fireproof/nixos
1
0
Fork 0
mirror of https://github.com/nickolaj-jepsen/nixos.git synced 2026-01-22 08:06:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: more wsl tweaks

Browse source
This commit is contained in:
Nickolaj Jepsen 2025-12-14 04:09:59 +01:00
parent 50289dcc0d
commit 72a3dc6c5a
10 changed files with 104 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

40
README.md
View file

@ -57,16 +57,13 @@ just bootstrap-flash /dev/sdX
```
This creates:
- `hosts/<hostname>/` directory
- `secrets/hosts/<hostname>/` with SSH keys
- `hosts/<hostname>/default.nix` file which you should edit
- `secrets/hosts/<hostname>/` directory with SSH keys
2. Add host configuration in `hosts/default.nix`:
```nix
<hostname> = mkSystem {
hostname = "<hostname>";
username = "<username>";
};
<hostname> = mkSystem { host = .<hostname>; };
```
3. Create required files in `hosts/<hostname>/`:
@ -87,6 +84,37 @@ just bootstrap-flash /dev/sdX
just secret-rekey
```
> [!TIP]
> If you upload the public key (`secrets/hosts/<hostname>/id_ed25519.pub`) to GitHub, you can pull & push directly from the new host.
## Deploying
### Nixos ISO install
A simple way to install a new machine is to use the official [NixOS ISO](https://nixos.org/download/) to prepare a machine
Copy the private SSH key for the new host to `/etc/ssh/ssh_host_ed25519_key`
Enable flakes support in `/etc/nixos/configuration.nix`
```nix
{
nix = {
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
}
```
Then run:
```bash
$ nix develop
$ just switch <hostname>
```
## Secret Management
Secrets are managed with [agenix](https://github.com/ryantm/agenix) + [agenix-rekey](https://github.com/oddlama/agenix-rekey), using a YubiKey as the master identity.