Nix Configurations

This is my humble flakes-only collection of all and everything needed to set up and maintain all my nixified devices.

Features

• Automation scripts to setup a fresh installation and update the system easily
• Secret management in NixOS (agenix) and home-manager (homeage) with age
• nix-on-droid-managed android phone with home-manager
• Generated shell scripts are always linted with shellcheck
• Checks source code with deadnix, statix and nixpkgs-fmt (using nix-formatter-pack)
• Github Actions pipeline for aarch64-linux systems
• Every output is built with Github Actions and pushed to cachix
• Weekly automatic flake input updates committed to master when CI passes
• Automatic deployments on all NixOS systems with cachix deployment agents after successful pipeline runs

Supported configurations

• NixOS-managed
  • argon (Oracle Cloud Compute Instance)
  • krypton (private server)
  • neon (private laptop)
  • xenon (Raspberry Pi 3B+)
• home-manager-managed
  • M386 with Ubuntu 20.04 (work laptop)
  • gamer on WSL2 with Ubuntu 20.04 (windows dual boot for games and stuff)
• nix-on-droid-managed
  • oneplus5

See flake.nix for more information like system.

First installation

If any of these systems need to be reinstalled, you can run:

nix run \
  --option extra-substituters "https://gerschtli.cachix.org" \
  --option extra-trusted-public-keys "gerschtli.cachix.org-1:dWJ/WiIA3W2tTornS/2agax+OI0yQF8ZA2SFjU56vZ0=" \
  github:Gerschtli/nix-config#setup

Note:

• NixOS-managed systems should be set up like written in the NixOS manual.

Manual instructions for some systems

Raspberry Pi

1. Build image

   nix build ".#rpi-image"

2. Copy (dd) result/sd-image/*.img to sd-card
3. Inject sd-card in raspberry and boot

Update firmware

Firmware of Raspberry Pi needs to be updated manually on a regular basis with the following steps:

1. Build firmware

   nix build ".#rpi-firmware"

2. Mount /dev/disk/by-label/FIRMWARE
3. Create backup of all files
4. Copy result/* to firmware partition (ensure that old ones are deleted)
5. Unmount and reboot

Ubuntu 20.04

# update and install system packages
sudo apt update
sudo apt upgrade
sudo apt install zsh

# install nix setup
sh <(curl -L https://nixos.org/nix/install) --no-channel-add --no-modify-profile
. ~/.nix-profile/etc/profile.d/nix.sh
nix run \
  --extra-experimental-features "nix-command flakes" \
  --option extra-substituters "https://gerschtli.cachix.org" \
  --option extra-trusted-public-keys "gerschtli.cachix.org-1:dWJ/WiIA3W2tTornS/2agax+OI0yQF8ZA2SFjU56vZ0=" \
  github:Gerschtli/nix-config#setup

# download and install UbuntuMono from nerdfonts.com

# set login shell
chsh -s /bin/zsh

# configure inotify watcher
echo "fs.inotify.max_user_watches = 524288" | sudo tee /etc/sysctl.d/local.conf

# set default shell (needed if using home-manager to setup xsession)
sudo ln -snf bash /bin/sh

Oracle Cloud ARM Compute Instance

1. Create final boot volume
   1. Create any instance
   2. Detach boot volume
2. Create bootstrap instance
   1. Create "VM.Standard.A1.Flex"
      1. with Ubuntu 20.04
      2. 1 OCPUs and 6 GB of memory
      3. set ssh public key
      4. Attach previously created boot volume as block volume (via ISCSI)
   2. ssh into instance with ubuntu user
   3. Login as root
   4. Set ssh public key in /root/.ssh/authorized_keys and run nixos-infect:

      cat /home/ubuntu/.ssh/authorized_keys > /root/.ssh/authorized_keys
      curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-22.05 bash -x

   5. ssh into instance with root user
   6. Add the following to /etc/nixos/configuration.nix:

      {
        boot.loader.grub.efiSupport = true;
        boot.loader.grub.device = "nodev";
        services.openiscsi.enable = true;
        services.openiscsi.name = "x";
      }

   7. Activate with nixos-rebuild switch
   8. Copy and run ISCSI mount commands from Oracle Cloud WebUI
   9. Install NixOS like described in NixOS manual with following options:

      {
        services.openssh.enable = true;
        services.openssh.permitRootLogin = "yes";
      }

   10. Copy and run ISCSI unmount commands from Oracle Cloud WebUI
   11. Detach volume in Oracle Cloud WebUI
3. Create final instance
   1. Create instance of previously created boot volume
   2. ssh into instance with root user and password
   3. Run setup script like

      nix run \
        --extra-experimental-features "nix-command flakes" \
        --option extra-substituters "https://gerschtli.cachix.org" \
        --option extra-trusted-public-keys "gerschtli.cachix.org-1:dWJ/WiIA3W2tTornS/2agax+OI0yQF8ZA2SFjU56vZ0=" \
        github:Gerschtli/nix-config#setup

Note: This is all needed to be able to partition the volume to have more than 100MB available in /boot. The boot volume of the bootstrap instance can be reused at any time.

TODOs

• NixOS setup script: /home/tobias/.age is missing
• Provide ISO-images for NixOS configurations
• Set up nixos-shell and similar for an ubuntu image to easily test setup script