alyraffauf/nixcfg
1
0
Fork 0
mirror of https://github.com/alyraffauf/nixcfg.git synced 2024-11-22 02:13:55 -05:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
nixcfg/hosts
History
Aly Raffauf 3671401d62
Some checks are pending
git-mirror / gitlab-sync (push) Waiting to run
Details
nix-build / default-build (push) Waiting to run
Details
nix-build / fallarbor-build (push) Waiting to run
Details
nix-build / lavaridge-build (push) Waiting to run
Details
nix-build / mauville-build (push) Waiting to run
Details
nix-build / petalburg-build (push) Waiting to run
Details
nix-build / rustboro-build (push) Waiting to run
Details
nix-check / fmt-check (push) Waiting to run
Details
nix-check / eval-check (push) Waiting to run
Details
theme: overhaul (#78) 
* add nord css

* waybar: workaround to avoid hardcoding rgba colors

* alacritty: fix fotn references

* kitty: add custom theme

* waybar: fmt

* aly: remove zed transparency rules

* theme: customize adwaita

* aly: set colors

* desktop: borders 2px -> 4px

* mako: increase border size

* theme: add teritiary color

* hyprland: ignorezero for rofi

* theme: remove teritary color option

* rofi: dynamic theme

* waybar: cleanup

* aly: override helix theme to rose-pine-moon

* return to old defaults

* theme: restore gtk recoloring

* waybar: remove transparency

* aly/theme: mtch rosé pine font color

* theme: add global border-radius options

* theme: add borderRadius

* mauville: override with rose pine dawn colors

* mauville: force override with rose pine dawn colors
2024-08-09 18:16:46 -04:00
..
common hosts: better rebootWindow + don't reboot on autoupgrade 2024-08-07 11:12:49 -04:00
fallarbor Revert "fallarbor: enable hyprland" 2024-08-07 19:40:35 -04:00
lavaridge lavaridge: change easyeffects preset 2024-07-28 12:58:22 -04:00
mauville theme: overhaul (#78) 2024-08-09 18:16:46 -04:00
petalburg petalburg: remove pp-adjuster 2024-08-03 17:46:31 -04:00
rustboro theme: add font options (#76) 2024-08-07 23:09:31 -04:00
README.md hosts: update README.md 2024-08-05 16:51:19 -04:00

README.md

Hosts

Overview

Host-specific configuration + common modules that aren't better expressed as options & flake outputs. All hosts are configured with agenix, disko, and nixhw.

Automatic Updates

These hosts update themselves automatically, once a day, by rebuilding from one of two sources: directly from this repository's master branch or from FlakeHub. This can be adjusted by overriding the value of config.environment.variables.FLAKE.

FlakeHub allows semantic versioning, which means that these hosts build from the lattest tag published to FlakeHub with format v0.0.0. I try to follow the semantic versioning 2.0 standard, though this may not always be the case.

You can access the latest tagged commit from this repository with this url: https://flakehub.com/f/alyraffauf/nixcfg/*.tar.gz.

Declarative WiFi Connections

WiFi networks can be configured declaratiely in wifi.nix using config.networking.networkmanager.ensureProfiles.profiles, provided by nixpkgs. I also provide helper functions for common wifi security types.

nm2nix can generate nix code for all WiFi networks currently configured in /etc/NetworkManager/system-connections/ and /run/NetworkManager/system-connections with the following command:

sudo su -c "cd /etc/NetworkManager/system-connections && nix --extra-experimental-features 'nix-command flakes' run github:Janik-Haag/nm2nix | nix --extra-experimental-features 'nix-command flakes' run nixpkgs#nixfmt-rfc-style"

Secrets (passwords, certificates, and identities) are supported, but must be declared and available as variables with agenix. They will be replaced upon activation with envsubst.

In short,

  1. Manually configure the WiFi network on one device.
  2. Export configuration to nix with nm2nix.
  3. Add secrets to secrets/wifi.age as variables (e.g. MYPSK=1234567890)
  4. Edit the code generated by nm2nix to reference $MYPSK instead of directly declaring the WPA password.
  5. Commit and push changes.
  6. Rebuild hosts as required to propogate your new WiFi configuration.

Provisioning New Devices

  1. Create hosts/$HOSTNAME/default.nix and other host-specific nix modules (e.g. disko.nix,hardware.nix, and home.nix).
  2. Add host to nixosConfigurations in flake.nix.
  3. (OPTIONAL) Generate a cert.pem, key.pem, and device ID for Syncthing with syncthing -generate=$HOSTNAME. Find the device ID in the generated config.xml and add it to nixosModules/services/syncthing/default.nix, encrypt the cert and key with agenix, and set them as appropriate in the host configuration.
  4. Install NixOS from this flake. Secrets will not be available on first boot without a valid SSH private key.
  5. On a separate PC, copy the new system's public SSH key (/etc/ssh/ssh_host_ed25519_key.pub) to the host configuration (secrets/publicKeys/root_$HOSTNAME.pub).
  6. Add the new public key to secrets/secrets.nix, rekey all secrets with agenix --rekey, and push your changes to master.
  7. Rebuild the new system from git. Secrets will be automatically decrypted and immediately available in /run/agenix/ for NixOS and $XDG_RUNTIME_DIR/agenix/ for users.
  8. (OPTIONAL) Generate a new user SSH key and add it to nixosModules/users/default.nix in order to enable passwordless logins to other hosts.