forked from mirrors_public/oddlama_nix-config
chore: nixos → mynixos; -preview; urls changed; +line breaks (in new default branch: mynixos)
This commit is contained in:
parent
5fc809f4d6
commit
ab677d810b
1 changed files with 11 additions and 21 deletions
32
README.md
32
README.md
|
@ -1,11 +1,8 @@
|
||||||
[Hosts](#hosts) \| [Overview](#overview) \| [Structure](./STRUCTURE.md)
|
[Hosts](#hosts) \| [Overview](#overview) \| [Structure](./STRUCTURE.md)
|
||||||
|
|
||||||

|
## ❄️ `mynixos`, a NixOS Infrastructure Configuration
|
||||||
|
|
||||||
## ❄️ My NixOS Configuration
|
This is my personal nix config which I use to maintain my whole infrastructure, including my homelab, external servers and my development machines.
|
||||||
|
|
||||||
This is my personal nix config which I use to maintain my whole infrastructure,
|
|
||||||
including my homelab, external servers and my development machines.
|
|
||||||
|
|
||||||
## Hosts
|
## Hosts
|
||||||
|
|
||||||
|
@ -22,9 +19,7 @@ including my homelab, external servers and my development machines.
|
||||||
|
|
||||||
## Overview
|
## Overview
|
||||||
|
|
||||||
An overview over what you will find in this repository. I usually put a lot of
|
An overview over what you will find in this repository. I usually put a lot of effort into all my configurations and try to go over every option in detail. I've included the major components in the lists below.
|
||||||
effort into all my configurations and try to go over every option in detail.
|
|
||||||
I've included the major components in the lists below.
|
|
||||||
|
|
||||||
#### Dotfiles
|
#### Dotfiles
|
||||||
|
|
||||||
|
@ -93,11 +88,9 @@ I've included the major components in the lists below.
|
||||||
|
|
||||||
## Structure
|
## Structure
|
||||||
|
|
||||||
If you are interested in parts of my configuration,
|
If you are interested in parts of my configuration, you probably want to examine the contents of `users/`, `config/`, `modules/` and `hosts/`.
|
||||||
you probably want to examine the contents of `users/`, `config/`, `modules/` and `hosts/`.
|
Also, a lot of interesting modules have been moved to [mynixos-extra-modules](https://git.mediani.de/sokai/mynixos-extra-modules), a separate repository specifically for reusable stuff.
|
||||||
Also, a lot of interesting modules have been moved to [nixos-extra-modules](https://github.com/oddlama/nixos-extra-modules), a separate repository specifically for reusable stuff.
|
The full structure of this flake is described in [STRUCTURE.md](./STRUCTURE.md), but here's a quick breakdown of the what you will find where.
|
||||||
The full structure of this flake is described in [STRUCTURE.md](./STRUCTURE.md),
|
|
||||||
but here's a quick breakdown of the what you will find where.
|
|
||||||
|
|
||||||
| | |
|
| | |
|
||||||
|---|---|
|
|---|---|
|
||||||
|
@ -114,7 +107,7 @@ but here's a quick breakdown of the what you will find where.
|
||||||
|
|
||||||
#### Add new machine
|
#### Add new machine
|
||||||
|
|
||||||
... incomplete.
|
… incomplete.
|
||||||
|
|
||||||
- Add <name> to `hosts` in `flake.nix`
|
- Add <name> to `hosts` in `flake.nix`
|
||||||
- Create hosts/<name>
|
- Create hosts/<name>
|
||||||
|
@ -138,14 +131,13 @@ Afterwards:
|
||||||
|
|
||||||
#### New secret
|
#### New secret
|
||||||
|
|
||||||
...
|
…
|
||||||
|
|
||||||
## Stuff
|
## Stuff
|
||||||
|
|
||||||
- Generate, edit and rekey secrets with `agenix <generate|edit|rekey>`
|
- Generate, edit and rekey secrets with `agenix <generate|edit|rekey>`
|
||||||
|
|
||||||
To be able to decrypt the repository-wide secrets (files that contain my PII and are thus hidden from public view),
|
To be able to decrypt the repository-wide secrets (files that contain my PII and are thus hidden from public view), you will need to <sub>(be me and)</sub> add nix-plugins and point it to `./nix/extra-builtins.nix`.
|
||||||
you will need to <sub>(be me and)</sub> add nix-plugins and point it to `./nix/extra-builtins.nix`.
|
|
||||||
The devshell will do this for you automatically. If this doesn't work for any reason, this can also be done manually:
|
The devshell will do this for you automatically. If this doesn't work for any reason, this can also be done manually:
|
||||||
|
|
||||||
1. Get nix-plugins: `NIX_PLUGINS=$(nix build --print-out-paths --no-link nixpkgs#nix-plugins)`
|
1. Get nix-plugins: `NIX_PLUGINS=$(nix build --print-out-paths --no-link nixpkgs#nix-plugins)`
|
||||||
|
@ -153,10 +145,8 @@ The devshell will do this for you automatically. If this doesn't work for any re
|
||||||
|
|
||||||
## Misc
|
## Misc
|
||||||
|
|
||||||
Generate self-signed cert, e.g. for kanidm internal communication to proxy:
|
Generate self-signed cert, e. g. for Kanidm internal communication to proxy:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
|
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout selfcert.key -out selfcert.crt -subj "/CN=example.com" -addext "subjectAltName=DNS:example.com,DNS:sub1.example.com,DNS:sub2.example.com,IP:10.0.0.1"
|
||||||
-keyout selfcert.key -out selfcert.crt -subj \
|
|
||||||
"/CN=example.com" -addext "subjectAltName=DNS:example.com,DNS:sub1.example.com,DNS:sub2.example.com,IP:10.0.0.1"
|
|
||||||
```
|
```
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue