Repo for nix configuration files
Find a file
2024-08-13 12:03:34 +09:00
.forgejo/workflows Update, add ovh-server, redo relay 2024-07-07 11:11:15 +09:00
docs Update README 2024-07-31 08:30:56 +09:00
home-manager Updates 2024-07-30 22:22:49 +09:00
keys Remove traces of win10-desktop and update ssh-luks with new desktop 2024-07-28 08:45:09 +09:00
lib Update images 2024-07-15 20:39:14 +09:00
nixos Update Traefik 2024-08-13 12:03:34 +09:00
secrets update things 2024-08-07 19:52:46 +09:00
stylix Testing 2024-06-12 19:15:32 +09:00
wallpapers@8ed82c9afa Update sakura-day theme 2024-02-15 08:22:41 +09:00
.gitmodules test 2024-01-29 19:47:17 +09:00
.sops.yaml Update sops and haproxy configs 2024-08-05 21:16:28 +09:00
flake.lock Update flake 2024-08-11 03:57:50 +02:00
flake.nix Updates 2024-07-30 22:22:49 +09:00
README.md updates 2024-08-05 11:46:09 +09:00
shell.nix update keys 2024-06-24 20:58:31 +09:00

NixOS Configuration Repository

NOTE: These configs expect this repo to be cloned to /etc/nixos/git/

  • Clone this repo
sudo git clone https://git.sysctl.io/albert/nix /etc/nixos/git
sudo chown -R albert:root /etc/nixos/git
# or, with wallpapers
sudo git clone --recursive https://git.sysctl.io/albert/nix /etc/nixos/git
sudo chown -R albert:root /etc/nixos/git
  • Installation:
nixos-install <Hostname> [<Username>]
# or 
./docs/install.sh <Hostname> [<Username>]
  • Post install (home-manager, secrets, etc)
nix develop -c /etc/nixos/git/docs/setup.sh

Machines

Name Category Description Status Deployments
osaka-linode-01 Linode Osaka Linode relay for sysctl.io external connections ✔️ ✔️
milan-linode-01 Linode Milan Linode DERP relay for Tailscale ✔️ ✔️
frankfurt-linode-01 Linode Frankfurt, Germany alternate relay for external conns ✔️ ✔️
framework-server Server sysctl.io - main server, framework 13th gen mainboard ✔️ ✔️
warsaw-ovh-01 Server Warsaw OVH server, backup for framework-server ✔️ ✔️
nuc-server Server ON HOLD
nixos-desktop Personal My main desktop ✔️
nixos-framework Personal My AMD Framework 13 laptop ✔️
steamdeck Personal Valve Steam Deck gaming console ✔️ ✔️
piaware-rpi4 Raspberry Pi Raspberry Pi for FlightAware flight tracking software ✔️ ✔️
backups-rpi4 Raspberry Pi Raspberry Pi for rsync backups ✔️ ✔️
bakersfield-rpi4 Raspberry Pi Raspiberry Pi in Bakersfield, Headscale Exit Node ✔️ ✔️
quitman-rpi4 Raspberry Pi ON HOLD

Images

Name Description Build Commands
nixos-iso-console Console ISO image of this flake for installing nix build .#imageConfigurations.nixos-iso-console
nixos-iso-desktop Gnome ISO image of this flake for installing nix build .#imageConfigurations.nixos-iso-desktop
nixos-linode-img Image of this flake for use on Linode nix build .#imageConfigurations.nixos-linode-img
nixos-rpi4-img Image of this flake for use on Raspberry Pi 4's nix build .#imageConfigurations.nixos-rpi4-img

📋 To Do List

  • Add audio to rdesktop xrdp config
  • Framework volume buttons don't work on KDE
    • Intermittent
    • Always after reboot
  • KDE not saving HDR / high frame rate settings on Wayland
  • Figure out a way to pass through GPG AND SSH authentications via SSH (so I can use my YubiKey on my server remotely)
  • High I/O write causing issues on framework-server - Figure out where this is coming from. Seems random

home-manager

  • KDE:
    • Add config for tiling
    • Try Darkman - Link
  • Firefox:
    • Find a way to remove all default search engines (Google, Amazon, Yahoo!, etc)
    • Pre-defined containers with URLs to match? (ie, Google container opens Google stuff automatically)
    • Arkenfox interfering with some audio settings (media.mediasource, for example)

