nixfiles/readme.md

# nixos 

ok hi this is my nixos config. it is pretty much a mess and the code sucks but welp

## impure dependencies
note to self on what needs to be installed on the host manually:

### common
- `/etc/ssh/agenix-key` (darwin: `~/.ssh/agenix-key`) - private key for secret decryption
- `/etc/ssh/agenix-key-unsafe` (darwin: `/Users/Shared/agenix-key-unsafe`) - private key for unsafe secret decryption

> "unsafe" secrets are only secret to the "outside" world (i.e. the git repo), but are decrypted at build-time
> and are available globally to the system. this is useful for things like server ips, since i don't want to
> expose them to everyone, but they are not really secret in the sense that they are not sensitive data.

### koi:
- ~~`/etc/iso/win11.iso` - iso containing windows 11 installer (e.g. this: [magnet](magnet:?xt=urn:btih:56197d53136ffcecbae5225f0ac761121eacdac6&dn=Win11_22H2_English_x64v1.iso&tr=udp%3a%2f%2ftracker.torrent.eu.org%3a451%2fannounce&tr=udp%3a%2f%2ftracker.tiny-vps.com%3a6969%2fannounce&tr=udp%3a%2f%2fopen.stealth.si%3a80%2fannounce))~~ currently unused
- `/etc/vms/haos.img` - qcow2 image for haos vm (can be downloaded from the official website, the KVM/Proxmox image).
- `/etc/secureboot/keys` - secure boot keys, generated with `sudo nix-shell -p sbctl --run "sbctl create-keys"`
- to enroll fde onto tpm: `sudo systemd-cryptenroll /dev/nvme0n1p2 --tpm2-device=auto --tpm2-pcrs=0+2+7`

nginx may not start the first time, its fine, just run `sudo systemctl restart nginx` and it should work.
its likely due to docker containers not resolving yet. todo fix this

### teidesu-osx
`cp /var/run/current-system/Library/Fonts/* /Library/Fonts` - copy nix-managed fonts to system fonts (waiting for [this PR](https://github.com/LnL7/nix-darwin/pull/754))

### setting up

macos:
```bash
curl -L https://nixos.org/nix/install | sh
git clone https://github.com/teidesu/nixos ~/nixos
cd ~/nixos
./switch
```

## cat in a readme 🐈

![cat](https://cataas.com/cat)
initial commit 2024-01-08 07:49:51 +03:00			`# nixos`

readme 2024-03-03 22:40:04 +03:00			`ok hi this is my nixos config. it is pretty much a mess and the code sucks but welp`
initial commit 2024-01-08 07:49:51 +03:00
			`## impure dependencies`
			`note to self on what needs to be installed on the host manually:`

iosevka-nerd + new zsh prompt 2024-03-03 21:39:15 +03:00			`### common`
feat: improved secrets management, support for build-time "unsafe" secrets 2024-05-01 04:59:31 +03:00			- `/etc/ssh/agenix-key` (darwin: `~/.ssh/agenix-key`) - private key for secret decryption
			- `/etc/ssh/agenix-key-unsafe` (darwin: `/Users/Shared/agenix-key-unsafe`) - private key for unsafe secret decryption

			`> "unsafe" secrets are only secret to the "outside" world (i.e. the git repo), but are decrypted at build-time`
			`> and are available globally to the system. this is useful for things like server ips, since i don't want to`
			`> expose them to everyone, but they are not really secret in the sense that they are not sensitive data.`
iosevka-nerd + new zsh prompt 2024-03-03 21:39:15 +03:00
			`### koi:`
initial commit 2024-01-08 07:49:51 +03:00			- ~~`/etc/iso/win11.iso` - iso containing windows 11 installer (e.g. this: [magnet](magnet:?xt=urn:btih:56197d53136ffcecbae5225f0ac761121eacdac6&dn=Win11_22H2_English_x64v1.iso&tr=udp%3a%2f%2ftracker.torrent.eu.org%3a451%2fannounce&tr=udp%3a%2f%2ftracker.tiny-vps.com%3a6969%2fannounce&tr=udp%3a%2f%2fopen.stealth.si%3a80%2fannounce))~~ currently unused
			- `/etc/vms/haos.img` - qcow2 image for haos vm (can be downloaded from the official website, the KVM/Proxmox image).
			- `/etc/secureboot/keys` - secure boot keys, generated with `sudo nix-shell -p sbctl --run "sbctl create-keys"`
			- to enroll fde onto tpm: `sudo systemd-cryptenroll /dev/nvme0n1p2 --tpm2-device=auto --tpm2-pcrs=0+2+7`

readme 2024-03-03 22:40:04 +03:00			nginx may not start the first time, its fine, just run `sudo systemctl restart nginx` and it should work.
			`its likely due to docker containers not resolving yet. todo fix this`

iosevka-nerd + new zsh prompt 2024-03-03 21:39:15 +03:00			`### teidesu-osx`
			`cp /var/run/current-system/Library/Fonts/* /Library/Fonts` - copy nix-managed fonts to system fonts (waiting for [this PR](https://github.com/LnL7/nix-darwin/pull/754))

chore: improved multi-host support 2024-05-01 04:53:38 +03:00			`### setting up`

			`macos:`
			```bash
			`curl -L https://nixos.org/nix/install \| sh`
			`git clone https://github.com/teidesu/nixos ~/nixos`
			`cd ~/nixos`
			`./switch`
			```

initial commit 2024-01-08 07:49:51 +03:00			`## cat in a readme 🐈`

Update readme.md 2024-01-10 06:55:06 +03:00			`![cat](https://cataas.com/cat)`