1
0
Fork 0
nix-configuration/README.md

153 lines
6.3 KiB
Markdown
Raw Normal View History

2024-02-29 14:53:34 +00:00
# NixOS Configuration
A full set of configuration files managed via NixOS. This project is an **unofficial** extension of the [Auxolotl system template](https://git.auxolotl.org/auxolotl/templates).
2024-02-29 14:53:34 +00:00
2024-04-28 16:03:40 +00:00
> [!WARNING]
> DO NOT DOWNLOAD AND RUN `nixos-rebuild` ON THIS REPOSITORY! These are my personal configuration files. I invite you to look through them, modify them, and take inspiration from them, but if you run `nixos-rebuild`, it _will completely overwrite your current system_!
2024-03-22 22:18:38 +00:00
2024-05-10 16:53:17 +00:00
## Using this repo
2024-02-29 14:53:34 +00:00
### Note on secrets management
Secrets are stored in a separate repo called `secrets`, which is included here as a flake input. This is a poor man's secret management solution, but y'know what, it works. These "secrets" will be readable to users on the system with access to the `/nix/store/`, but for single-user systems, it's fine.
2024-02-29 14:53:34 +00:00
Initialize the submodule with:
2024-02-29 14:53:34 +00:00
```sh
git submodule update --init --recursive
2024-02-29 14:53:34 +00:00
```
2024-05-10 16:53:17 +00:00
### First-time installation
2024-02-29 14:53:34 +00:00
When installing on a brand new system, partition the main drive into two partitions: a `/boot` partition, and a LUKS partition. Then, run `bin/format-drives.sh --root [root partition] --luks [luks partition]`. This also creates a `hardware-configuration.nix` file.
```sh
./bin/format-drives.sh --boot /dev/nvme0n1p1 --luks /dev/nvme0n1p2
```
Next, set up the host's config under in the `hosts` folder by copying `configuration.nix.template` and `hardware-configuration.nix.template` into a new folder.
Then, add the host to `flake.nix` under the `nixosConfigurations` section.
Finally, run the NixOS installer, replacing `host` with your actual hostname:
2024-02-29 14:53:34 +00:00
```sh
nixos-install --verbose --root /mnt --flake .#host --no-root-password
```
> [!TIP]
> This config installs a [Nix wrapper called nh](https://github.com/viperML/nh). Basic install/upgrade commands can be run using `nh`, but more advanced stuff should use `nixos-rebuild`.
2024-02-29 14:53:34 +00:00
2024-05-10 16:53:17 +00:00
### Running updates
All hosts are configured to run automatic daily updates (see `modules/system/system.nix`). You can disable this by adding `aux.system.services.autoUpgrade = false;` to a host's config.
2024-06-05 17:42:14 +00:00
Automatic updates work by `git pull`ing the latest version of the repo from Forgejo. This repo gets updated nightly by [`Haven`](./hosts/Haven), which updates the `flake.lock` file and pushes it back up to Forgejo. Only one host needs to do this, and you can enable this feature on a host using `aux.system.services.autoUpgrade.pushUpdates = true;`.
2024-06-05 17:42:14 +00:00
#### Manually updating
Run `nh` to update the system. Use the `--update` flag to update `flake.lock` as part of the process. After the first build, you can omit the hostname and path to your flake.nix file:
2024-04-28 16:03:40 +00:00
```sh
nh os switch --update
2024-04-28 16:03:40 +00:00
```
2024-02-29 14:53:34 +00:00
2024-05-10 16:53:17 +00:00
This is the equivalent of running:
```sh
nix flake update
sudo nixos-rebuild switch --flake .
2024-02-29 14:53:34 +00:00
```
2024-05-10 16:53:17 +00:00
There are a few different actions for handling the update:
2024-05-10 16:53:17 +00:00
- `switch` replaces the running system immediately.
- `boot` switches to the new generation during the next reboot.
- `build` creates and caches the update without applying it.
- `test` creates the generation and switches to it, but doesn't add it to the bootloader.
2024-05-10 16:53:17 +00:00
#### Using Remote builds
Nix can create builds for or on remote systems, and transfer them via SSH.
