No description
|
|
||
|---|---|---|
| .github/workflows | ||
| apps | ||
| hosts | ||
| modules | ||
| nix | ||
| overlays | ||
| pkgs | ||
| secrets | ||
| shells/default | ||
| templates | ||
| .envrc | ||
| .gitignore | ||
| default.nix | ||
| flake.lock | ||
| flake.nix | ||
| LICENSE | ||
| nixpkgs.nix | ||
| README.md | ||
| shell.nix | ||
Structure
- Everything is built upon flake-parts, with flake modules for automatic stuff extraction
- Automatic classic (
callPackage) anddream2nixpackages extraction - Automatic
nixos,nix-darwin,nix-on-droid,home-managerandflakemodules extraction - Automatic
nixos,nix-darwin,nix-on-droidandhome-managerconfigurations extraction - Automatic overlays extraction
- Automatic devShells extraction
- Automatic classic (
- Hosts can be found under
./hosts/${config-type}/${system}/${hostname}/...- Check
./modules/flake/configurationsfor more info on what is extracted from those directories
- Check
- Modules can be found under
./modules/${config-type}/...- Check
./modules/flake/modulesfor more info on what is extracted from that directory
- Check
- Packages can be found under
./pkgs/...- Check
./modules/flake/packagesfor more info on what is extracted from that directory
- Check
- Overlays can be found under
./overlays/...- Check
./modules/flake/overlaysfor more info on what is extracted from that directory
- Check
- Shells can be found under
./shells/...- Check
./modules/flake/shellsfor more info on what is extracted from that directory - Default one puts a recent
nix(as of recently -lix) together with some other useful tools for working with the repo (deploy-rs,rage,agenix-rekey, etc.), see./shells/default/default.nixfor more info
- Check
Topology
You can see the overall topology of the hosts by running
nix build ".#topology"
And opening the resulting ./result/main.svg and ./result/network.svg
Secrets
Secrets are managed by agenix and agenix-rekey
Note
Secrets are defined by the hosts themselves,
agenix-rekeyjust collects what secrets are referenced by them and lets you generate, edit and rekey them
# To put `rage`, `agenix-rekey` and friends in `$PATH`
nix develop
Edit secret
# Select from `fzf` menu
agenix edit
Rekey all secrets
agenix rekey
Generate missing keys (with the defined generators)
agenix generate
Setups
NixOS setup
# Initial setup
nix run nixpkgs#nixos-anywhere -- --flake ".#${HOSTNAME}" --build-on-remote --ssh-port 22 "root@${HOSTNAME}" --no-reboot
# Deploy
deploy ".#${HOSTNAME}" --skip-checks
MacOS / Darwin (silicon) setup
# Setup system tools
softwareupdate --install-rosetta --agree-to-license
sudo xcodebuild -license
# Install nix
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
# Apply configuration
git clone https://www.github.com/reo101/rix101 ~/.config/rix101
cd ~/.config/rix101
nix build ".#darwinConfigurations.${HOSTNAME}.system"
./result/sw/bin/darwin-rebuild switch --flake .
# System setup for `yabai` (in system recovery)
# NOTE: <https://support.apple.com/guide/mac-help/macos-recovery-a-mac-apple-silicon-mchl82829c17/mac>
csrutil enable --without fs --without debug --without nvram
Credits
Misterio77for his amazingnix-starter-configs, on which this was based originallydiskofor making disk partioning a breezeoddlamafor creating the amazingagenix-rekeyandnix-topologyprojects