
}
  1. hardware-configuration.nix is needed.

This is be generated by nix command when you install above. Just copy it to here.

  1. ssh_host_ed25519_key.pub is optional.

  2. ssh_host_rsa_key.pub is optional.

Settings

User

A attr inside userAttrs in settings file. Key is username, value is a attrset.

Key Type Required Description
username string true username
usernameAlternative string false alternative username
usernameFull string false full name
useremail string false email
initialPassword string true initial password
persistence set false persistence config, reference the impermanence1
usernameKeyForGit string false key for git. If not set, use username

Host

A attr inside hostAttrs in settings file. Key is hostname, value is a attrset.

Key Type Required Description
hostname string true hostname
os string true os
system string true system
device string false device
impermanence bool false whether to use impermanence
persistencePath string false used by impermanence, absolute path
userAttrs set true user config, reference the user2, also can inherit directly
allowedPorts list false used by firewall
allowedPortRanges list false used by firewall

TODO

  • docs for darwin usage
  • manage sops with system-wide under darwin

References

Misterio77/nix-config: Personal nixos and home-manager configurations. (github.com)

Footnotes

  1. impermanence

  2. User