##### Generating a build on a remote system
You can run a build on a remote server, then pull it down to the local system. This is called a `distributedBuild`.
> [!NOTE]
> For distributed builds, the root user on the local system needs SSH access to the build target. This is done automatically.
2024-05-10 16:53:17 +00:00
To enable root builds on a host, add this to its config:
```nix
nix.distributedBuilds = true;
```
2024-06-25 18:13:15 +00:00
For hosts where `nix.distributedBuilds` is true, this repo automatically gives the local root user SSH access to an unprivileged user on the build systems. This is configured in `nix-secrets`, but the build systems are defined in [`modules/system/nix.nix`](https://code.8bitbuddhism.com/aires/nix-configuration/src/commit/433821ef0c46f08855a041c3aa97143a954564f5/modules/system/nix.nix#L57).
2024-05-10 16:53:17 +00:00
If you want to ensure a build happens on a remote system, you can use:
```sh
nixos-rebuild build --flake . --build-host [remote hostname]
```
##### Pushing a build to a remote system
Conversely, you can run a build on the local host, then push it to a remote system.
```sh
NIX_SSHOPTS="-o RequestTTY=force" nixos-rebuild --target-host user@example.com --use-remote-sudo switch
```
2024-05-10 16:53:17 +00:00
### Testing without modifying the system
2024-04-28 16:03:40 +00:00
2024-05-10 16:53:17 +00:00
If you want to test without doing a whole build, or without modifying the current system, there are a couple additional tools to try.
2024-02-29 14:53:34 +00:00
2024-05-10 16:53:17 +00:00
#### Dry builds
To quickly validate your configuration, create a dry build. This analyzes your configuration to determine whether it'll actually build:
2024-02-29 14:53:34 +00:00
```zsh
nixos-rebuild dry-build --flake .
```
2024-05-10 16:53:17 +00:00
#### Virtual machines
You can also build a virtual machine image to preview changes. The first command builds the VM, and the second runs it:
2024-02-29 14:53:34 +00:00
```zsh
nixos-rebuild build-vm --flake .
2024-05-10 16:53:17 +00:00
./result/bin/run-nixos-vm
2024-02-29 14:53:34 +00:00
```
2024-05-10 16:53:17 +00:00
> [!NOTE]
> Running the VM also creates a `.qcow2` file for data persistence. Remove this file after a while, otherwise data might persist between builds and muck things up.
## About this repository
### Layout
2024-02-29 14:53:34 +00:00
This config uses a custom templating system built off of the [Auxolotl system templates](https://git.auxolotl.org/auxolotl/templates).
2024-05-24 03:50:42 +00:00
- Flakes are the entrypoint, via `flake.nix`. This is where Flake inputs and Flake-specific options get defined.
- Hosts are defined in the `hosts` folder.
- Modules are defined in `modules`. All of these files are automatically imported (except home-manager modules). You simply enable the ones you want to use, and disable the ones you don't. For example, to install Flatpak support, set `aux.system.ui.flatpak.enable = true;`.
2024-06-25 18:13:15 +00:00
- After adding a new module, make sure to `git add` it before running `nixos-rebuild`.
- Home-manager configs live in the `users/` folders.
2024-02-29 14:53:34 +00:00
2024-05-10 16:53:17 +00:00
### Features
2024-02-29 14:53:34 +00:00
This Nix config features:
- Flakes
- Home Manager
2024-06-05 17:42:14 +00:00
- Automatic daily updates
2024-05-24 03:50:42 +00:00
- AMD, Intel, and Raspberry Pi (ARM64) hardware configurations
- Support for various GUIs and desktop environments including Gnome, KDE, XFCE, and Hyprland
2024-02-29 14:53:34 +00:00
- Boot splash screens via Plymouth
- Secure Boot support via Lanzaboote
- Disk encryption via LUKS with TPM auto-unlocking
2024-05-24 03:50:42 +00:00
- Custom packages and systemd services
2024-02-29 14:53:34 +00:00
- Flatpaks
- Default ZSH shell using Oh My ZSH
2024-03-22 22:18:38 +00:00
- Secrets (in a janky hacky kinda way)