Skip to content
/ nix-dotfiles Public

Personal dotfiles implemented using nix, nix-darwin, home-manager and ansible

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

szaffarano/nix-dotfiles

BranchesTags

Repository files navigation

NixOS Based dotfiles

pre-commit

Bootstrap

Preconditions

  1. Create a ssh keypair for the target machine

     # use a ramfs to not store the key in the disk
 mkdir -p /tmp/pki/ram && sudo mount -t tmpfs -o size=10M tmpfs /tmp/pki/ram
 mkdir -p /tmp/pki/ram/etc/ssh && cd /tmp/pki/ram/etc/ssh
 ssh-keygen -t ed25519 -C <some comment> -f ssh_host_ed25519_key
 ssh-keygen -t rsa -C <some comment> -f ssh_host_rsa_key

  2. Generate an age recipient using the above public key (using the ssh-to-age tool)

     ssh-to-age  -i ssh_host_ed25519_key.pub -o ssh_host_ed25519_key.pub.age
 ssh-to-age -private-key  -i ssh_host_ed25519_key -o ssh_host_ed25519_key.age

  3. Update the .sops.yaml configuration file adding the age recipient.

  4. Generate secrets for this machine using both the root and your key recipients. Example for the OS user:

         # copy the following command output
     openssl passwd -6

     # Add or edit the secrets.yaml file
     sops system/<machine-name>/secrets.yaml

New machine configuration

  1. Based on an existent configuration, create a new one under the system, e.g., ./system/<machine-name>/default.nix. Pay attention to the Disko configuration file to avoid any hard-to-recover mistakes.

  2. Same as above but with home-manager configurations, under users, e.g., ./users/<user-name>/<machine-name>.nix

  3. Boot the new machine using nixos-anywhere. Eventually, you would need to install rsync, nix-env -iA nixos.rsync in the target machine.

  4. Run nixos-anywhere in the host machine, including the SSH keys generated as preconditions.

     tree /tmp/pki/ram
 /tmp/pki/ram
 └── etc
     └── ssh
         ├── ssh_host_ed25519_key
         ├── ssh_host_ed25519_key.age.pub
         └── ssh_host_ed25519_key.pub

 # copy the pub keys as part of the new machine's configuration
 cp /tmp/pki/ram/etc/ssh/*pub ./system/<machine-name>

 nix run github:nix-community/nixos-anywhere -- \
     --flake .#<machine-name> \
     --extra-files /tmp/pki/ram root@<new-machine-ip>

  5. Once finished, login in to the new machine, clone the repo and run home-manager

     ssh <user-name>@<new-machine-ip>
 git clone https://github.com/szaffarano/nix-dotfiles .dotfiles
 cd .dotfiles
 home-manager switch --flake .

Raspberry Pi

  1. Build RPI image

     nix build '.#nixosConfigurations.<name>.config.system.build.sdImage'

  2. Flash the image

     unzstd result/sd-image/nixos-sd-image-....img.zst -c > nixos-sd-image.img
 dd if=nixos-sd-image.img | pv | sudo dd of=/dev/mmcblk0 bs=64k

  3. After booting, update the ssh keys

      # mount the NIXOS_SD partition
  sudo cp /tmp/pki/ram/ssh/... /nixos/partition/etc/ssh/...

  4. Remote deploy

     nixos-rebuild switch --flake .#<name> --target-host sebas@<ip>  --use-remote-sudo

About

Personal dotfiles implemented using nix, nix-darwin, home-manager and ansible

Topics

linux dotfiles ansible nix nixos darwin sway

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages