Leveraging nix, nix-os and other funny magic man words to apply machine and home configurations
Having used a variety of infracture as code solutions - and having found them lacking in some areas, it is time to give nix a go. Frustrations with other methods tend to be bitrot and config drift - very annoying to want to do a quick disaster recovery and find your have different versions of modules/utilities, breaking changes in code you didnt catch, etc.
To Install
# nixos-rebuild switch --flake github:truxnell/nix-config#HOST
- Learn nix
- Mostly reproduce features from my existing homelab
- Replace existing ubuntu-based 'NAS'
- Expand usage to other shell environments such as WSL, etc
- handle secrets - decide between sweet and simple SOPS or re-use my doppler setup.
- keep it simple, use trusted boring tools
- Github Actions update fly.io instances (Bitwarden)
- Bring over hosts
- DNS01 Raspi4
- DNS02 Raspi4
- NAS
- Latop
- Gaming desktop
- WSL
- JJY emulator Raspi4
- Documentation!
- ssh_config build from computers?
- Modularise host to allow vm builds and hw builds
- Add license
- Add taskfiles
- Ensure secrets are grabbed from note and all sops re-encrypte with task sops:re-encrypt
- Add to relevant github action workflows
- Add to .github/settings.yaml for PR checks
cd ~/dotfiles
sudo nixos-rebuild switch --flake .
# This will automatically pick the configuration name based on the hostname
Applying configuration changes to a remote machine can be done as follows:
cd ~/dotfiles
nixos-rebuild switch --flake .#nameOfMachine --target-host machineToSshInto --use-remote-sudo
Eval config to see what keys are being set.
nix eval .#nixosConfigurations.rickenbacker.config.security.sudo.WheelNeedsPassword
nix eval .#nixosConfigurations.rickenbacker.config.mySystem.security.wheelNeedsPassword
And browsing whats at a certain level in options - or just use nix-inspect TUI
nix eval .#nixosConfigurations.rickenbacker.config.home-manager.users.truxnell --apply builtins.attrNames --json
Quickly run a flake to see what the next error message is as you hack.
nixos-rebuild dry-run --flake . --fast --impure