Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ginkogruen/nix-minimal

NixOS starter config for installing a solid base system
https://github.com/ginkogruen/nix-minimal

disko nix nix-flake nixos nixos-anywhere sops-nix zfs

Last synced: 15 days ago
JSON representation

NixOS starter config for installing a solid base system

Host: GitHub
URL: https://github.com/ginkogruen/nix-minimal
Owner: ginkogruen
Created: 2024-10-21T13:41:26.000Z (23 days ago)
Default Branch: main
Last Pushed: 2024-10-27T15:21:53.000Z (17 days ago)
Last Synced: 2024-10-27T22:03:54.018Z (16 days ago)
Topics: disko, nix, nix-flake, nixos, nixos-anywhere, sops-nix, zfs
Language: Nix
Homepage:
Size: 60.5 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # nix-minimal

Minimal opinionated NixOS configuration to be used as a base system to build upon.

The Aim is to provide a structure for all things which have to be done

on install and can't easily be changed later.

It should also be possible to set this up with minimal interaction and effort.

## Installation guide

For installing this config use nixos anywhere

While nixos-anywhere can be installed through different ways I'd like to install from the NixOS installer.

To do this boot the installer and set a password via:

```bash

passwd "password"

```

Then find out the ip adress to reach your target machine with:

```bash

ip addr

```

And finally install with nixos-anywhere using the following command:

```bash

nix run github:nix-community/nixos-anywhere -- --flake '.#titan' nixos@

```

Note:

If you are on a non x86_64-linux system specify additionally `--build-on-remote`.

Specify disk encryption keys using `--disk-encryption-keys /tmp/secret.key `.

**TODO: Add documentation for passing additional files with `--extra-files` and `--generate-hardware-config`**

## Functionality goals

I aim to hit the following functionality goals for my systems:

- [x] Declarative partitioning using [disko](https://github.com/nix-community/disko)

- [x] Systemd-boot as bootloader

- [x] ZFS filesystem

- [x] Full disk encryption with ZFS encryption

- [ ] Encryption unlockable through SSH

- [ ] ~~SWAP partition~~

- [ ] Impermanence setup for NixOS and home-manager

- [ ] Impermanence rollback via ZFS snapshot

- [ ] Secrets management using [sops-nix](https://github.com/Mic92/sops-nix)

- [ ] Documentation for how things work

- [x] Setup with [nixos-anywhere](https://github.com/nix-community/nixos-anywhere)

- [ ] Optional secure boot with [lanzaboote](https://github.com/nix-community/lanzaboote)

I may not hit every one of these goals so these are subject to change.

## Documentation resources & inspiration

- [Graham Christensen - ZFS Datasets for NixOS](https://grahamc.com/blog/nixos-on-zfs/)

- [Graham Christensen - Erase your darlings](https://grahamc.com/blog/erase-your-darlings/)

- [Remote, encrypted ZFS storage server with NixOS](https://mazzo.li/posts/hetzner-zfs.html)

- [ElvishJerricco/stage1-tpm-tailscale](https://github.com/ElvishJerricco/stage1-tpm-tailscale)