folliehiyuki/nixconfig
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
dotfiles, but for systems where I have a better tool in the arsenal than Ansible
215 commits 1 branch 0 tags 3 MiB
Nix 81.5%
Emacs Lisp 7.1%
Lua 6.6%
Shell 4.8%
Find a file
Hoang Nguyen f9d78b9c79
Import more Youtube channels to elfeed
2025-04-19 00:00:00 +07:00
hosts Import more Youtube channels to elfeed 2025-04-19 00:00:00 +07:00
lib Use programs.zsh.initContent everywhere 2025-03-29 00:00:00 +07:00
modules Import more Youtube channels to elfeed 2025-04-19 00:00:00 +07:00
overlays Don't enable nixpak by default 2025-04-14 00:00:00 +07:00
tests
.editorconfig
.envrc
.gitattributes
.gitignore
.sops.yaml Make sops-nix use the SSH host key in ssh-ed25519 format 2025-04-19 00:00:00 +07:00
.stylua.toml
devShell.nix
flake.lock Make sops-nix use the SSH host key in ssh-ed25519 format 2025-04-19 00:00:00 +07:00
flake.nix Use upstream firefox-addons flake 2025-04-14 00:00:00 +07:00
LICENSE
NOTES.md
outputs.nix Use programs.zsh.initContent everywhere 2025-03-29 00:00:00 +07:00
README.md
TODO.md Make sops-nix use the SSH host key in ssh-ed25519 format 2025-04-19 00:00:00 +07:00
treefmt.nix

README.md

folliehiyuki's Nix configuration

This Nix flake is used to manage my NixOS and MacOS machines.

For the configuration of my other desktop hosts running either AlpineLinux or ChimeraLinux, see dotfiles-ansible repository.

Setup

Darwin

nix needs to be installed first: sh <(curl -L https://nixos.org/nix/install)

To configure a Darwin host:

nix build .#darwinConfigurations.<hostname>.system
./result/sw/bin/darwin-rebuild switch --flake .#<hostname>

# Delete the manually installed `nix` instance to make `nix config check` happy
sudo nix profile remove nix cacert

NixOS

The NixOS host is set up with tmpfs on root, so a few prerequisite steps are needed before nixos-install can be executed:

# Destroy, partition, format the targeted disk and mount them to /mnt
# Method 1: via a custom-built disko script
nix build .#nixosConfigurations.aragorn.config.system.build.diskoScript && ./result
# Method 2: use the original `disko` script
disko --mode destroy,format,mount --flake .#aragorn

# Generate SSH key pairs
mkdir -m 0755 -p /mnt/persist/etc/ssh
ssh-keygen -t rsa -b 4096 -C root@aragorn -f /mnt/persist/etc/ssh/ssh_host_rsa_key
ssh-keygen -t ed25519 -C root@aragorn -f /mnt/persist/etc/ssh/ssh_host_ed25519_key

# Update .sops.yaml file with this new key (converted using ssh-to-age).
# Run `sops hosts/aragorn/secrets.yaml` to create the secret file.
# Run `sops updatekeys` for the host secrets if the SSH keys ever change.

# Generate a random machine-id file (should be confidential :v)
systemd-machine-id-setup --root /mnt/persist/

# Generate a fresh zpool.cache file.
# It will be symlinked later to /etc/zfs/zpool.cache using systemd-tmpfiles.
zpool set cachefile=/mnt/persist/etc/zpool.cache zroot

# Install the NixOS system
nixos-install --no-root-passwd --root /mnt --flake .#aragorn

# Unmount and reboot
umount -R /mnt
reboot

# To dry-run changes on each nixpkgs hash bump (doesn't need root privilege)
nixos-rebuild build --flake .#aragorn && nvd diff /run/current-system result
# Reconfigure the installed system in the future
nixos-rebuild switch --flake .#aragorn

Credits