No description
b0146ca297
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
---|---|---|
.github | ||
.taskfiles | ||
.vscode | ||
docs | ||
images | ||
nixos | ||
.envrc | ||
.gitignore | ||
.pre-commit-config.yaml | ||
.sops.yaml | ||
flake.lock | ||
flake.nix | ||
garnix.yaml | ||
LICENSE | ||
partition.sh | ||
README.md | ||
shell.nix | ||
Taskfile.yaml |
Truxnell's homelab
Leveraging nix, nix-os to apply machine and home configurations
Background
Having used a variety of infracture as code solutions - and having found them lacking in some areas, it is time to give nix a go. Frustrations with other methods tend to be bitrot and config drift - very annoying to want to do a quick disaster recovery and find your have different versions of modules/utilities, breaking changes in code you didnt catch, etc.
Getting started
To Install
# nixos-rebuild switch --flake github:truxnell/nix-config#HOST
Goals
- Learn nix
- Mostly reproduce features from my existing homelab
- Replace existing ubuntu-based 'NAS'
- Expand usage to other shell environments such as WSL, etc
- handle secrets - decide between sweet and simple SOPS or re-use my doppler setup.
TODO
- Github Actions update fly.io instances (Bitwarden)
- Bring over hosts
- DNS01 Raspi4
- DNS02 Raspi4
- NAS
- Latop
- WSL
- JJY emulator Raspi4
- Documentation!
- ssh_config build from computers?
- Modularise host to allow vm builds and hw builds
- Add license
- Add taskfiles
Network map
TBC
Hardware
TBC
Checklist
Adding new node
- Ensure secrets are grabbed from note and all sops re-encrypte with task sops:re-encrypt
- Add to relevant github action workflows
- Add to .github/settings.yaml for PR checks
Applying configuration changes on a local machine can be done as follows:
cd ~/dotfiles
sudo nixos-rebuild switch --flake .
# This will automatically pick the configuration name based on the hostname
Applying configuration changes to a remote machine can be done as follows:
cd ~/dotfiles
nixos-rebuild switch --flake .#nameOfMachine --target-host machineToSshInto --use-remote-sudo
Hacking at nix files
Eval config to see what keys are being set.
nix eval .#nixosConfigurations.rickenbacker.config.security.sudo.WheelNeedsPassword
nix eval .#nixosConfigurations.rickenbacker.config.mySystem.security.wheelNeedsPassword
Quickly run a flake to see what the next error message is as you hack.
nixos-rebuild dry-run --flake . --fast --impure