Skip to content

dlo9/nixos-config

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

713 Commits
.vscode
.vscode
 
 
home
home
 
 
hosts
hosts
 
 
pkgs
pkgs
 
 
scripts
scripts
 
 
system
system
 
 
.gitignore
.gitignore
 
 
.sops.yaml
.sops.yaml
 
 
README.md
README.md
 
 
TODO.md
TODO.md
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 

Repository files navigation

System Dotfiles

This used to be a repository for system dotfiles, but have now been replaced by the nix configurations for all my machines.

Adding a new host

env SOPS_AGE_KEY=MY_MASTER_KEY ./scripts/util/create-host-config <hostname> <admin> <description>

Installing

Darwin

To install on a darwin system, use:

# Install for the first time
nix --extra-experimental-features "nix-command flakes" run nix-darwin -- switch --flake "./#$(hostname)" --fallback

# Rebuild
darwin-rebuild switch

The fancy way

This method installs the NixOS configuration from this repo directly -- it's fancy, but makes it more difficult to manage long-term on the host.

nixos-rebuild switch --flake 'github:dlo9/system-dotfiles'

The maintainable way

This method installs this NixOS flake by cloning the repo first, which makes it easy to reference and keep updated

sudo git clone https://github.com/dlo9/system-dotfiles /etc/nixos
sudo chown -R USER:users /etc/nixos
sudo chown root:root /etc/nixos

Configuration

  1. On the host, clone this flake into the nixos configuration directory:

    # This working directory will be assumed for the rest of the README
cd /etc/nixos

git clone https://github.com/dlo9/system-dotfiles.git

  2. Add a configuration for the host:

    vim flake.nix

  3. Generate a hardware configuration:

    ./scripts/generate-hardware-config.sh
git add .

Secrets

  1. On the host, generate an age public and private keypair for the host so that its secrets can be stored in git:

    # Generate the key
sudo age-keygen > /var/sops-age/keys.txt
sudo chmod 600 /var/sops-age/keys.txt

# Add it to the root user's SOPS keys so that files can be edited with `sudo sops <file>`
sudo mkdir -p /root/.config/sops/age
sudo ln -s /var/sops-age-keys.txt /root/.config/sops/age/nix.txt

  2. Copy the keys into git:

    env SOPS_AGE_KEY=<bitwarden age key> sops ./secrets/age-keys.yaml

  3. Add the public key to the shared secrets file:

    vim ./.sops.yaml

  4. Add a host secret file:

    vim ./.sops.yaml
touch "./secrets/hosts/$(hostname).yaml"

  5. Generate secrets for the host:

    # SSH keys
for type in ed25519 rsa; do
  mkdir -p "/tmp/ssh-keys"
  ssh-keygen -t "$type" -C "root@$(hostname)" -f "/tmp/ssh-keys/$type"
done

  6. Copy secrets into the host secret file:

    sudo sops "./secrets/hosts/$(hostname).yaml"

# SSH keys
cat /tmp/ssh-keys/ed25519.pub | wc-copy
cat /tmp/ssh-keys/ed25519 | wc-copy
cat /tmp/ssh-keys/rsa.pub | wc-copy
cat /tmp/ssh-keys/rsa | wc-copy

Help

This section contains information I frequently have to look up, and want an easier way to find.

Common Nix Links

Special files

  • /run/current-system - the currently running system profile
  • /nix/var/nix/profiles/system - the default boot profile
  • /nix/var/nix/profiles/per-user/ - user profiles

Cheatsheet

Configuration switching

# Build and apply the configuration at `/etc/nixos` as the current and default boot profiles
nixos-rebuild switch

# Build, and apply the configuration, updating dependencies first
nixos-rebuild switch --recreate-lock-file

# Build and aplly the configuration as the current profile only. The default boot profile is unchanged
# and will be run when the system is rebooted
nixos-rebuild test

# Build and apply the configuration, but without updating the package manager first. Slightly faster than
# the above
nixos-rebuild test --fast

# Check the configuration for errors, without building it. This is the fastest way of hacking a complete system
# https://github.com/NixOS/nix/issues/3908
nix eval "/etc/nixos#nixosConfigurations.$(hostname).config.system.build.toplevel.drvPath"

# Find why a package is required by the system
nix-tree --derivation "path:.#nixosConfigurations.$(hostname).config.system.build.toplevel"

# Display all zrepl holds on the local system
# https://serverfault.com/questions/456301/how-to-check-that-all-zfs-snapshots-within-a-pool-are-without-holds-before-destr
zfs get -Ht snapshot -o name userrefs | xargs zfs holds | rg -v replication

Nix store

# Delete all old generations for all profiles
nix-collect-garbage --delete-old

# Delete generations older than 1 week for all profiles
nix-collect-garbage --delete-older-than 7d

# Get the store path for a package
nix eval --raw 'nixpkgs#OVMF.version'   # Uses latest `nixpkgs` flake to get the latest version for package `OVMF`
nix eval --raw -f '<nixpkgs>' OVMF      # Uses system `nixpkgs` to get the nix store path for package output
nix eval --raw -f '<nixpkgs>' OVMF.out  # Same as above, just more verbose
nix eval --raw -f '<nixpkgs>' OVMF.fd   # Gets path of the alternate output `fd`

# Get derivation for a given store path
nix-store --query --deriver "$(which echo)"

Networking

# View network controllers
lspci -v | grep -iA8 'network\|ethernet'

# Manually connect to wireless network (wifi)
wifi_name="<WIFI_NAME>"
wifi_password="<WIFI_PASSWORD>"
wifi_interface="$(ip link show | awk -F '[ \t:]+' ' $2 ~ /^w/ { print $2 }')"

wpa_passphrase "$wifi_name" "$wifi_password" > /tmp/wifi_config
wpa_supplicant -i "$wifi_interface" -c /tmp/wifi_config
rm /tmp/wifi_config

# Connect with DHCP on an interface
dhcpcd "$NETWORK_INTERFACE"

Miscellaneous

# Reset Time
sudo systemctl stop systemd-timesyncd.service \
    && sudo timedatectl set-time '2023-12-02 22:53:00 PDT' \
    && sudo systemctl start systemd-timesyncd.service

About

System-wide configuration files

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages