.forgejo/workflows | ||
.github/workflows | ||
modules | ||
nixos | ||
overlays | ||
pkgs | ||
secrets | ||
.ci.sdImages.sh | ||
.ci.sh | ||
.gitignore | ||
ci-secrets.nix | ||
flake.lock | ||
flake.nix | ||
meta.nix | ||
README.md | ||
secrets.nix |
My personal NixOS infrastructure configurations
This repository contains configurations for Most™ of my NixOS machines.
All of the host configurations are deployable using
deploy-rs,
colmena, and plain old nixos-rebuild
. See
deploy.nodes
and colmena
crimes in flake outputs for details how. Initial
host deploment, sadly, needs to happen manually (for now at least). Secrets are
managed using agenix, instead of any
deployment-tool-native secret manager.
General usage
Adding new module
$ echo -e "{ config, lib, pkgs, inputs, ... }:\n\n{\n}" > modules/new-module.nix
Adding new host
$ mkdir nixos/newhost
$ echo -e "{ config, lib, pkgs, inputs, ... }:\n\n{\n}" > nixos/newhost/default.nix
$ echo '{"publicKey": "…", "targetHost": "…", "system": "aarch64-linux"}' | jq -rM > nixos/newhost/meta.json
Exploring generated configurations
Colmena has a nice feature here called colmena repl
. Go out there and explore
nodes
and its attributes.
Before you commit
To keep things clean, uniform, and working at least on some basic level, remember to:
$ nix flake check --no-build
$ nix fmt
Small bit of warning: nix fmt
, with formatters as configured (deadnix
specifically) will remove unused variables and such. Might be annoying when
things are work-in-progress.
Deploying new configurations
There are multiple options here. You can use nixos-rebuild
either locally:
$ sudo nixos-rebuild switch --flake .#microlith
remotely:
$ nixos-rebuild switch --target-host root@zorigami --build-host root@zorigami --flake .#zorigami
remotely using deploy-rs
:
$ deploy .#scylla
or using colmena
:
$ colmena apply --on khas
All of these should generally work, though I prefer to use deploy-rs
on my
router (because of magic rollback) when deploying bigger changes, and colmena
in most cases, because it's faster. And if the changes you're about to deploy
had a chance to be built by "CI", most stuff shouldn't need to be built locally.
Warnings about colmena
and deploy
being unknown flake outputs are known, and
will stay here at least until
schemas get implemented for
these.
General notes
Feel free to use this as a basis for your own configuration flakes, but while I keep things here working for me, the general state might not reflect best practices. Use caution, and if you feel like you don't really understand something (and there are some code crimes commited here), don't feel obliged to use it just because it's already here.