nix

NixOS dotfiles and configuration.

Installation

The below installation example is for a fresh eirene-vm virtual machine.

1. Mount NixOS Configuration

   sudo -i
   mkdir /host
   mount -t virtiofs host /host
   

2. Format Disks

   nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko /host/hosts/eirene/format.nix --arg device '"/dev/vda"'
   

3. Generate Host SSH Key

   mkdir -p /mnt/persist/etc/ssh
   ssh-keygen -t ed25519 -f /mnt/persist/etc/ssh/ssh_host_ed25519_key
   cp /mnt/persist/etc/ssh/ssh_host_ed25519_key /host/hosts/eirene/secrets/ssh_host_ed25519_key
   

4. Update sops Configuration

   nix-shell -p ssh-to-age --run 'cat /mnt/persist/etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
   
   find . -type f -name 'sops.yaml' -exec nano {} \;
   
   export SOPS_AGE_KEY_FILE=/host/users/nick/secrets/key.txt
   
   find . -type f -name 'sops.yaml' | while read -r sops_file; do
     dir=$(dirname "$sops_file")
     find "$dir" -maxdepth 1 -type f -regextype posix-extended -regex '.+\.(yaml|yml|json|env|ini|bin)' | while read -r file; do
       nix-shell -p sops --run 'sops --config $sops_file updatekeys $file'
     done
   done
   

5. Update Nix Configuration Keys

   • Known Hosts

     # Add to hosts/common/default.nix.programs.ssh.knownHosts
     cp /mnt/persist/etc/ssh/ssh_host_ed25519_key.pub /host/hosts/eirene/secrets/ssh_host_ed25519_key.pub
     

   • SSH Keys

     # Generate a new SSH key pair for every user that will connect to the newly added user@host combinations
     # Add to hosts/eirene/default.nix.users.users.nick.openssh.authorizedKeys.keyFiles
     ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_eirene_nick
     

6. Install NixOS

   mkdir -p /mnt/persist/etc/nixos
   cp -r /host/* /mnt/persist/etc/nixos
   nixos-install --root /mnt --flake /mnt/persist/etc/nixos#eirene-vm
   

7. Reboot

   reboot