| assets | ||
| hosts | ||
| lib | ||
| packages | ||
| secrets | ||
| services | ||
| ssh | ||
| users/teidesu | ||
| .gitignore | ||
| agenix-edit | ||
| flake.lock | ||
| flake.nix | ||
| LICENSE | ||
| readme.md | ||
| switch | ||
nixos
ok hi this is my nixos config. it is pretty much a mess and the code sucks but welp
impure dependencies
note to self on what needs to be installed on the host manually:
common
/etc/ssh/agenix-key(darwin:~/.ssh/agenix-key) - private key for secret decryption/etc/ssh/agenix-key-unsafe(darwin:/Users/Shared/agenix-key-unsafe) - private key for unsafe secret decryption
"unsafe" secrets are only secret to the "outside" world (i.e. the git repo), but are decrypted at build-time and are available globally to the system. this is useful for things like server ips, since i don't want to expose them to everyone, but they are not really secret in the sense that they are not sensitive data.
koi:
/etc/iso/win11.iso- iso containing windows 11 installer (e.g. this: magnet)/etc/vms/haos.img- qcow2 image for haos vm (can be downloaded from the official website, the KVM/Proxmox image)./etc/secureboot/keys- secure boot keys, generated withsudo nix-shell -p sbctl --run "sbctl create-keys"- to enroll fde onto tpm:
sudo systemd-cryptenroll /dev/nvme0n1p2 --tpm2-device=auto --tpm2-pcrs=0+2+7
nginx may not start the first time, its fine, just run sudo systemctl restart nginx and it should work.
its likely due to docker containers not resolving yet. todo fix this
teidesu-osx
cp /var/run/current-system/Library/Fonts/* /Library/Fonts - copy nix-managed fonts to system fonts (waiting for this PR)
setting up
macos:
curl -L https://nixos.org/nix/install | sh
git clone https://github.com/teidesu/nixos ~/nixos
cd ~/nixos
./switch