jahanson/nix-config-tn
Archived
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2024-07-08. You can view files and clone it, but cannot push or open issues or pull requests.
nix-config-tn/README.md
Truxnell 49f293a574 hack
2024-04-11 19:42:26 +10:00

4.2 KiB
Raw Blame History

Truxnell's homelab

NixOS NixOS MIT License

renovate built with garnix Code Comprehension

Leveraging nix, nix-os and other funny magic man words to apply machine and home configurations

Background

Having used a variety of infracture as code solutions - and having found them lacking in some areas, it is time to give nix a go. Frustrations with other methods tend to be bitrot and config drift - very annoying to want to do a quick disaster recovery and find your have different versions of modules/utilities, breaking changes in code you didnt catch, etc.

Getting started

To Install

# nixos-rebuild switch --flake github:truxnell/nix-config#HOST

Goals

  • Learn nix
  • Mostly reproduce features from my existing homelab
  • Replace existing ubuntu-based 'NAS'
  • Expand usage to other shell environments such as WSL, etc
  • handle secrets - decide between sweet and simple SOPS or re-use my doppler setup.
  • keep it simple, use trusted boring tools

TODO

  • Github Actions update fly.io instances (Bitwarden)
  • Bring over hosts
    • DNS01 Raspi4
    • DNS02 Raspi4
    • NAS
    • Latop
    • Gaming desktop
    • WSL
    • JJY emulator Raspi4
  • Documentation!
  • ssh_config build from computers?
  • Modularise host to allow vm builds and hw builds
  • Add license
  • Add taskfiles

Network map

TBC

Hardware

TBC

Manifesto

Taking lead from the zen of python:

  • Minimise dependencies, where required, explicitly define dependencies
  • Use plain nix to solve problems over additional tooling
  • Stable channel for stable machines. Unstable only where features are important.
  • Modules for a specific service - Profiles for broad configuration of state.
  • Write readable code - descriptive variable names and modules
  • Keep functions/dependencies within the relevant module where possible
  • Errors should never pass silently - use assert etc for misconfigurations
  • Flat is better than nested - use built-in functions like map, filter, and fold to operate on lists or sets

Checklist

Adding new node

  • Ensure secrets are grabbed from note and all sops re-encrypte with task sops:re-encrypt
  • Add to relevant github action workflows
  • Add to .github/settings.yaml for PR checks

Applying configuration changes on a local machine can be done as follows:

cd ~/dotfiles
sudo nixos-rebuild switch --flake .
# This will automatically pick the configuration name based on the hostname

Applying configuration changes to a remote machine can be done as follows:

cd ~/dotfiles
nixos-rebuild switch --flake .#nameOfMachine --target-host machineToSshInto --use-remote-sudo

Hacking at nix files

Eval config to see what keys are being set.

nix eval .#nixosConfigurations.rickenbacker.config.security.sudo.WheelNeedsPassword
nix eval .#nixosConfigurations.rickenbacker.config.mySystem.security.wheelNeedsPassword

And browsing whats at a certain level in options.

nix eval .#nixosConfigurations.rickenbacker.config.home-manager.users.truxnell --apply builtins.attrNames --json

Quickly run a flake to see what the next error message is as you hack.

nixos-rebuild dry-run --flake . --fast --impure

Links & References