mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

docs: function of all files documented

Browse source
This commit is contained in:
oddlama 2023-03-27 17:21:05 +02:00
parent 1afff422de
commit 01940d0e19
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
2 changed files with 43 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

54
README.md
View file

@ -2,25 +2,28 @@
## Structure ## Structure
- `hosts/` - `hosts/` contains configuration for all hosts.
- `common/` shared configuration. Hosts will include what they need from here.
- `common/` shared configuration - `core/` configuration that is shared across _all_ machines. (base setup, ssh, ...)
- `dev/` configuration for development machines
- `core/` configuration that is shared across all machines. (base setup, ssh, ...) - `graphical/` configuration for graphical setup
- `hardware/` configuration for various hardware components
- `<hostname>/` - `<something>.nix` commonly required configuration for `<something>`
- `<hostname>/` configuration for `<hostname>`
- `secrets/` Local secrets for this host. Still theoretically accessible by other hosts, but owned by this one. - `secrets/` Local secrets for this host. Still theoretically accessible by other hosts, but owned by this one.
- `secrets.nix.age` Repository-wide local secrets. Decrypted on import via `builtins.extraBuiltins.rageImportEncrypted`. - `secrets.nix.age` Repository-wide local secrets. Decrypted on import via `builtins.extraBuiltins.rageImportEncrypted`.
- `host.pub` This host's public key.Repository-wide local secrets. Decrypted on import via `builtins.extraBuiltins.rageImportEncrypted`. - `host.pub` This host's public key. Used for agenix rekeying.
- `default.nix` The actual system definition. Follow the imports from there to see what it entails.
- `nom/` - `meta.nix` Determines the type and architecture of this system, and some other optional meta information. Used e.g. by `nix/colmena.nix` to know which hosts are NixOS and which are home-manger only.
- `fs.nix` Filesystem setup.
- `net.nix` Networking setup.
- `nom/` - My laptop and main development machine
- `ward/` - ODROID H3, energy efficient SBC. Used as a firewall betwenn my ISP and internal home network. Hosts some lightweight services using full KVM virtual machines.
- `envoy/` - Hetzner Cloud server. Primarily used as my mailserver and VPN provider.
- `zackbiene/` - ODROID N2+. Hosts IoT and Home Automation stuff and fully isolates that from my internal network.
- not yet ready for publicized: my main development machine, powerful home server, some services ... (still in transition from gentoo :/)
- `modules/` additional NixOS modules that are not yet upstreamed. - `modules/` additional NixOS modules that are not yet upstreamed.
- `nix/` library functions and plumbing - `nix/` library functions and plumbing
- `apps.nix` Additional runnable actions for this flake (**WIP:** infrastructure graph renderer) - `apps.nix` Additional runnable actions for this flake (**WIP:** infrastructure graph renderer)
- `checks.nix` pre-commit-hooks for this repository - `checks.nix` pre-commit-hooks for this repository
- `colmena.nix` Setup for distributed deployment using colmena (actually defines all NixOS hosts) - `colmena.nix` Setup for distributed deployment using colmena (actually defines all NixOS hosts)
@ -30,20 +33,25 @@
- `hosts.nix` Wrapper that extracts all defined hosts from `hosts/` - `hosts.nix` Wrapper that extracts all defined hosts from `hosts/`
- `overlays/**` Local overlay packages. Subject for removal. - `overlays/**` Local overlay packages. Subject for removal.
- `overlay.nix` Overlay defintions - `overlay.nix` Overlay defintions
- `overlay.nix` Overlay defintions
- `rage-decrypt.sh` Auxiliary script for repository-wide secrets - `rage-decrypt.sh` Auxiliary script for repository-wide secrets
- `secrets.nix` Helper to access repository-wide secrets, used by colmena.nix - `secrets.nix` Helper to access repository-wide secrets, used by colmena.nix
- `secrets/` Global secrets and age identities - `secrets/` Global secrets and age identities
- `secrets.nix.age` Repository-wide global secrets. Decrypted on import via `builtins.extraBuiltins.rageImportEncrypted`. - `secrets.nix.age` Repository-wide global secrets. Decrypted on import via `builtins.extraBuiltins.rageImportEncrypted`.
- `backup.pub` Backup age identity in case I lose my YubiKey - `backup.pub` Backup age-identity in case I ever lose my YubiKey or it breaks.
- `yk1-nix-rage.pub` Master YubiKey split-identity - `yk1-nix-rage.pub` Master YubiKey split-identity. Used as a key-grab.
- `pkgs/` Custom packages and scripts - `pkgs/` Custom packages and scripts
- `users/` User account configuration via home-manager. Imported by each host separately. - `users/` User account configuration via home-manager. Imported by each host separately.
## How-To
#### Add and deploy new machine
...
#### New secret
...
## Stuff ## Stuff
This is my personal nix config. This is my personal nix config.
@ -59,7 +67,7 @@ all commands using these extra parameters, or permanently add the following the
2. Run all commands with `--option plugin-files "$NIX_PLUGINS"/lib/nix/plugins --option extra-builtins-file ./nix/extra-builtins.nix` 2. Run all commands with `--option plugin-files "$NIX_PLUGINS"/lib/nix/plugins --option extra-builtins-file ./nix/extra-builtins.nix`
or permantently or permantently
```toml ```ini
plugin-files = <copy path from $NIX_PLUGINS>/lib/nix/plugins plugin-files = <copy path from $NIX_PLUGINS>/lib/nix/plugins
extra-builtins-file = /path/to/nix-config/nix/extra-builtins.nix extra-builtins-file = /path/to/nix-config/nix/extra-builtins.nix
``` ```

