Nix geht mehr!
| common | ||
| hosts | ||
| modules | ||
| packages/disk | ||
| profiles | ||
| secrets | ||
| .envrc | ||
| .gitignore | ||
| flake.lock | ||
| flake.nix | ||
| lib.nix | ||
| LICENSE | ||
| pubkeys.nix | ||
| README.md | ||
| treefmt.nix | ||
❄️ puter
This is my cobbled together NixOS configuration. There are many like it, but this one is mine. Copy at your own risk.
Structure
- common: Sane defaults that make sense to use for every host.
- modules: Regular NixOS modules.
- profiles: Higher-level NixOS modules that conform to different roles that a host may have.
- packages: Packages that I couldn't fit anywhere else.
- secrets: Agenix secrets.
- hosts: Hosts exposed in
nixosConfigurations. - pubkeys.nix: Nix expression with all my SSH public keys, used for OpenSSH, Agenix and Restic.
- lib.nix: Nixpkgs' lib with some extra functionality.
Ports
- 80X0: Public HTTP services that are proxied through nginx
- 40X0: Syncthing instances (4000 being the system instance, subsequent ones are for individual users)
Installation
nix run git+https://codeberg.org/helvetica/puter.git#disk /path/to/disk
# TODO: Configure additional disks
mkdir -p /mnt/etc/ssh
cat > /mnt/etc/ssh/ssh_host_ed25519_key
chmod 600 /mnt/etc/ssh/ssh_host_ed25519_key
ssh-keygen -f /mnt/etc/ssh/ssh_host_ed25519_key -y > /mnt/etc/ssh/ssh_host_ed25519_key.pub
nixos-install --no-root-password --flake git+https://codeberg.org/helvetica/puter.git#hostname
systemd-cryptenroll
systemd-cryptenroll /dev/sdX --tpm2-device=auto
Create tar for sbctl
sudo sbctl create-keys
sudo tar --create --directory /var/lib/sbctl . | agenix -e secure-boot/hostname.tar.age
TODO
- Lanzaboote
- Monitoring
- Rom sync
- insomniac backups
- nginx websites