A nix config based flakes.
- nixos, darwin and wsl2 support
- impermanence with btrfs
- disk manage by disko
- home manage by home-manager
- manage user and host info by settings file
- can set different ability to different host for single user
- manage development environment by devenv
- manage secert by sops
- ...
├── home # home manage
│ └── __global # global config for user
| ├── __darwin # darwin config specific for user
| └── __nixos # nixos config specific for user
│ ├── __optional # optional config for user
│ └── * # user dir
│ ├── default.nix # user config
│ ├── pgp-public-key.asc # public pgp key for gpg
│ ├── ssh-authorized-keys.pub # ssh authorized keys
│ └── <hostname>.nix # special host config for user
├── hosts # host manage
│ └── __global # global config for host
| ├── __darwin # darwin config specific for host
| └── __nixos # nixos config specific for host
│ ├── __optional # optional config for host
│ └── * # host dir
│ ├── configuration.nix # host config
│ ├── hardware-configuration.nix # generated by nixos-generate-config
│ ├── disko-config.nix # disko config
│ ├── secrets.yaml # secrets for current host
│ ├── ssh_host_ed25519_key.pub
│ └── ssh_host_rsa_key.pub
│ └── secrets.yaml # secrets for all host
├── lib # some useful lib for nix
├── modules
│ ├── darwin
│ └── nixos
├── overlays
├── pkgs
├── shell # shell managed with devenv
├── .envrc # env file for direnv
├── default.nix # entry point
├── flake.nix # flake config
├── settings.nix # settings for user and host
0. Manage keys for sops (optional)
Generate ssh keys, name as:
ssh_host_rsa_key ssh_host_ed25519_key
copy these keys to right position (eg: /etc/ssh) after install and before first reboot,
change key (not include pub) file mode, chmod 0600 /path/to/key
use another key.txt file when decrypting, like:
sudo SOPS_AGE_KEY_FILE=/run/secrets.d/age-keys.txt sops hosts/secrets.yaml
-
Boot from nixos live cd
-
Clone this repo
-
CD to current repo dir
-
Enable flakes environment
# enable flakes in live
export NIX_CONFIG="experimental-features = nix-command flakes"
# enable flakes environment
nix develop-
Manage disk and partition
-
By disko:
Need add disko config file in
host/<hostname>/and import inhost/<hostname>/configuration.nixfile before. More disko config example, see github:nix-community/disko/example## **Be aware of data** disko --mode disko --flake /absolute/path/to/current/repo#<hostname> # check label, lsblk -o name,fstype,label,mountpoints,parttypename,partlabel,size # set manually if not exit or not same with hostname btrfs filesystem label /dev/<part> <hostname>
-
By hand:
Just like a regular linux installation. Partition, format, and mount.
-
-
Generate
hardware-configuration.nix
# if you manage disk by disko
nixos-generate-config --no-filesystems --root /mnt
# else by hand
nixos-generate-config --root /mntThen copy hardware-configuration.nix to host/<hostname>/ dir. And import it in host/<hostname>/configuration.nix file.
- Install
# install
nixos-install --flake .#<hostname> --show-trace --no-root-passwd- Reboot
NOTE: Before reboot, make sure you have copied ssh keys to right position and change file mode if needed (see step 0).
rebootsudo nixos-rebuild switch --flake .#<hostname> --show-traceAdd new user inside userAttrs. And then add user nix file in home/<username>/.
-
default.nixis needed. Like this:# See https://nix-community.github.io/home-manager/options.xhtml {inputs, outputs, host, user, pkgs, ... }: { imports = [ ../__optional/cli ]; }
-
<hostname>.nixis optional. Just create and config it if you want to set extra for target host.
Add new host inside hostAttrs. And then add host nix files in host/<hostname>/.
-
configuration.nixis needed.Like this:
{ config, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix ../__optional/systemd-boot.nix ]; # See https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "23.11"; # Did you read the comment? }
-
hardware-configuration.nixis needed.This is be generated by nix command when you install above. Just copy it to here.
-
ssh_host_ed25519_key.pubis optional. -
ssh_host_rsa_key.pubis optional.
A attr inside userAttrs in settings file. Key is username, value is a attrset.
| Key | Type | Required | Description |
|---|---|---|---|
| username | string | true | username |
| usernameAlternative | string | false | alternative username |
| usernameFull | string | false | full name |
| useremail | string | false | |
| initialPassword | string | true | initial password |
| persistence | set | false | persistence config, reference the impermanence |
| usernameKeyForGit | string | false | key for git. If not set, use username |
A attr inside hostAttrs in settings file. Key is hostname, value is a attrset.
| Key | Type | Required | Description |
|---|---|---|---|
| hostname | string | true | hostname |
| os | string | true | os |
| system | string | true | system |
| device | string | false | device |
| impermanence | bool | false | whether to use impermanence |
| persistencePath | string | false | used by impermanence, absolute path |
| userAttrs | set | true | user config, reference the user, also can inherit directly |
| allowedPorts | list | false | used by firewall |
| allowedPortRanges | list | false | used by firewall |
- docs for darwin usage
- manage sops with system-wide under darwin
Misterio77/nix-config: Personal nixos and home-manager configurations. (github.com)