24
flake.lock generated
View file

@ -28,11 +28,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1679272657, "lastModified": 1679928542,
"narHash": "sha256-oYS8byOUv43t8IIPoud6ukN1uPGixeCyXy8EKaZgN0E=", "narHash": "sha256-6ql2P9ULb4wKI5hBn94ck/zqXswJ/O5XtLS5rmnXe3k=",
"owner": "oddlama", "owner": "oddlama",
"repo": "agenix-rekey", "repo": "agenix-rekey",
"rev": "2011e042eb5908e6f37b9b621f14be3210723447", "rev": "46a38999c4dc009ef2ec759344cbe19ccf4b7b95",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -166,11 +166,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1679756596, "lastModified": 1679786039,
"narHash": "sha256-wQp7CoYqREPGssf1F0JKx2A4tScbu3iNgI1kS74ib/8=", "narHash": "sha256-VNjswu0Q4bZOkWNuc0+dHvRdjUCj+MnDlRfw/Q0R3vI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "225d1fb77e6c9f9be1ffd65c8e5eb9cf583aa698", "rev": "cf662b6c98a0da81e06066fff0ecf9cbd4627727",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -196,11 +196,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1679598117, "lastModified": 1679765008,
"narHash": "sha256-Vs1f/7imI77OkMOQhO3xgx4jalN2Gx3D3C2wmnlpWJM=", "narHash": "sha256-VCkg/wC2e882suYDS5PDAemaMLYSOdFm4fsx2gowMR0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "648021dcb2b65498eed3ea3a7339cdfc3bea4d82", "rev": "f38f9a4c9b2b6f89a5778465e0afd166a8300680",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -211,11 +211,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1679705136, "lastModified": 1679865578,
"narHash": "sha256-MDlZUR7wJ3PlPtqwwoGQr3euNOe0vdSSteVVOef7tBY=", "narHash": "sha256-sYQmxxqIYL3QFsRYjW0AufhGur8qWfwoOGPGHRJZlGc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8f40f2f90b9c9032d1b824442cfbbe0dbabd0dbd", "rev": "4361baa782dc3d3b35fd455a1adc370681d9187c",
"type": "github" "type": "github"
}, },
"original": { "original": {