Skip to content

Latest commit

 

History

History
99 lines (70 loc) · 3.34 KB

README.md

File metadata and controls

99 lines (70 loc) · 3.34 KB

nix-minimal

Minimal opinionated NixOS configuration for prototyping a base for my personal systems.

The goal is to orchestrate deeply integrated services to play nice with each other. Most prominently disk configuration which can't be easily changed later on.

Set up should work with minimal user interaction providing a system that works out of the box and is fully configured.

Installation guide

For installing this config use nixos anywhere

While nixos-anywhere can be installed through different ways I'd like to install from the NixOS installer.

To do this boot the installer and set a password via:

passwd "password"

Then find out the ip address to reach your target machine with:

ip addr

And finally install with nixos-anywhere using the following command:

nix run github:nix-community/nixos-anywhere -- --flake '.#titan' nixos@<ip-address>

Note: If you are on a non x86_64-linux system specify additionally --build-on-remote.

Specify disk encryption keys using --disk-encryption-keys /tmp/secret.key <path-to-local-keyfile>.

TODO: Add documentation for passing additional files with --extra-files and --generate-hardware-config

Unlock via SSH

Currently deactivated!

To unlock via SSH connect to the machine with:

ssh root@<ip-address>

Then when connected in initrd enter:

systemctl default

Enter the correct password and you are set.

Note I don't know if this is the best way to go about this but it does work.

Functionality goals

I aim to hit the following functionality goals for my systems:

  • Declarative partitioning using disko
  • Systemd-boot as bootloader
  • Systemd in initrd
  • Network defined using systemd-networkd
  • ZFS filesystem
  • Configured ZFS filesystem (scrubbing etc.)
  • Full disk encryption with ZFS encryption
  • Encryption unlockable through SSH (NOTE: This may not have worked as expected)
  • Tailscale in initrd
  • SWAP partition
  • Impermanence setup for NixOS
  • Impermanence rollback via ZFS snapshot
  • Impermanence setup for home-manager
  • Impermanence safety snapshot on shutdown
  • Secrets management using sops-nix
  • Documentation for how things work
  • Setup with nixos-anywhere
  • Generate hardware-configuration.nix with nixos-anywhere
  • Optional hardware adjustment via nixos-hardware
  • Optional hardware adjustment via nixos-facter
  • Optional secure boot with lanzaboote
  • Setup with home-manager
  • 15min apart snapshots on home (via sanoid)
  • Support for TPM

These goals are subject to change.

Documentation resources & inspiration