
Configuration files for my NixOS and nix-darwin machines

Primary LanguageNixApache License 2.0Apache-2.0


Configuration files for my NixOS and nix-darwin machines.

Very much a work in progress.

Installation runbook (NixOS)

Create a root password using the TTY

sudo su

From your host, copy the public SSH key to the server

ssh-add ~/.ssh/notthebee
ssh-copy-id -i ~/.ssh/notthebee root@<NIXOS-IP>

SSH into the host with agent forwarding enabled (for the secrets repo access)

ssh -A root@<NIXOS-IP>

Enable flakes

mkdir -p ~/.config/nix
echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf

Partition and mount the drives using disko


curl https://raw.githubusercontent.com/notthebee/nix-config/main/disko/zfs-root/default.nix \
    -o /tmp/disko.nix
sed -i "s|to-be-filled-during-installation|$DISK|" /tmp/disko.nix
nix --experimental-features "nix-command flakes" run github:nix-community/disko \
    -- -m destroy,format,mount /tmp/disko.nix

Install git and git-crypt

nix-env -f '<nixpkgs>' -iA git
nix-env -f '<nixpkgs>' -iA git-crypt

Clone this repository

mkdir -p /mnt/etc/nixos
git clone https://github.com/notthebee/nix-config.git /mnt/etc/nixos

Put the private and GPG key into place (required for secret management)

mkdir -p /mnt/home/notthebee/.ssh
scp ~/.ssh/id_ed25519 root@<NIXOS-IP>:/mnt/home/notthebee/.ssh
scp ~/.ssh/git-crypt-nix root@<NIXOS-IP>:/mnt/home/notthebee/.ssh
ssh root@<NIXOS-IP>
chmod 700 /mnt/home/notthebee/.ssh
chmod 600 /mnt/home/notthebee/.ssh/*

Unlock the git-crypt vault

cd /mnt/etc/nixos
git-crypt unlock /mnt/home/notthebee/.ssh/git-crypt-nix

Install the system

nixos-install \
--root "/mnt" \
--no-root-passwd \
--flake "git+file:///mnt/etc/nixos#hostname" # alison, emily, etc.

Unmount the filesystems

umount "/mnt/boot/esp"
umount -Rl "/mnt"
zpool export -a

