No description
462144babe
| datasource | package | from | to | | ----------- | ------------------------------------- | ---- | ---- | | github-tags | yuvipanda/pre-commit-hook-ensure-sops | v1.0 | v1.1 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|---|---|---|
| .github | ||
| .taskfiles | ||
| .vscode | ||
| docs | ||
| images | ||
| nixos | ||
| .envrc | ||
| .gitignore | ||
| .pre-commit-config.yaml | ||
| .sops.yaml | ||
| flake.lock | ||
| flake.nix | ||
| garnix.yaml | ||
| LICENSE | ||
| partition.sh | ||
| README.md | ||
| shell.nix | ||
| Taskfile.yaml | ||
Truxnell's homelab
Leveraging nix, nix-os and other funny magic man words to apply machine and home configurations
Background
Having used a variety of infracture as code solutions - and having found them lacking in some areas, it is time to give nix a go. Frustrations with other methods tend to be bitrot and config drift - very annoying to want to do a quick disaster recovery and find your have different versions of modules/utilities, breaking changes in code you didnt catch, etc.
Getting started
To Install
# nixos-rebuild switch --flake github:truxnell/nix-config#HOST
Goals
- Learn nix
- Mostly reproduce features from my existing homelab
- Replace existing ubuntu-based 'NAS'
- Expand usage to other shell environments such as WSL, etc
- handle secrets - decide between sweet and simple SOPS or re-use my doppler setup.
- keep it simple, use trusted boring tools
TODO
- Github Actions update fly.io instances (Bitwarden)
- Bring over hosts
- DNS01 Raspi4
- DNS02 Raspi4
- NAS
- Latop
- Gaming desktop
- WSL
- JJY emulator Raspi4
- Documentation!
- ssh_config build from computers?
- Modularise host to allow vm builds and hw builds
- Add license
- Add taskfiles
Network map
TBC
Hardware
TBC
Manifesto
Taking lead from the zen of python:
- Minimise dependencies, where required, explicitly define dependencies
- Use plain nix to solve problems over additional tooling
- Stable channel for stable machines. Unstable only where features are important.
- Modules for a specific service - Profiles for broad configuration of state.
- Write readable code - descriptive variable names and modules
- Keep functions/dependencies within the relevant module where possible
- Errors should never pass silently - use assert etc for misconfigurations
- Flat is better than nested - use built-in functions like map, filter, and fold to operate on lists or sets
Checklist
Adding new node
- Ensure secrets are grabbed from note and all sops re-encrypte with task sops:re-encrypt
- Add to relevant github action workflows
- Add to .github/settings.yaml for PR checks
Applying configuration changes on a local machine can be done as follows:
cd ~/dotfiles
sudo nixos-rebuild switch --flake .
# This will automatically pick the configuration name based on the hostname
Applying configuration changes to a remote machine can be done as follows:
cd ~/dotfiles
nixos-rebuild switch --flake .#nameOfMachine --target-host machineToSshInto --use-remote-sudo
Hacking at nix files
Eval config to see what keys are being set.
nix eval .#nixosConfigurations.rickenbacker.config.security.sudo.WheelNeedsPassword
nix eval .#nixosConfigurations.rickenbacker.config.mySystem.security.wheelNeedsPassword
And browsing whats at a certain level in options.
nix eval .#nixosConfigurations.rickenbacker.config.home-manager.users.truxnell --apply builtins.attrNames --json
Quickly run a flake to see what the next error message is as you hack.
nixos-rebuild dry-run --flake . --fast --impure