Homelab General

  • Upgrades:
    • Headscale 0.23 - Need to update the web ui
  • New Features:
    • Add fail2ban to Traefik
      • Check other open ports

Completed To Do List here


Information

🏠 Home Manager

  • Home Manager Documentation - Link
  • Home Manager Options Search - Link

❄️ NixOS

  • nix.dev - Official Nix Documentation - Link
  • NixOS Documentation - Stable - Link
  • NixOS Packages / Options Search - Link
  • Nix User Repository (NUR) Search - Link
  • ARM NixOS Building - Link
  • NixOS Manual - Link
  • FlakeHub - Link
  • Flakestry.dev - Link
  • Track a Nixpkgs PR - Link
  • Awesome-Hyprland - Link

🌐 Examples

  • Tons of good examples here - Link
  • NixOS Flakes Intro Guide - Link

👀 Theming

  • Neofetch Themes - Link
  • Stylix - Link
  • Hyprland Inspirations
  • Base16 Color Schemes - Link

🔒 Lanzaboote / SecureBoot

  • Instructions here - Link

🔒 Generic Instructions:

  1. Create your keys: sbctl create-keys
  2. Verify your machine is ready for SecureBoot: sbctl verify - Everything except *-bzImage.efi are signed
  3. Enter Secureboot Setup mode in your EFI Settings on the motherboard (F10)
    • Security -> SecureBoot -> Set to Enabled and "Reset to Setup Mode" and exit
  4. Enroll the keys: sbctl enroll-keys --microsoft
    • If you wish, you can select --tpm-eventlog, but checksums will change later (ie, at a kernel rebuild)
  5. Reboot and verify you are activated: bootctl status

💻 Framework Specific:

  1. Change boot import from boot.nix to secureboot.nix in ./nixos/hosts/<hostname>/default.nix
  2. Run rebuild-host to switch from boot.nix to secureboot.nix
  3. Reboot into EUFI and set SecureBoot settings to:
    • Enforce Secure Boot - Enabled
    • Erase all Secure Boot Settings - Enabled
    • Restore Secure Boot to Factory Settings - Disabled
  4. Save and reboot
  5. Run sudo sbctl create-keys
  6. Run sudo sbctl enroll-keys
  7. Reboot and verify with bootctl status

🗝️ Manual: GPG Keys

  1. Import the user private key: gpg --import gpg/users/albert/privkey.asc
  2. Mark it as trusted: gpg --edit-key albert@sysctl.io, then type trust, then 5
  3. On each new machine, run sudo nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o /etc/nixos/git/keys/hosts/$(hostname).asc"
    • This will output the identifier you add to .sops.yaml
    • Move HOSTNAME.asc to keys/hosts/ and upload to git and rename accordingly.

🔐 Secrets

  1. Run nix-develop in /etc/nixos/git to import new keys
  2. To edit a file: sops secrets/file.yml"
  3. When you add a new machine, you must update the secrets files encryption.
    • Ensure .sops.yaml has the updated fingerprint and file mappings.
    • Run sops updatekeys secrets/file.yaml and commit the change.

Troubleshooting

  1. To troubleshoot disko issues, this command can come in handy:
 nix eval .#nixosConfigurations.`hostname`.config.disko.devices._config

Directory Structure

/etc/nixos/git/
├── docs
├── home-manager
│   ├── common
│   │   ├── desktops
│   │   └── software
│   │       ├── cli
│   │       └── gui
│   ├── hosts
│   └── users
├── keys
│   ├── hosts
│   ├── ssh
│   └── users
├── lib
├── nixos
│   ├── common
│   │   ├── desktops
│   │   ├── modules
│   │   ├── packages
│   │   ├── services
│   │   └── software
│   │       ├── cli
│   │       └── gui
│   ├── hosts
│   ├── containers
│   └── users
├── secrets
│   ├── containers
│   └── hosts
├── stylix
│   ├── common
│   └── themes
└── wallpapers