README.md at master · ryan.freumh.org/nixos

ryan.freumh.org / nixos
btw i use nix
nixos / README.md
at master 4.7 kB view raw view rendered
 1# NixOS Configuration
 2
 3My personal Nix and NixOS configuration for reproducible, declarative systems and environments across multiple hosts.
 4This is a personal configuration with limited applicability to others, though some patterns may be useful for reference.
 5Common self-hosting services have been extracted to a separate project, [Eilean](https://github.com/RyanGibb/eilean-nix).
 6
 7## Usage
 8
 9### NixOS
10
11See the [NixOS manual](https://nixos.org/manual/nixos/stable/#ch-installation) for how to install NixOS.
12
131. Clone this repository to `/etc/nixos/` on a NixOS system.
142. Set up the host configuration in `/etc/nixos/hosts/<hostname>/`.
153. Deploy the host with `nixos-rebuild switch`.
16
17### Remote Deployment
18
19[`deploy-rs`](https://github.com/serokell/deploy-rs) can be used to update remote hosts via SSH with `deploy .#hostname`.
20
21### Home Manager
22
23For non-NixOS systems, you can use Home Manager standalone:
24
251. Install [Nix](https://nixos.org/download/) and [enable flakes](https://nixos.wiki/wiki/flakes#Other_Distros.2C_without_Home-Manager).
262. Clone this repository and follow the [Home Manager manual](https://nix-community.github.io/home-manager/index.xhtml#sec-install-standalone).
273. Deploy the profile with `home-manager switch`.
28
29### Nix-on-Droid
30
31See [upstream](https://github.com/nix-community/nix-on-droid/).
32
33## Repository Structure
34
35- [`flake.nix`](./flake.nix) - Entry point where inputs, outputs, and [overlays](https://nixos.org/manual/nixpkgs/stable/#chap-overlays) are defined.
36  The [`flake.lock`](./flake.lock) file locks these inputs for reproducibility.
37- [`hosts/`](./hosts/) - Host-specific configurations where each subdirectory represents a separate machine.
38  - Hosts are named after animals, following a rough naming scheme where,
39    - Stationary hosts are mammals.
40      - Servers are even-toed ungulates ([Artiodactyls](https://en.wikipedia.org/wiki/Artiodactyl)), e.g. the [Network-Attached Storage (NAS) server](https://ryan.freumh.org/nas.html) [`elephant`](./hosts/elephant).
41      - SBCs are small mammals ([Eulipotyphla](https://en.wikipedia.org/wiki/Eulipotyphla)), e.g. the [Home Assistant](https://www.home-assistant.io/) server and [Zigbee](https://en.wikipedia.org/wiki/Zigbee) bridge [`shrew`](./hosts/shrew).
42      - Desktops are carnivores ([Carnivora](https://en.wikipedia.org/wiki/Carnivora)), e.g. the tower PC [`vulpine`](./hosts/vulpine).
43    - Mobile (battery powered) hosts are reptiles, e.g. the laptop [`gecko`](./hosts/gecko).
44    - Virtual hosts are birds, e.g. the virtual private server (VPS) [`owl`](./hosts/owl).
45    - Work-associated hosts are aquatic, e.g. the VPSs for [Eon](https://github.com/RyanGibb/eon) experiments [`duck`](./hosts/duck), and running the [EEG](https://www.cst.cam.ac.uk/research/eeg) infrastructure including using the federated [Shibboleth](https://www.shibboleth.net/) identity server to provision [Matrix](https://matrix.org/) accounts [`swan`](./hosts/swan).
46    - [`barnacle`](./hosts/barnacle/default.nix) builds an ISO image that can be written to media like a USB flash drive to create a read-only live USB that can be booted to provide the custom environment on all my other hosts and used to, for example, install an operating system, with the [`install.sh`](./hosts/barnacle/install.sh) script.
47  - Each host directory typically contains,
48    - `default.nix` - Main configuration entry point that imports other modules.
49    - `hardware-configuration.nix` - Hardware-specific configuration generated by `nixos-generate-config`.
50    - `minimal.nix` - A minimal configuration that can be useful when updating with insufficient disk space.
51      The minimal configuration can be build, the `default.nix` system garbage collected, and then the updated configuration built.
52      Note this precludes trivial rollback.
53    - Other modules separating functionality, such as `services.nix`.
54- [`modules/`](./modules/) - NixOS modules of common functionality extracted into modular components which can be enabled by host configurations.
55- [`pkgs/`](./pkgs/) - Custom package definitions for packages not available in nixpkgs or requiring modifications.
56- [`home/`](./home/) - Home-manager NixOS modules configurations.
57- [`secrets/`](./secrets/) - Encrypted secrets managed by agenix.
58- [`scripts/`](./scripts/) - Miscellaneous scripts.
59- [`nix-on-droid/`](./nix-on-droid/) - [Nix-on-Droid](./#nix-on-droid) configuration.
60
61## Managing Secrets
62
63Secrets are managed using [agenix](https://github.com/ryantm/agenix).
64To add a new secret, update [secrets.nix](./secrets/secrets.nix) and run `cd secrets && agenix -e <secret-name>.age`.
65To update an existing secret you need only do the latter.
66