Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/notthebee/nix-config

Configuration files for my NixOS and nix-darwin machines
https://github.com/notthebee/nix-config

Last synced: about 24 hours ago
JSON representation

Configuration files for my NixOS and nix-darwin machines

Host: GitHub
URL: https://github.com/notthebee/nix-config
Owner: notthebee
License: apache-2.0
Created: 2023-06-28T18:33:25.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-08-24T11:21:42.000Z (4 months ago)
Last Synced: 2024-08-24T12:32:19.633Z (4 months ago)
Language: Nix
Homepage:
Size: 251 KB
Stars: 194
Watchers: 4
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# nix-config

Configuration files for my NixOS and nix-darwin machines.

Very much a work in progress.

## Installation runbook (NixOS)

Create a root password using the TTY
```bash
sudo su
passwd
```

From your host, copy the public SSH key to the server
```bash
ssh-add ~/.ssh/notthebee
ssh-copy-id -i ~/.ssh/notthebee root@
```

SSH into the host with agent forwarding enabled (for the secrets repo access)
```bash
ssh -A root@
```

Enable flakes
```bash
mkdir -p ~/.config/nix
echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
```

Partition and mount the drives using [disko](https://github.com/nix-community/disko)
```bash
DISK='/dev/disk/by-id/ata-Samsung_SSD_870_EVO_250GB_S6PENL0T902873K'

curl https://raw.githubusercontent.com/notthebee/nix-config/main/disko/zfs-root/default.nix \
-o /tmp/disko.nix
sed -i "s|to-be-filled-during-installation|$DISK|" /tmp/disko.nix
nix --experimental-features "nix-command flakes" run github:nix-community/disko \
-- -m destroy,format,mount /tmp/disko.nix
```

Install git and git-crypt
```bash
nix-env -f '' -iA git
nix-env -f '' -iA git-crypt
```

Clone this repository
```bash
mkdir -p /mnt/etc/nixos
git clone https://github.com/notthebee/nix-config.git /mnt/etc/nixos
```

Put the private and GPG key into place (required for secret management)
```bash
mkdir -p /mnt/home/notthebee/.ssh
exit
scp ~/.ssh/id_ed25519 root@:/mnt/home/notthebee/.ssh
scp ~/.ssh/git-crypt-nix root@:/mnt/home/notthebee/.ssh
ssh root@
chmod 700 /mnt/home/notthebee/.ssh
chmod 600 /mnt/home/notthebee/.ssh/*
```

Unlock the git-crypt vault
```bash
cd /mnt/etc/nixos
git-crypt unlock /mnt/home/notthebee/.ssh/git-crypt-nix
```

Install the system
```bash
nixos-install \
--root "/mnt" \
--no-root-passwd \
--flake "git+file:///mnt/etc/nixos#hostname" # alison, emily, etc.
```

Unmount the filesystems
```bash
umount "/mnt/boot/esp"
umount -Rl "/mnt"
zpool export -a
```

Reboot
```bash
reboot
```