My unified nix flake for all configuration management.
Find a file
2023-11-02 14:38:37 -05:00
disko Add legacy disk partitioning scheme 2023-10-06 10:42:19 -05:00
lib Updates to foxtrot 2023-10-18 09:14:19 -05:00
modules Tmux 2023-11-01 11:07:55 -05:00
nixos Server up 2023-11-02 14:38:37 -05:00
overlays Using the normal lts kernel seems to resolve my suspend/sway issues 2023-10-22 08:15:08 -05:00
pkgs WIP move to template 2023-10-03 11:52:44 -05:00
secrets Server up 2023-11-02 14:38:37 -05:00
.gitignore wip firewall for router 2023-11-02 10:01:58 -05:00
.sops.yaml Initial commit 2023-09-04 11:40:30 -05:00
flake.lock Update helix, fix git autocomplete in fish 2023-10-26 09:46:39 -05:00
flake.nix First pass setting up modded minecraft server via container 2023-11-02 13:14:43 -05:00
pre-commit.bash WIP move to template 2023-10-03 11:52:44 -05:00
readme.md Beefcake 2023-10-20 16:24:50 -05:00

Nix

My grand, declarative, and unified application, service, environment, and machine configuration, secret, and package management in a single flake. ❤️ ❄️

NOTE: Everything in here is highly specific to my personal preference. I can't recommend you actually use this in any way, but hopefully some stuff in here is useful inspiration.

Quick Start

$ nixos-rebuild switch --flake git+https://git.lyte.dev/lytedev/nix#${FLAKE_ATTR}

You don't have even have to clone this crap yourself. How cool is that!

But if you're gonna change stuff you had better setup the pre-commit hook:

$ ln -s $PWD/pre-commit.bash .git/hooks/pre-commit

If you're deploying anything secrets-related, you will need the proper keys:

$ mkdir -p ${XDG_CONFIG_HOME:-~/.config}/sops/age
$ pass age-key >> ${XDG_CONFIG_HOME:-~/.config}/sops/age/keys.txt

NixOS

$ nixos-rebuild switch --flake .

Not NixOS

$ curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
$ nix profile install github:nix-community/home-manager
$ home-manager switch --flake git+https://git.lyte.dev/lytedev/nix

Advanced Usage

Push NixOS Config

host=your_host
nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \
  --target-host "root@$host" --build-host "root@$host" \
  switch --show-trace

Safer Method

# initialize a delayed reboot by a process you can kill later if things look good
# note that the amount of time you give it probably needs to be enough time to both complete the upgrade
# _and_ perform whatever testing you need
host=your_host
ssh -t "root@$host" "bash -c '
  set -m
  (sleep 300; reboot;) &
  jobs -p
  bg
  disown
'"

# build the system and start running it, but do NOT set the machine up to boot to that system yet
# we will test things and make sure it works first
# if it fails, the reboot we started previously will automatically kick in once the timeout is reached
# and the machine will boot to the now-previous iteration
nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \
  --target-host "root@$host" --build-host "root@$host" \
  test --show-trace

# however you like, verify the system is running as expected
# if it is, run the same command with "switch" instead of "test"
# otherwise, we will wait until the machine reboots back into the 
# this is crude, but should be pretty foolproof
# the main gotcha is that the system is already unbootable or non-workable, but
# if you always use this method, that should be an impossible state to get into

# if we still have ssh access and the machine fails testing, just rollback
# instead of waiting for the reboot
ssh "root@$host" nixos-rebuild --rollback switch

Provisioning New NixOS Hosts

# establish network access
# plug in ethernet or do the wpa_cli song and dance for wifi
wpa_cli scan
wpa_cli scan_results
wpa_cli add_network 0
wpa_cli set_network 0 ssid "MY_SSID"
wpa_cli set_network 0 psk "MY_WIFI_PASSWORD"
wpa_cli enable_network 0
wpa_cli save_config

# disk encryption key (if needed)
echo -n "password" > /tmp/secret.key

# partition disks
nix-shell --packages git --run "sudo nix run \
  --extra-experimental-features nix-command \
  --extra-experimental-features flakes \
  github:nix-community/disko -- \
    --flake 'git+https://git.lyte.dev/lytedev/nix#${PARTITION_SCHEME}' \
    --mode disko \
    --arg disks '[ \"/dev/${DISK}\" ]'"

# install
nix-shell --packages git \
  --run "sudo nixos-install \
    --flake 'git+https://git.lyte.dev/lytedev/nix#${FLAKE_ATTR}' \
    --option trusted-substituters 'https://cache.nixos.org https://nix.h.lyte.dev' \
    --option trusted-public-keys 'cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0='"

To Do

Short Term

Long Term