Skip to content

truxnell/nix-config

Repository files navigation

Truxnell's homelab

NixOS NixOS MIT License

renovate built with garnix Code Comprehension

Leveraging nix, nix-os and other funny magic man words to apply machine and home configurations

Repository Documentation

Background

Having used a variety of infracture as code solutions - and having found them lacking in some areas, it is time to give nix a go. Frustrations with other methods tend to be bitrot and config drift - very annoying to want to do a quick disaster recovery and find your have different versions of modules/utilities, breaking changes in code you didnt catch, etc.

Getting started

To Install

# nixos-rebuild switch --flake github:truxnell/nix-config#HOST

Goals

  • Learn nix
  • Mostly reproduce features from my existing homelab
  • Replace existing ubuntu-based 'NAS'
  • Expand usage to other shell environments such as WSL, etc
  • handle secrets - decide between sweet and simple SOPS or re-use my doppler setup.
  • keep it simple, use trusted boring tools

TODO

  • Github Actions update fly.io instances (Bitwarden)
  • Bring over hosts
    • DNS01 Raspi4
    • DNS02 Raspi4
    • NAS
    • Latop
    • Gaming desktop
    • WSL
    • JJY emulator Raspi4
  • Documentation!
  • ssh_config build from computers?
  • Modularise host to allow vm builds and hw builds
  • Add license
  • Add taskfiles

Checklist

Adding new node

  • Ensure secrets are grabbed from note and all sops re-encrypte with task sops:re-encrypt
  • Add to relevant github action workflows
  • Add to .github/settings.yaml for PR checks

Applying configuration changes on a local machine can be done as follows:

cd ~/dotfiles
sudo nixos-rebuild switch --flake .
# This will automatically pick the configuration name based on the hostname

Applying configuration changes to a remote machine can be done as follows:

cd ~/dotfiles
nixos-rebuild switch --flake .#nameOfMachine --target-host machineToSshInto --use-remote-sudo

Hacking at nix files

Eval config to see what keys are being set.

nix eval .#nixosConfigurations.rickenbacker.config.security.sudo.WheelNeedsPassword
nix eval .#nixosConfigurations.rickenbacker.config.mySystem.security.wheelNeedsPassword

And browsing whats at a certain level in options - or just use nix-inspect TUI

nix eval .#nixosConfigurations.rickenbacker.config.home-manager.users.truxnell --apply builtins.attrNames --json

Quickly run a flake to see what the next error message is as you hack.

nixos-rebuild dry-run --flake . --fast --impure

Links & References