No description
reo101
75ab40c7ca
Use `agenix-rekey` flake module Add `NixOS` module for `agenix-rekey` - Default `masterIdentities` - Default `localStorageDir` |
||
|---|---|---|
| .github/workflows | ||
| apps | ||
| machines | ||
| modules | ||
| nix | ||
| overlays | ||
| pkgs | ||
| secrets | ||
| shells | ||
| templates | ||
| .envrc | ||
| .gitignore | ||
| default.nix | ||
| flake.lock | ||
| flake.nix | ||
| LICENSE | ||
| nixpkgs.nix | ||
| README.md | ||
| shell.nix | ||
Based on nix-starter-configs
Secrets
# To put `agenix` and friends in `$PATH`
nix develop
cd secrets
Make new key
rage-keygen -o key
Edit secret
agenix -i key -e sub/dir/secret_file.age
Rekey all secrets
agenix -i key --rekey
NixOS setup
# Initial setup
nix run nixpkgs#nixos-anywhere -- --flake .#${HOSTNAME} --build-on-remote --ssh-port 22 root@${HOSTNAME} --no-reboott
# Deploy
deploy .#${HOSTNAME} --skip-checks
Mac (silicon) setup
# Setup system tools
softwareupdate --install-rosetta --agree-to-license
sudo xcodebuild -license
# Install nix
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
# Apply configuration
git clone https://www.github.com/reo101/rix101 ~/.config/rix101
cd ~/.config/rix101
nix build ".#darwinConfigurations.${HOSTNAME}.system"
./result/sw/bin/darwin-rebuild switch --flake .
# System setup for `yabai` (in system recovery)
csrutil enable --without fs --without debug --without nvram