{"id":20936318,"url":"https://github.com/extrange/nixos-config","last_synced_at":"2025-10-23T22:04:23.929Z","repository":{"id":210228972,"uuid":"725892877","full_name":"extrange/nixos-config","owner":"extrange","description":"My NixOS Config","archived":false,"fork":false,"pushed_at":"2024-10-29T17:02:23.000Z","size":8453,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-29T18:29:20.022Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Nix","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/extrange.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-12-01T04:54:34.000Z","updated_at":"2024-10-29T17:02:27.000Z","dependencies_parsed_at":"2023-12-01T14:27:03.838Z","dependency_job_id":"2ccc87d8-f822-4e69-b25b-8832ccc699d1","html_url":"https://github.com/extrange/nixos-config","commit_stats":null,"previous_names":["extrange/nixos-config"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/extrange%2Fnixos-config","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/extrange%2Fnixos-config/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/extrange%2Fnixos-config/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/extrange%2Fnixos-config/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/extrange","download_url":"https://codeload.github.com/extrange/nixos-config/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243330259,"owners_count":20274037,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-18T22:19:05.115Z","updated_at":"2025-10-23T22:04:23.912Z","avatar_url":"https://github.com/extrange.png","language":"Nix","funding_links":[],"categories":[],"sub_categories":[],"readme":"# My NixOS Configuration\n\n![screenshot](./screenshot.jpg)\n\nSecrets are encrypted by the hosts' own SSH key via `sops-nix`.\n\n[Useful Commands]\n\n[Server]\n\n## Configuration\n\nHost configuration is specified by `*.nix` files in `hosts/${hostname}`, e.g.:\n\n- `system.nix`\n- `hardware-configuration.nix` (generated by `nixos-generate-config`)\n- Optionally, other files as resources e.g. `monitors.xml`\n\nThey also inherit configurations from `common/`.\n\nSee available options in `common-opt`.\n\nWhen adding a new host, generate its SSH keypair in `server`'s `/home/user/keys` directory: `ssh-keygen -t ed25519 -f \u003chostname\u003e`\n\n## Install\n\nAn encrypted root ([LVM over LUKS]) with zram will be setup. Root account is disabled.\n\n\u003e [!IMPORTANT]\n\u003e Before installing anything, back up your existing configuration:\n\u003e\n\u003e - Firefox profiles\n\u003e - `/etc/fstab` (if applicable)\n\u003e - `nm-cli` connections (if applicable)\n\u003e - VM images (if applicable)\n\nBoot into the NixOS [installer].\n\nThen, run:\n\n```text\n$ sudo -i\n# source \u003c(curl -s https://raw.githubusercontent.com/extrange/nixos-config/main/setup.sh)\n```\n\nEnter SSH login details when prompted.\n\nOnce installation is completed successfully, reboot.\n\n## Post Install\n\n- `git push` changes to `hardware-configuration.nix` for the respective host\n  - If necessary, add the new key to Github\n- If remote access is required, add the hosts public key to `common/system.nix`'s `known_hosts` for other devices to be able to connect without prompting\n  - NixOS generates new host keys everytime a host is provisioned, and I do not declaratively configure that\n- Pull Firefox profile\n- Setup logins (these can't be declaratively set)\n  - Tailscale (Auth Key max expiry is 90 days)\n  - Telegram\n  - Whatsapp\n- GSConnect pairing\n- VSCode settings sync (note: due to [automatic login], the keyring is not unlocked. However, it is possible to use a insecure storage and disable the [password].)\n\n## Raspberry Pi 4\n\n_Currently not working - GPU driver issues (`Qt Fatal: Could not open display`)._\n\nFor the initial build, build locally on another build host:\n\n```sh\nNIXPKGS_ALLOW_UNSUPPORTED_SYSTEM=1 nix build path:.#nixosConfigurations.rpi4.config.system.build.sdImage --impure --max-jobs 1\n```\n\n_Note: the build host requires `boot.binfmt.emulatedSystems = [ \"aarch64-linux\" ]` set._\n\n[`dd` the image to the sdcard](https://nix.dev/tutorials/nixos/installing-nixos-on-a-raspberry-pi.html):\n\n```sh\nsudo dd if=\u003cpath-to-img\u003e of=/dev/sdX bs=4096 conv=fsync status=progress\n```\n\nSubsequent builds can be pushed to the pi remotely:\n\n```sh\nnixos-rebuild --target-host user@192.168.1.30 --flake path:.#rpi4 --use-remote-sudo switch\n```\n\n## Notes\n\n- To edit `sops` secrets, use `SOPS_AGE_KEY=$(ssh-to-age -private-key -i ~/.ssh/id_ed25519) sops secrets.yaml`.\n- To add a new key for a host:\n  - First, get the `age` key from the SSH public key: `ssh-keygen -y -f path/to/public/key | ssh-to-age`\n  - Add the key to `.sops.yaml`\n  - Update: `SOPS_AGE_KEY=$(ssh-to-age -private-key -i path/to/private/key sops updatekeys secrets.yaml` (the private key must have previously used to encrypt the file)\n- `nixos-rebuild switch --flake .#hostname` will not allow access to untracked files. To [work around] this, do `nixos-rebuild switch --flake path:.#hostname`.\n- Using `read` in `curl ... | bash` doesn't work as `read` does not have access to the terminal, so `source` is used instead.\n- To fix the [`TypeError: BootSpec.__init__() missing 1 required positional argument`][bootspec-error], delete [symlinks to older generations] in `/nix/var/nix/profiles`, then rerun `nixos-rebuild switch`.\n\n## Resources\n\n- Dotfiles: [dmadisetti], [Electrostasy], [reckenrode]\n- Hyprland configs: [yurihikari], [Waayway]\n- [Comparison of `git-crypt`, `agenix` and `sops-nix`][secrets]\n\n[symlinks to older generations]: https://discourse.nixos.org/t/list-and-delete-nixos-generations/29637/6\n[bootspec-error]: https://discourse.nixos.org/t/typeerror-bootspec-init-missing-1-required-positional-argument-initrdsecrets/38008\n[secrets]: https://lgug2z.com/articles/handling-secrets-in-nixos-an-overview/\n[Waayway]: https://github.com/Waayway/hyprland-waayway\n[yurihikari]: https://github.com/yurihikari/garuda-sway-config\n[electrostasy]: https://github.com/Electrostasy/dots\n[reckenrode]: https://github.com/reckenrode/nixos-configs\n[dmadisetti]: https://github.com/dmadisetti/.dots\n[work around]: https://discourse.nixos.org/t/dirty-nixos-rebuild-build-flake-issues/30078/2\n[LVM over LUKS]: https://wiki.archlinux.org/title/dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS\n[installer]: https://channels.nixos.org/nixos-23.11/latest-nixos-minimal-x86_64-linux.iso\n[automatic login]: https://askubuntu.com/questions/1352398/asking-for-password-when-i-open-vscode-for-the-first-time\n[password]: https://askubuntu.com/questions/24770/gnome-keyring-keeps-asking-for-a-password-that-doesnt-exist/24773#24773\n[Useful Commands]: useful-commands.md\n[Server]: server.md\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fextrange%2Fnixos-config","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fextrange%2Fnixos-config","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fextrange%2Fnixos-config/lists"}