Overview

A Quick Note of Thanks This repo was heavily influenced (and parts of it shamelessly taken from) Misterio77's nix-config repo. Without his work, this repo would not be possible.

This repository holds my NixOS infrastructure. I don't claim to be a Nix or NixOS expert. I don't work in DevOps and I'm very much still learning this language/package manager/ OS, this is just a hobby of mine that's been a lot of fun to play with. With that being said, I hope you find something useful while you're here!

One Config to rule them all, One Config to find them; One Config to bring them all and in the Nix Language bind them.

Systems

Name	Purpose	Hardware
aeneas	Personal Laptop	AMD Framework 13in
achilles	Personal Desktop	AMD Ryzen 5 Nvidia 3050
maul	Offsite Backup Server	HP EliteBook 8460p
saruman	Local AI Server Octoprint Server Jellyfin Server	AMD Ryzen 5 Nvidia 1080
vader	Test Machine Xonotic Server	Proxmox VM
phantom	Tailscale Subnet Router Syncthing Server Radicale Server Blocky DNS Server	Proxmox VM
atreides	Blocky DNS Server Homepage-dashboard Traefik Reverse Proxy	Proxmox VM

Features

• disk configuration via disko with various features including:
  • btrfs subvol setup and encryption (usb and password based encryption)
  • labeling drives
  • blank root subvol snapshotting for impermanence
• Tailscale autoenroll & connect
• impermanence with options for ignoring /home subvol
• secret management via sops-nix & git-crypt
• deployable via nixos-anywhere
• syncthing setup utilizing git-crypt for secret management of IDs.

ToDo

Desktop

• Tailscale NFS fix ✅ 2024-10-4
• Different DEs/TWM setups
  • Hyprland - WIP
    • Move manual dotfiles that cannot currently be configured by Home Manager
      • Hyprlock
      • Hypridle
      • kanshi
      • Hyprpaper
  • KDE ✅ 2024-07-12
• install wakeonlan ✅ 2024-02-20
• Steam ✅ 2024-07-12

Servers

• Colmena setup
• KVM Server (?)
• Standalone home manager config for wsl2 or Mac
• Tailscale Subnet Router ✅ 2024-03-10
• Syncthing ✅ 2024-03-10
  • username and password ✅ 2024-03-10
  • standalone server - make syncthing more configurable for all endpoints. ✅ 2024-03-10
• Homelab Dashboard - WIP
  • Basic config
  • Configure services (?)
  • Configure Widgets (?)
• Traefik Reverse Proxy ✅ 2024-03-20
  • Let's Encrypt auto cert renewal ✅ 2024-03-20
• Radicale CardDav and CalDav Server ✅ 2024-03-23
• Gitea server fix ✅ 2024-10-04
• Jellyfin in Nix, decom ubuntu docker server ✅ 2024-08-01
• Arion for docker compose configurations

Other

• Move all machines to an impermanence setup ✅ 2024-03-08
  • Need to redeploy maul.nix - Hardware refresh ✅ 2024-03-08
  • Set as part of global config ✅ 2024-03-08
• Investigate copy host keys in nixos-anywhere breaking on first deployment run. Might be breaking due to impermanence.
• immutable users as default ✅ 2024-02-20
• Clean up flake.nix
• Fix GitHub Action that should autoupdate flake.lock ✅ 2024-08-01
• Blocky DNS
  • Multiple Nodes connected via Redis (?)
  • Multiple Servers ✅ 2024-03-20
• Organize different parts of NixOS & home-manager nix configs
  • Figure out best way to consolidate configs for Desktop and Server (i.e have a function that checks what group the machine is in and apply settings - one file for packages, etc.)
• Disko configs for: ✅ 2024-03-01
  • achilles ✅ 2024-02-20
  • aeneas ✅ 2024-02-20
  • server template ✅ 2024-03-01
  • workstation template ✅ 2024-02-20

Notes

Deployment Steps

1. Create a disko config file for the remote machine
2. Make entries in flake.nix, create file hosts/<hostname>/configuration.nix
3. copy ssh key to machine
   1. create root login password on remote host
      1. On remote host at login screen switch to root user with sudo su
      2. create password with passwd
   2. From host machine use ssh-copy-id root@<ip> to copy your ssh key for the root user.
4. (optional) Test connection to the box with ssh root@<ip>.
   1. If on physical hardware run nixos-generate-config --no-filesystems --root /mnt per nixos-anywhere documentation. This allows you to get all the needed hardware specifics. You can also utilize the nixos-hardware flake repository.
5. (optional) If you want encryption on your disk, ensure the disko config has been setup for luks. If using an interactive encryption unlock, ensure the file on the remote machine is present. An example of this can be seen in the dekstop-template.nix file in this project.
6. (optional) If using sops nix, you'll need to grab the machine's host key in order for the machine to read secrets. Use the following command on the remote host: nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
7. Run the nixos-anywhere installation command: I've found that if you need to --copy-host-keys, you'll have to install nixos-anywhere in a shell. I usually do this anyway.
   1. nix-shell -p nixos-anywhere
   2. nixos-anywhere --copy-host-keys --flake '.#your-host' root@yourip

Documentation

• Misterio77's nix-config - the holy grail of nix configs.
  
• home-manager - userspace management.
  
• hardware - hardware quirks for various things.
  
• sops-nix - secrets management.
  
• impermanence - forcing reproducability and clean boots.
  
• disko - disk setups for machines.
  
• nixos-anywhere - remote deployment of machines.
  
• nix.dev - nix documentation
  
• Helpful Nix Tutorials and Docs - great nix tutorials and documentation I need to work through.
  
• Docker Compose to Nix Config - Easy way to convert existing docker compose files into Nix.