alyraffauf/nixcfg
1
0
Fork 0
mirror of https://github.com/alyraffauf/nixcfg.git synced 2024-11-21 13:23:54 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity
Page: Tips & Tricks
Pages
Home Hosts Hyprland Tips & Tricks
3 Tips & Tricks
Aly Raffauf edited this page 2024-06-10 19:57:09 -04:00
Table of Contents

Provisioning New Devices

  1. Create hosts/$HOSTNAME/default.nix and other host-specific nix modules (e.g. disko.nix,hardware.nix, and home.nix).
  2. Add host to nixosConfigurations in flake.nix.
  3. (OPTIONAL) Generate a cert.pem, key.pem, and device ID for Syncthing with syncthing -generate=$HOSTNAME. Find the device ID in the generated config.xml and add it to nixosModules/services/syncthing/default.nix, encrypt the cert and key with agenix, and set them as appropriate in the host configuration.
  4. Install NixOS from this flake. Secrets will not be available on first boot.
  5. Copy the new system's public SSH key (/etc/ssh/ssh_host_ed25519_key.pub) to the host configuration (secrets/publicKeys/root_$HOSTNAME.pub).
  6. Add the new public key to secrets/secrets.nix and rekey all secrets with agenix --rekey.
  7. Rebuild the new system from git. Secrets will be automatically decrypted and immediately available in /run/agenix/.
  8. (OPTIONAL) Generate a new user SSH key and add it to nixosModules/users/default.nix in order to enable passwordless logins to other hosts.

Declarative WiFi Connections

WiFi networks can be configured declaratiely in nixosModules/system/wifi.nix using config.networking.networkmanager.ensureProfiles.profiles, provided by nixpkgs.

nm2nix can generate nix code for all WiFi networks currently configured in /etc/NetworkManager/system-connections/ and /run/NetworkManager/system-connections with the following command:

sudo su -c "cd /etc/NetworkManager/system-connections && nix --extra-experimental-features 'nix-command flakes' run github:Janik-Haag/nm2nix | nix --extra-experimental-features 'nix-command flakes' run nixpkgs#nixfmt-rfc-style"

Secrets (passwords, certificates, and identities) are supported, but must be declared and available as variables with agenix. They will be replaced upon activation with envsubst.

In short,

  1. Manually configure the WiFi network on one device.
  2. Export configuration to nix with nm2nix.
  3. Add secrets to secrets/wifi.age as variables (e.g. MYPSK=1234567890)
  4. Edit the code generated by nm2nix to reference $MYPSK instead of directly declaring the WPA password.
  5. Commit and push changes.
  6. Rebuild hosts as required to propogate your new WiFi configuration.