rix101/README.md
2024-07-28 02:33:10 +03:00

4.7 KiB

nix


Structure

  • Everything is built upon flake-parts, with flake modules for automatic modules and configurations extraction
    • Automatic nixos, nix-darwin, nix-on-droid, home-manager and flake modules extraction
    • Automatic nixos, nix-darwin, nix-on-droid and home-manager configurations extraction
  • Hosts can be found under ./hosts/${config-type}/${system}/${hostname}/...
  • Modules can be found under ./modules/${config-type}/...

Topology

You can see the overall topology of the hosts by running

nix build .#topology

And opening the resulting ./result/main.svg and ./result/network.svg


Secrets

Secrets are managed by agenix and agenix-rekey

Note

Secrets are defined by the hosts themselves, agenix-rekey just collects what secrets are referenced by them and lets you generate, edit and rekey them

# To put `rage`, `agenix-rekey` and friends in `$PATH`
nix develop

Edit secret

# Select from `fzf` menu
agenix edit

Rekey all secrets

agenix rekey

Generate missing keys (with the defined generators)

agenix generate

Setups

NixOS setup

# Initial setup
nix run nixpkgs#nixos-anywhere -- --flake .#${HOSTNAME} --build-on-remote --ssh-port 22 root@${HOSTNAME} --no-reboot

# Deploy
deploy .#${HOSTNAME} --skip-checks

MacOS / Darwin (silicon) setup

# Setup system tools
softwareupdate --install-rosetta --agree-to-license
sudo xcodebuild -license

# Install nix
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install

# Apply configuration
git clone https://www.github.com/reo101/rix101 ~/.config/rix101
cd ~/.config/rix101
nix build ".#darwinConfigurations.${HOSTNAME}.system"
./result/sw/bin/darwin-rebuild switch --flake .

# System setup for `yabai` (in system recovery)
# NOTE: <https://support.apple.com/guide/mac-help/macos-recovery-a-mac-apple-silicon-mchl82829c17/mac>
csrutil enable --without fs --without debug --without nvram

Credits