193 lines
4.7 KiB
Markdown
193 lines
4.7 KiB
Markdown
# NixOS-Configs
|
|
|
|
My NixOS system configurations managed with Nix flakes, home-manager, and colmena for multi-host deployment.
|
|
|
|
## Overview
|
|
|
|
This repository contains NixOS configurations for multiple hosts including workstations, servers, and Raspberry Pi systems. It uses:
|
|
|
|
- **Nix Flakes** for reproducible builds and dependency management
|
|
- **home-manager** for user environment configuration
|
|
- **colmena** for multi-host deployment
|
|
- **sops-nix** for secrets management
|
|
- **Role-based configuration** for modular host setup
|
|
|
|
## Host Categories
|
|
|
|
### Workstations
|
|
- `loki` - Framework AMD AI 300 (primary development machine)
|
|
- `book` - Google Pixelbook 2017
|
|
- `dragon` - Custom workstation
|
|
- `ace` - Acer C720
|
|
- `eve` - Google Pixelbook 2017 (eMMC)
|
|
- `pocket2` - Mobile workstation
|
|
- `smaug` - ThinkPad x260
|
|
|
|
### Servers
|
|
- `w1` - Hetzner VPS
|
|
- `fred` - Acer server
|
|
- `harper` - Server
|
|
- `harper2` - Server
|
|
- `nuwww` - Web server
|
|
- `www2` - Web server
|
|
- `pihole` - Pi-hole server
|
|
|
|
### Raspberry Pi Systems
|
|
- `pi1` - Raspberry Pi
|
|
- `display` - Pi 4 with kiosk display
|
|
|
|
### Virtual Machines
|
|
- `vm` - Generic VM
|
|
- `vm1` - VM configuration
|
|
|
|
## Quick Start
|
|
|
|
### Prerequisites
|
|
- Nix with flakes enabled
|
|
- Age key for secrets decryption (see secrets section)
|
|
|
|
### Building a Host
|
|
```bash
|
|
# Test build without installing
|
|
just test <hostname>
|
|
|
|
# Apply configuration to host
|
|
just switch <hostname>
|
|
|
|
# Apply and reboot
|
|
just bootswitch <hostname>
|
|
```
|
|
|
|
### Updating
|
|
```bash
|
|
# Update flake.lock
|
|
just update
|
|
|
|
# Apply updates to all hosts
|
|
just world
|
|
```
|
|
|
|
### Available Commands
|
|
- `just test <host>` - Build and validate configuration
|
|
- `just switch <host>` - Apply configuration
|
|
- `just boot <host>` - Apply configuration for next boot
|
|
- `just world` - Deploy to all hosts
|
|
- `just workstation` - Deploy to workstation hosts
|
|
- `just server` - Deploy to server hosts
|
|
- `just web` - Deploy to web hosts
|
|
- `just clean <host>` - Clean old generations and optimize store
|
|
- `just update` - Update flake.lock
|
|
- `just format` - Format Nix code
|
|
|
|
## Configuration Structure
|
|
|
|
### Host Configuration
|
|
Each host in `hosts/<hostname>/` follows this pattern:
|
|
|
|
```nix
|
|
{
|
|
imports = [ ../templates/workstation.nix ]; # Base template
|
|
|
|
networking.hostName = "hostname";
|
|
variables.address = "100.72.x.x"; # Tailscale IP
|
|
|
|
roles = {
|
|
gui.enable = true;
|
|
games.enable = true;
|
|
wm = "sway";
|
|
};
|
|
}
|
|
```
|
|
|
|
### Roles
|
|
Hosts are configured using role-based modules:
|
|
|
|
- `gui` - Graphical user interface packages
|
|
- `games` - Gaming packages and Steam
|
|
- `citrix` - Citrix Workspace client
|
|
- `zoom` - Zoom client
|
|
- `kvm` - Virtualization support
|
|
- `kmscon` - Console improvements
|
|
- `auto-cpufreq` - CPU power management
|
|
|
|
### Window Managers
|
|
- `sway` - Wayland compositor (default for workstations)
|
|
- `gnome` - GNOME desktop environment
|
|
|
|
### Home Manager
|
|
User configurations are managed separately:
|
|
|
|
- `home/common/` - Common packages and settings for all users
|
|
- `home/gui/` - GUI-specific user configuration
|
|
- `home/work/` - Work-related packages and settings
|
|
|
|
## Secrets Management
|
|
|
|
Secrets are encrypted using sops-nix with Age keys.
|
|
|
|
### Setup
|
|
1. Generate Age key pair:
|
|
```bash
|
|
nix run nixpkgs#age -- -generate-keypair
|
|
```
|
|
|
|
2. Add public key to `.sops.yaml`:
|
|
```yaml
|
|
keys:
|
|
- &host_<name> <public_key>
|
|
creation_rules:
|
|
- path_regex: secrets.yaml$
|
|
key_groups:
|
|
- age:
|
|
- *host_<name>
|
|
```
|
|
|
|
3. Encrypt secrets:
|
|
```bash
|
|
sops --encrypt secrets.yaml > secrets.yaml.enc
|
|
```
|
|
|
|
### Usage in Configuration
|
|
```nix
|
|
# In host configuration
|
|
sops.secrets."service/password".path
|
|
```
|
|
|
|
## Development
|
|
|
|
### Adding a New Host
|
|
1. Create `hosts/<hostname>/default.nix`
|
|
2. Add hardware configuration if needed
|
|
3. Import appropriate template (`workstation.nix`, `server.nix`, etc.)
|
|
4. Configure roles and variables
|
|
5. Add to `flake.nix` outputs
|
|
6. Test with `just test <hostname>`
|
|
|
|
### Template Types
|
|
- `hosts/templates/workstation.nix` - Full desktop/workstation
|
|
- `hosts/templates/server.nix` - Server configuration
|
|
- `hosts/templates/pi-server.nix` - Raspberry Pi server
|
|
|
|
### Code Quality
|
|
- Format code: `just format`
|
|
- Check configuration: `nix flake check`
|
|
- Validate secrets: Ensure `.sops.yaml` has correct public keys
|
|
|
|
## Troubleshooting
|
|
|
|
### Common Issues
|
|
- **Build fails**: Check `nix flake show` for syntax errors
|
|
- **Secrets not found**: Verify Age key is in `~/.config/sops/age/keys.txt`
|
|
- **Network issues**: Check Tailscale connectivity
|
|
- **Home manager conflicts**: Remove backup files: `locate home-manager-backup | xargs rm`
|
|
|
|
### Logs
|
|
Build logs are saved to `nixos-switch.log`. Check this file for detailed error information.
|
|
|
|
## Contributing
|
|
|
|
1. Test changes on a single host first
|
|
2. Update documentation for new features
|
|
3. Clean up FIXME/DELME comments
|
|
4. Format code before committing
|
|
|