Skip to content

jelni/nix-configuration

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

296 Commits
.github
.github
 
 
assets
assets
 
 
hosts
hosts
 
 
modules
modules
 
 
secrets
secrets
 
 
symbols
symbols
 
 
wallpapers
wallpapers
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 

Repository files navigation

nix-configuration

my NixOS configuration. it uses Nix flakes, Lix, blueprint, Home Manager, agenix, SrvOS, and some woke modern software like uutils or doas.

profiles

this configuration is comprised of NixOS and Home Manager profiles that enable corresponding NixOS and Home Manager modules. this list documents when each profile should be used for a host.

NixOS

  • base – all hosts
  • baremetal – hosts where the boot process should be configured
  • utilities – hosts that are interacted with using the command line
  • userspace – hosts that are interacted with using a graphical interface
  • server – hosts that serve my services
  • wsl – Windows Subsystem for Linux hosts
  • framework-16-7040-amd – hosts that are the Framework Laptop 16 (AMD Ryzen™ 7040 Series)
  • nvidia – hosts that have an NVIDIA graphics card
  • latest-zfs-kernel – bare metal hosts that don't have an NVIDIA graphics card

Home Manager

  • base – all hosts
  • baremetal – hosts where the boot process should be configured
  • utilities – hosts that are interacted with using the command line
  • userspace – hosts that are interacted with using a graphical interface
  • wsl – Windows Subsystem for Linux hosts
  • wsl-1password – Windows Subsystem for Linux hosts that run 1Password on Windows

new host setup

a few imperative steps are required when installing NixOS on a new device.

  • reset Secure Boot settings in BIOS

  • create a 1 GiB FAT32 partition with a NIXBOOT label, and a cleared partition

  • configure ZFS

    • create a zpool

      zpool create -O atime=off -O encryption=on -O keyformat=passphrase -O mountpoint=none -O utf8only=on -R /mnt zpool /dev/<cleared-partition>

    • create volumes

      zfs create zpool/root -o mountpoint=/
zfs create zpool/nix -o mountpoint=/nix
zfs create zpool/var -o mountpoint=/var -o com.sun:auto-snapshot=true
zfs create zpool/home -o mountpoint=/home -o com.sun:auto-snapshot=true

  • create a new entry in hosts

    • set kernel modules detected by nixos-generate-config
    • generate the host SSH key, and encrypt secrets with it
    mkdir --parents /mnt/etc/ssh
ssh-keygen -f /mnt/etc/ssh/ssh_host_ed25519_key -N "" -t ed25519

  • enroll Secure Boot keys

    nix-shell -p sbctl
sbctl create-keys
sbctl enroll-keys --firmware-builtin --microsoft
cp --archive /var/lib/sbctl /mnt/var/lib/

  • mount /boot

    mount --mkdir /dev/disk/by-label/NIXBOOT /mnt/boot

  • install NixOS

    nixos-install --flake #<hostname>

  • allow the new system with a different host ID to import the zpool

    zpool export zpool

  • reboot, and enable Secure Boot in BIOS

  • done!

About

my work-in-progress NixOS configuration.

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

4 stars

Watchers

0 watching

Forks

1 fork
Report repository

Contributors

Languages