A mix of system- & user-level configurations for the machines that I administer; shared here for convenience and in case anyone else finds them useful.
flake/- "flake modules" to be used withflake-partsdevshells.nix- system-agnostic development shellsmacos.nix- macOS configuration targetsnixos.nix- NixOS configuration targetsuser.nix- user-level configuration targets
config/disks/- declarative disk partition configuration, courtesy ofdiskoprofiles/- collections of configuration options from which high-level system "profiles" are comprised- e.g.
profiles/user/base.nixis a user-level profile for all systems
- e.g.
hosts/- system & user configs for the different hosts administered heremodules/- custom modules used in system- or user-level configurationoverlays/- just what it says: any overlays that should be applied to the package sets used hereinscripts/- shell scripts & other utilities
TODO
- init with colmena
- test out remote builds
- a macOS host should be able to deploy a config to a NixOS/Linux target
- test out binfmt emulation
- a x86_64-linux host should be able to build an aarch64-linux deployment locally (i.e. cross-arch) and then deploy it to a target
- try this out with some native images for a Raspberry Pi built on an
x86_64-linuxmachine
- minimize plaintext keys stored on device with secrets
- plaintext keys should only decrypt system partitions
- all data partitions (and associated services) await some corresponding
systemdunit, which indicates that the secret has been supplied - MVP is just reading from some plaintext files on the host
- later iteration
- be very careful to always permit SSH access (leave allowed public keys in the config file) so as to avoid having to manually connect up to the machine and debug