chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions
No description
10813 commits 2 branches 0 tags 19 MiB
Find a file
Charlotte Van Petegem a921907af0
All checks were successful
Cachix / build (elendel) (push) Successful in 1m17s
Details
Cachix / build (lasting-integrity) (push) Successful in 1m8s
Details
Cachix / build (marabethia) (push) Successful in 1m23s
Details
Cachix / build (urithiru) (push) Successful in 1m22s
Details
Cachix / build (kholinar) (push) Successful in 2m2s
Details
Update dependencies
2024-11-27 13:35:49 +01:00
.forgejo/workflows actions: Fix forgotten reference to action that is only on github 2024-11-11 01:57:16 +01:00
machines urithiru: Send accentor dataset to elendel as well 2024-11-12 23:53:04 +01:00
modules emacs: Use emacs-stable on nixos 2024-11-26 10:59:41 +01:00
patches Update dependencies 2024-11-21 13:53:20 +01:00
secrets ssh: change some host configuration 2024-11-22 22:51:43 +01:00
shells shells/silverfin: Add llvm 2024-11-25 09:46:56 +01:00
flake.lock Update dependencies 2024-11-27 13:35:49 +01:00
flake.nix git: Move to forgejo and migrate to marabethia 2024-11-10 22:17:09 +01:00
license.md Update license.md 2020-09-27 14:41:25 +02:00
README.md Move foreign dev shells to flake outputs 2022-04-30 16:25:31 +02:00
remote.sh Build and push to cachix 2022-01-11 21:44:13 +01:00
secrets.nix matrix-synapse: Move to marabethia 2024-11-11 18:59:52 +01:00
update.sh git pull instead of nix flake update since actions does the update for me 2022-01-14 09:43:57 +01:00

README.md

NixOS config

Secrets

Secrets should never be world-readable, even to users who are logged in to one of the hosts managed by this configuration. These are generally managed by agenix, allowing them to still be put in the nix store.

Setting up a new dev environment

  • Add a shell to the devShells output in flake.nix.

  • Execute use_flake /path/to/repo#name-of-shell > .envrc to initialize the .envrc file.

  • Execute direnv allow to load the .envrc file which in turn loads your environment.

Setting up ZFS

  1. Create three partitions:

    • Boot
    • Swap
    • ZFS

    For example:

    sgdisk -n 0:0:+512MiB -t 0:EF00 -c 0:boot $DISK
sgdisk -n 0:0:+32GiB -t 0:8200 -c 0:swap $DISK
sgdisk -n 0:0:0 -t 0:BF01 -c 0:ZFS $DISK

  2. Configure swap and boot as usual.

  3. Create ZPool:

    zpool create -O mountpoint=none -O encryption=aes-256-gcm -O keyformat=passphrase rpool $ZFS_PART

    Leave out -O encryption=aes-256-gcm -O keyformat=passphrase if you don't want to fully encrypt the ZFS partition.

  4. Create datasets:

    zfs create -o mountpoint=legacy rpool/local/root
zfs snapshot rpool/local/root@blank
zfs create -o mountpoint=legacy rpool/local/nix
zfs set compression=lz4 rpool/local/nix
zfs create -o mountpoint=legacy rpool/local/cache
zfs set compression=lz4 rpool/local/cache
zfs create -o mountpoint=legacy rpool/safe/data
zfs set compression=lz4 rpool/local/data

  5. Mount datasets:

    mount -t zfs rpool/local/root /mnt
mkdir /mnt/nix
mount -t zfs rpool/local/nix /mnt/nix
mkdir /mnt/boot
mount $BOOT_PART /mnt/boot
mkdir /mnt/cache
mount -t zfs rpool/local/cache /mnt/cache
mkdir /mnt/data
mount -t zfs rpool/safe/data /mnt/data

  6. Configure Host ID

    Set networking.hostid in the nixos config to head -c 8 /etc/machine-id.