/hoverbear-consulting-flake

Company Nix expressions.

Primary LanguageNixApache License 2.0Apache-2.0

Nix Flake of Hoverbear Consulting

This is a flake containing expressions made by Hoverbear Consulting.

You can use this in your own flakes:

# flake.nix
{
  inputs.hoverbear.url = "github:hoverbear-consulting/flake";
  outputs = { self, hoverbear-consulting, ... }: { /* ... */ };
}

Packages

  • neovimConfigured: A configured nvim with plugins.
  • vscodeConfigured: A vscode with extensions.

NixOS Configurations

General dogma:

  • Only UEFI, with a 512MB+ FAT32 partition on the /boot block device.
  • BTRFS based root block devices (in a dm-crypt).
  • Firewalled except port 22.
  • Preconfigured, ready to use, global (nvim) editor and shell (bash) configuration.
  • Somewhat hardened hardware nodes.
  • Relaxed user access control.
  • Nix features nix-command and flake adopted.

Partitioning

The machines share a common partitioning strategy, once setting the required environment variables, a script assists:

WARNING!: This script will destroy any disks and partitions you point it at, and is not designed for uncareful use.

Be careful! Please!

sudo nix run github:hoverbear-consulting/flake#unsafe-bootstrap

Post-install

After install, set the password for ana:

nix run nixpkgs#mkpasswd -- --stdin --method=sha-512 > /mnt/persist/encrypted-passwords/ana

Yubikeys

For Yubikeys, use U2F:

mkdir -p $HOME/.config/Yubico/
pamu2fcfg >> $HOME/.config/Yubico/u2f_keys

For more keys, just do the same thing.

To use these keys on the dm-crypt:

systemd-cryptenroll --fido2-device=auto $ROOT_PARTITION

Architect

An x86_64 workstation & gaming rig.

Preparation

Requires:

  • An x86_64-linux based nix.
  • A USB stick, 8+ GB preferred. (Ex)

Build a recovery image:

nix build github:hoverbear-consulting/flake#nixosConfigurations.x86_64IsoImage.config.system.build.isoImage --out-link isoImage

Flash it to a USB:

ARCHITECT_USB=/dev/null
umount $ARCHITECT_USB
sudo cp -vi isoImage/iso/*.iso $ARCHITECT_USB

Bootstrap

Start the machine, or reboot it. Once logged in, partion, format, and mount the NVMe disk:

export TARGET_DEVICE=/dev/nvme1n1
export EFI_PARTITION=/dev/nvme1n1p1
export ROOT_PARTITION=/dev/nvme1n1p2

Then, follow the Partitioning section.

After, install the system:

sudo bootctl install --esp-path=/mnt/efi
sudo nixos-install --flake github:hoverbear-consulting/flake#architect --impure

Gizmo

An aarch64 server/thin client.

Preparation

Requires:

  • An aarch64-linux system or a x86_64-linux install of nixos with:

    # /etc/nixos/configuration.nix
    {
      # If not on an aarch64-linux
      boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
      # Default in NixOS stock kernel.
      boot.kernelModules = [
        "ftdi_sio"
      ];
    }
  • A microUSB to USB cable. (Ex)

  • A microSD card. (Ex)

  • A USB stick, 4+ GB preferred. (Ex)

Build the recovery image:

nix build github:hoverbear-consulting/flake#nixosConfigurations.honeycombIsoImage.config.system.build.isoImage --out-link isoImage

Fetch the SolidRun provided UEFI (from https://images.solid-run.com/LX2k/lx2160a_uefi):

curl https://solid-run-images.sos-de-fra-1.exo.io/LX2k/lx2160a_uefi/lx2160acex7_2000_700_3200_8_5_2_sd_ee5c233.img.xz -o uefi.img.xz
xz --decompress uefi.img.xz

Flash them:

export GIZMO_SD=/dev/null
export GIZMO_USB=/dev/null

umount ${GIZMO_SD}
sudo cp -vi uefi.img ${GIZMO_SD}
umount ${GIZMO_USB}
sudo cp -vi isoImage/iso/*.iso ${GIZMO_USB}

Bootstrap

Plug in the USB stick and SD card, then stick the microUSB into the CONSOLE port, and start a serial connection on the other machine:

sudo nix run nixpkgs#picocom -- /dev/ttyUSB0 -b 115200

Start the machine, or reboot it. Once logged in, partion, format, and mount the NVMe disk:

export TARGET_DEVICE=/dev/nvme0n1
export EFI_PARTITION=/dev/nvme0n1p1
export ROOT_PARTITION=/dev/nvme0n1p2

Then, follow the Partitioning section.

After, install the system:

sudo bootctl install --esp-path=/mnt/efi
sudo nixos-install --flake github:hoverbear-consulting/flake#gizmo --impure

Nomad

An x86_84 laptop.

Preparation

Requires:

  • An x86_64-linux based nix.
  • A USB stick, 8+ GB preferred. (Ex)

Build a recovery image:

nix build github:hoverbear-consulting/flake#nixosConfigurations.x86_64IsoImage.config.system.build.isoImage --out-link isoImage

Flash it to a USB:

NOMAD_USB=/dev/null
umount $NOMAD_USB
sudo cp -vi isoImage/iso/*.iso $NOMAD_USB

Bootstrap

Start the machine, or reboot it. Once logged in, partion, format, and mount the NVMe disk:

export TARGET_DEVICE=/dev/nvme0n1
export EFI_PARTITION=/dev/nvme0n1p1
export ROOT_PARTITION=/dev/nvme0n1p2

Then, follow the Partitioning section.

After, install the system:

sudo bootctl install --esp-path=/mnt/efi
sudo nixos-install --flake github:hoverbear-consulting/flake#nomad --impure

WSL

A system for on Windows (WSL2).

Preparation

Build the tarball:

nix build github:hoverbear-consulting/flake#nixosConfigurations.wsl.config.system.build.installer --out-link installer

Ensure the Windows install has WSL(2) enabled:

Enable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Windows-Subsystem-Linux"
Enable-WindowsOptionalFeature -Online -FeatureName "VirtualMachinePlatform"

Reboot. Then, install the kernel update

wsl --set-default-version 2
wsl --update

Bootstrap

Import the tarball:

wsl --import nixos nixos-wsl-installer.tar.gz --version 2
wsl --set-default nixos

Then enter first setup.

wsl

This may hang at Opimtizing Store, give it a minute, then Ctrl+C and run wsl again. It should work.

If you do experience that, rebuild the install and it seems to fix it:

nixos-rebuild switch --flake github:hoverbear-consulting/flake#wsl