nixos

ok hi this is my nixos config. it is pretty much a mess and the code sucks but welp

impure dependencies

note to self on what needs to be installed on the host manually:

common

• /etc/ssh/agenix-key (darwin: ~/.ssh/agenix-key) - private key for secret decryption
• ./secrets/unsafe.key - private key for unsafe secret decryption

"unsafe" secrets are only secret to the "outside" world (i.e. the git repo), but are decrypted at build-time and are available globally to the system. this is useful for things like server ips, since i don't want to expose them to everyone, but they are not really secret in the sense that they are not sensitive data.

koi:

• /etc/iso/win11.iso - iso containing windows 11 installer (e.g. this: magnet) currently unused
• /etc/vms/haos.img - qcow2 image for haos vm (can be downloaded from the official website, the KVM/Proxmox image).
• /etc/vms/bnuuy.img - qcow2 image of an ubuntu cloud image (e.g. https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img)
• /etc/secureboot/keys - secure boot keys, generated with sudo nix-shell -p sbctl --run "sbctl create-keys"
• to enroll fde onto tpm: sudo systemd-cryptenroll /dev/nvme0n1p2 --tpm2-device=auto --tpm2-pcrs=0+2+7
• rclone config (for backups): sudo nix-shell -p rclone --run "rclone config" – you need to set up a remote called backups, which will be used as the destination for all backups

teidesu-osx

cp /var/run/current-system/Library/Fonts/* /Library/Fonts - copy nix-managed fonts to system fonts (waiting for this PR)

setting up

macos:

curl -L https://nixos.org/nix/install | sh
git clone https://github.com/teidesu/nixos ~/nixos
cd ~/nixos
./switch

cat in a readme 🐈