nix-config

Infrastructure as Code (IaC)

After using a shell script to automate my desktop Ubuntu installation from 2011 to 2023, I finally migrated the 2646 lines of code to Ansible, see https://github.com/JakobLichterfeld/infra-playbook

End of 2023 I migrated to Nix.

MainServer (Intel N100)

Hardware documentation | System design documentation

Installation process

Download NixOS minimal ISO image copy it to a USB stick, using USBImager for example, see creating bootable USB flash drive with a graphical tool.

Boot into the NixOS live environment (F11 for boot menu)

Create a root password using the TTY

sudo su
passwd

From your host, copy the public SSH key to the server

ssh-add ~/.ssh/id_ed25519
ssh-copy-id -i ~/.ssh/id_ed25519 root@nixos_installation_ip

SSH into the host with agent forwarding enabled

ssh -A root@nixos_installation_ip

Enable Nix Flakes functionality

mkdir -p ~/.config/nix
echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf

Partition and mount the drives using disko (declarative disk partitioning and formatting using nix)

curl https://raw.githubusercontent.com/JakobLichterfeld/nix-config/main/machines/nixos/MainServer/filesystems/disko.nix \
    -o /tmp/disko.nix
nix --experimental-features "nix-command flakes" run github:nix-community/disko \
    -- --mode destroy,format,mount /tmp/disko.nix

Install programs needed for system installation

nix-env -f '<nixpkgs>' -iA git
nix-env -f '<nixpkgs>' -iA git-crypt

Clone this repository

mkdir -p /mnt/etc/nixos
git clone https://github.com/JakobLichterfeld/nix-config.git /mnt/etc/nixos

Put the private and GPG key into place (required for secret management)

mkdir -p /mnt/persist/ssh
exit
scp ~/.ssh/id_ed25519_main_server root@nixos_installation_ip:/mnt/persist/ssh/id_ed25519_main_server
scp ~/.ssh/nix-config_local.key.asc root@nixos_installation_ip:/mnt/persist/ssh/nix-config_local.key.asc
ssh -A nixos@nixos_installation_ip
chmod 700 /mnt/persist/ssh
chmod 600 /mnt/persist/ssh/*

Unlock the git-crypt vault

cd /mnt/etc/nixos
chown -R root:root .
git-crypt unlock /mnt/persist/ssh/nix-config_local.key.asc

Install system

nixos-install \
--root "/mnt" \
--no-root-passwd \
--flake "git+file:///mnt/etc/nixos#MainServer"

Unmount the file systems

umount /mnt/boot/efis/nvme-FIKWOT_FN960_2TB_AA234330561-part3/
umount -Rl "/mnt"
cd /
zpool export -a

Remove the installation media

Reboot

reboot

Update to newest config

Recommended: Remote Deployment (from local machine)

From your local machine (e.g., MainDev), run the deployMainServer app. This will build the configuration, copy it to the server, and activate it.

nix run .#deployMainServer

Manual: On the Server

Log into the server, pull the latest changes, and activate the configuration.

sudo su
cd /etc/nixos
git pull
nixos-rebuild switch --flake /etc/nixos#MainServer

or use the flake command

nix --experimental-features 'nix-command flakes' run .#pullAndSwitch

MainDev (Mac)

Managed by nix-darwin and home-manager. Impure packages and applications are managed by homebrew and mas.

Installation process

Make sure nix is installed

Enable Rosetta to build x86 binaries with Apple Silicon: softwareupdate --install-rosetta --agree-to-license

Update dependencies and install: nix --experimental-features 'nix-command flakes' run .#updateDependenciesAndSwitch

or

build: nix --experimental-features 'nix-command flakes' build .#darwinConfigurations."MainDev".system

install: nix run nix-darwin -- switch --flake .#MainDev

apply changes: sudo darwin-rebuild switch --flake .#MainDev

Contributing

All contributions are welcome and greatly appreciated!

Disclaimer

The Flake is primarily designed for personal use. Use it at your own risk and do not anticipate guidance for its installation on your device.