teidesu/nixfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
my nix configurations (please roast me)
104 commits 1 branch 0 tags 1.1 MiB
Nix 90.4%
JavaScript 2.9%
Shell 2.1%
PLpgSQL 2%
Dockerfile 1.7%
Other 0.8%
Find a file
teidesu e5897c194b
chore(koi): moved sftpgo to a docker container
2024-09-18 01:04:59 +03:00
assets iosevka-nerd + new zsh prompt 2024-03-03 21:39:15 +03:00
hosts chore(koi): moved sftpgo to a docker container 2024-09-18 01:04:59 +03:00
lib chore(koi): moved sftpgo to a docker container 2024-09-18 01:04:59 +03:00
packages feat: added sftpgo to puffer 2024-01-09 08:34:03 +03:00
secrets chore(koi): moved sftpgo to a docker container 2024-09-18 01:04:59 +03:00
services chore: shadowsocks-rust -> sing-box 2024-05-11 07:19:03 +03:00
ssh feat(koi): desu-deploy setup 2024-08-04 02:24:50 +03:00
users/teidesu chore(arumi): some improvements 2024-09-15 13:00:56 +03:00
.gitignore chore: better unsafe secret handling 2024-05-12 12:43:51 +03:00
agenix-edit chore: --cat for agenix-edit 2024-06-15 07:16:24 +03:00
flake.lock feat: added arumi host and moved stuff from madohomu there 2024-08-30 11:34:22 +03:00
flake.nix feat: sumire host + some home improvements 2024-08-30 22:04:53 +03:00
LICENSE Create LICENSE 2024-01-30 12:19:43 +03:00
readme.md fix(koi): improved dns in nginx 2024-08-03 23:00:59 +03:00
switch feat: added arumi host and moved stuff from madohomu there 2024-08-30 11:34:22 +03:00

readme.md

nixos

ok hi this is my nixos config. it is pretty much a mess and the code sucks but welp

impure dependencies

note to self on what needs to be installed on the host manually:

common

  • /etc/ssh/agenix-key (darwin: ~/.ssh/agenix-key) - private key for secret decryption
  • ./secrets/unsafe.key - private key for unsafe secret decryption

"unsafe" secrets are only secret to the "outside" world (i.e. the git repo), but are decrypted at build-time and are available globally to the system. this is useful for things like server ips, since i don't want to expose them to everyone, but they are not really secret in the sense that they are not sensitive data.

koi:

  • /etc/iso/win11.iso - iso containing windows 11 installer (e.g. this: magnet) currently unused
  • /etc/vms/haos.img - qcow2 image for haos vm (can be downloaded from the official website, the KVM/Proxmox image).
  • /etc/vms/bnuuy.img - qcow2 image of an ubuntu cloud image (e.g. https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img)
  • /etc/secureboot/keys - secure boot keys, generated with sudo nix-shell -p sbctl --run "sbctl create-keys"
  • to enroll fde onto tpm: sudo systemd-cryptenroll /dev/nvme0n1p2 --tpm2-device=auto --tpm2-pcrs=0+2+7

teidesu-osx

cp /var/run/current-system/Library/Fonts/* /Library/Fonts - copy nix-managed fonts to system fonts (waiting for this PR)

setting up

macos:

curl -L https://nixos.org/nix/install | sh
git clone https://github.com/teidesu/nixos ~/nixos
cd ~/nixos
./switch

cat in a readme 🐈

cat