README.md

NixOS Configurations

Here are my NixOS configurations.

I'm using this for consistent configuration and portability from machine to machine with a small amount of changes (usually disks, partitions, or hardware changes)

The configurations allow for a base system to be installed, with a core amount of applications to operate, you could add to it, but I feel that this configuration shines when you pair it with something like Home Manager for discrete per-er configuration of their environment. Head on overto my Nix Home Manager | Dotfiles Repository to get an understanding on how I "daily drive" my userspace environments.

Highlights:

BTRFS subvolume implementation with hourly automatic snapshots

• Impermanence toggled for a clean installation on each reboot

• Toggled full disk encryption

• Support for RAID configurations

• Toggled options for hardware, applications, and features, like VPNs

• Deployment of secrets using sops-nix

• Much, much more

• I blewspent the summer of 2023 moving into this configuration after waving a fond farewell to near 2 decades of running Arch Linux. This, as with life, is still WIP. I documented the process on the Tired of IT! NixOS chapter on my website.

Tree Structure

• flake.nix: Entrypoint for NixOS configurations.
• hosts: Host Configurations
  • common: Shared configurations consumed by all hosts.
    • secrets: Secrets that are available to all users
  • <host_a>: "host_a" specific hardware and host configuration
    • secrets: Secrets that are specific to the 'host_a' host
  • ...: And so on as above with other hosts
• lib: Helpers, functions, libraries and timesavers
• modules: Modules that are specific to this implementation and allow for toggled configuration
  • application: Applications accessible to all users of system
  • container: Containers using some sort of OCI container engine
  • features: Features such as virtualization, gaming, cross compilation
  • filesystem: Encryption, impermanence, BTRFS options
  • hardware: Bluetooth, Printing, Sound, Wireless
  • network: Firewalls and VPNs
  • service: Miscellanious daemons
• overlays: Ammendments and updates to packages that exist in the nix ecosphere
• pkgs: Custom packages, services, scripts that are specific to this installation
• users: Individual User folders

Usage

Manual approach

Get your installer disc booted up and your disks partitioned. I took notes on how I did an install with BTRFS and encryption on my website. Once you have your partitions created and subvolumes mounted then we can continue..

• Generate your hardware-configuration.nix file.

nixos-generate-config --root /mnt --file /tmp

• Go ahead and clone this repository.

nix-shell -p git nixFlakes
git clone https://github.com/tiredofit/nixos-config.git /mnt/etc/nixos

• Either create a new host entry in flake.nix and add associated bits to the hosts folder or modify one of the existing hosts hardware-configuration.nix with what you generated above. That's kinda janky, but it'll get you started..

• Install your new NixOS system

nixos-install --root /mnt --flake /mnt/etc/nixos#<host>

Optimized deployment via script

• Use the included deployment script on an Arch or NixOS system to:
  • Add remove new hosts and templates
  • Update Flake
  • Update running system
  • Generate SSH Key and AGE keys per host
  • Update host / repository secrets
  • Remotely install a new system based on configuration via SSH
  • Build locally and remotely update an in place system via SSH

Configuring a system

Features are toggleable via the host configuration options. Have a look insie the modules/nixos folder for options available.

For example to have a base AMD system using with an integrated GPU using BTRFS as a file system that allowed SSH, Docker, and a hardware webcam it would be configured as such:

  host = {
    hardware = {
      cpu = "amd";
      graphics = {
        acceleration = true;
        displayServer = "x";
        gpu = "integrated-amd";
      };
      webcam.enable = true;
    };
    network = {
      hostname = "samplehostname" ;
      domainname = "tiredofit.ca" ;
    };
    role = server;
  };

This very much relies on the modules/roles folder and sets defaults per role, which can be overridden in each hosts unique configuration.

Keep it up to date

sudo nix flake update /etc/nixos/
sudo nixos-rebuild switch --flake /etc/nixos/#<host>

Managing Secrets

I document the process of getting encrypted secrets created and keeping up to date on my website. Tired of IT! Secrets Management.

License

Do you what you'd like and I hope that this inspires you for your own configurations as many others have myself attribution would be appreciated.