Lithospherical/nix-config
1
0
Fork 0
forked from jan-leila/nix-config
Code Pull requests Activity

got nixos-anywhere half working

Browse source
This commit is contained in:
Leyla Becker 2024-09-14 09:19:08 -05:00
parent 20e65ebf0f
commit 2a30c00ffb
6 changed files with 193 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

21
README.md
View file

@ -17,25 +17,31 @@
`./rebuild.sh`
# New machine setup
keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt
> TODO: `keys.txt`` should prob be readable by owning user only?
updating passwords: `sops secrets/secrets.yaml`
TODO: keys.txt should prob be readable by owning user only?
`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#defiant' nixos@192.168.1.130 --extra-files ~/.config/sops/age/`
> how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU
> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/`
> something about ssh keys for remotes
# Notes:
- Look into this for fixing nixos-anywhere `https://github.com/lucidph3nx/nixos-config/tree/main`
- Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/`
- Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh
- Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init
# Updating
`nix flake update`
# Tasks:
## Tech Debt
- allowUnfree should be dynamically enabled by the users whenever they need them
- allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???)
- GNOME default monitors per hardware configuration?
- graphics driver things should prob be in the hardware-configuration.nix
- what does `boot.kernelModules = [ "sg" ]` do?
@ -45,11 +51,12 @@ TODO: keys.txt should prob be readable by owning user only?
- DISKO for server
- STOP FROM SLEEPING
- VS code extensions should be installed declaratively
- Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init
- Flake templates
- Install all the things on the NAS
- firefox declarative???
- figure out steam vr things?
- Open GL?
- util functions
- openssh known hosts https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh
- limit boot configurations to 2 on defiant
- openssh known hosts
- limit boot configurations to 2 on defiant
- rotate sops encryption keys

21
flake.lock generated
View file

@ -1,5 +1,25 @@
{
"nodes": {
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1725377834,
"narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=",
"owner": "nix-community",
"repo": "disko",
"rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -86,6 +106,7 @@
},
"root": {
"inputs": {
"disko": "disko",
"home-manager": "home-manager",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",

10
flake.nix
View file

@ -8,6 +8,12 @@
# encrypt files that contain secreats that I would like to not encrypt
sops-nix.url = "github:Mic92/sops-nix";
# declairtive disk configuration
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
# managment per user
home-manager = {
url = "github:nix-community/home-manager";
@ -18,7 +24,7 @@
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
};
outputs = { self, nixpkgs, nixos-hardware, ... }@inputs:
outputs = { self, nixpkgs, disko, nixos-hardware, ... }@inputs:
let
forEachSystem = nixpkgs.lib.genAttrs [
"aarch64-darwin"
@ -53,6 +59,8 @@
defiant = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
disko.nixosModules.disko
./hosts/defiant/disko-config.nix
./hosts/defiant/configuration.nix
];
};

30
hosts/defiant/configuration.nix
View file

@ -11,19 +11,39 @@
../../enviroments/server
];
sops.defaultSopsFile = ../../secrets/secrets.yaml;
sops.defaultSopsFormat = "yaml";
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt";
age ={
keyFile = "/home/leyla/.config/sops/age/keys.txt";
# sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"];
# generateKey = true;
};
};
# home.sessionVariables = {
# SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt";
# };
users.leyla.isThinUser = true;
boot.loader.grub = {
enable = true;
device = "/dev/sda";
useOSProber = true;
zfsSupport = true;
efiSupport = true;
efiInstallAsRemovable = true;
# devices = [ "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0-part2" ];
# mirroredBoots = [
# { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB-part1" ]; path = "/boot1"; efiSysMountPoint = "/boot"; }
# { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC-part1" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; }
# { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH-part1" ]; path = "/boot3"; efiSysMountPoint = "/boot3"; }
# ];
};
boot.supportedFilesystems = [ "zfs" ];
networking.hostId = "c8985fc5"; # TODO: populate this when I get home
networking.hostName = "defiant"; # Define your hostname.
nixpkgs.config.allowUnfree = true;

120
hosts/defiant/disko-config.nix Normal file
View file

@ -0,0 +1,120 @@
{ lib, ... }:
let
bootDisk = devicePath: {
type = "disk";
device = devicePath;
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
zfsDisk = devicePath: {
type = "disk";
device = devicePath;
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zpool";
};
};
};
};
};
in {
disko.devices = {
disk = {
boot = bootDisk "/dev/sda"; # "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0";
# hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB";
# hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC";
# hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH";
# ssd_2_tb_a = zfsDisk "/dev/disk/by-id/XXX";
};
# zpool = {
# zpool = {
# type = "zpool";
# mode = {
# topology = {
# type = "topology";
# vdev = [
# {
# # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs???
# mode = "mirror";
# members = [
# "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c"
# ];
# }
# ];
# cache = [ ];
# # cache = [ "ssd_2_tb_a" ];
# };
# };
# options = {
# ashift = "12";
# };
# rootFsOptions = {
# encryption = "on";
# keyformat = "hex";
# keylocation = "prompt";
# compression = "lz4";
# xattr = "sa";
# acltype = "posixacl";
# "com.sun:auto-snapshot" = "false";
# };
# datasets = {
# "root" = {
# type = "zfs_fs";
# mountpoint = "/";
# };
# "nix" = {
# type = "zfs_fs";
# mountpoint = "/nix";
# };
# "home" = {
# type = "zfs_fs";
# mountpoint = "/home";
# options = {
# "com.sun:auto-snapshot" = "true";
# };
# };
# "var" = {
# type = "zfs_fs";
# mountpoint = "/var";
# };
# };
# };
# };
};
}

8
hosts/defiant/hardware-configuration.nix
View file

@ -13,10 +13,10 @@
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca";
fsType = "ext4";
};
# fileSystems."/" =
# { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca";
# fsType = "ext4";
# };
swapDevices = [ ];