NixOS-Configuration

My personal NixOS-Configuration, including public keys.

My intent here is to build a reliable way to deploy my workstation, and surrounding homelab (and further surrounding infrastructure) using NixOS, with the hope this may later be expandable to other technological integrations. This repository now allows me to deploy to any hardware, with my expected environment.

So; here's a little summary for the TL;DR types.

Every machine is deployed via VPN, with the command "nix run .#machine-name"
Every machine is fully RAGE-secret encrypted (sops is basically a kids toy full of vulnerabilitites at this point in comparison to secrix @pinktrink keeps the world turning)
My greatest weakness is watching ubuntu users, WSL users, and Mac users prove, endlessly, that Nix is superior.

P.s.

IF THIS CONFIG SAVES YOUR ASS FROM A FIRE; JUST LET ME KNOW I'M NOT ALONE OUT HERE. ONE LITTLE MESSAGE TO LET ME KNOW IT WAS WORTH IT :)

Adding a New Machine

Imperatively install NixOS on new host (nixos-install).
$ scp user@host-ip:/etc/nixos/* ./machines/new-host/; mv machines/new-host/configuration.nix machines/new-host/default.nix
Edit default.nix: { config, lib, pkgs, self, hostname, ... }: { networking.hostName = hostname; /* imports, envs, secrix.services.wireguard... */ }
$ scp user@host-ip:/etc/ssh/ssh_host_ed25519.pub ./secrets/public_keys/host_keys/new-host.pub
Local WG: $ wg genkey | tee priv | wg pubkey > pub; nix run .#secrix create ./secrets/wireguard/wg_new-host -- -u John88 < priv
./lib/wg_peers.nix consumes the attrset from ./cortex-alpha/default.nix - peerlist : "new-host" = "90"; (pick free IP 10.88.127.X)
flake.nix: new-host = mkX86_64 "new-host" { host = "10.88.127.90"; };
Test: $ nix fmt; nix flake check; nixos-rebuild build --flake .#new-host

Notes:

First deploy via public IP using the settings sshUser sshPort and host under nixinate in flake.nix: then nix run .#new-host to 'test' deploy.
Then setup deploy user/VPN.

VPN

simplified heavily by using the module ./modules/enable-wg.nix

TODO

Configure IPv6 forwarding
Document Nixinate usage
Make enable-wg.nix, cortex-alpha/default.nix and wg_peers.nix both consume the same IP postfix-configuration.
Implement LDAP authentication
Automate scraper configuration
Implement GPG-based SSH authentication
Continue library-splitting efforts

Name		Name	Last commit message	Last commit date
Latest commit History 738 Commits
.opencode		.opencode
ascetics_bin		ascetics_bin
documentation		documentation
dotfiles		dotfiles
environments		environments
kalymos		kalymos
lib		lib
locale		locale
machines		machines
modifier_imports		modifier_imports
modules		modules
secrets		secrets
server_services		server_services
services		services
snippets		snippets
users		users
webroot		webroot
.gitignore		.gitignore
AGENTS.md		AGENTS.md
LICENSE		LICENSE
README.md		README.md
configuration.nix		configuration.nix
flake.lock		flake.lock
flake.nix		flake.nix

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

NixOS-Configuration

IF THIS CONFIG SAVES YOUR ASS FROM A FIRE; JUST LET ME KNOW I'M NOT ALONE OUT HERE. ONE LITTLE MESSAGE TO LET ME KNOW IT WAS WORTH IT :)

Adding a New Machine

VPN

TODO

About

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

NixOS-Configuration

IF THIS CONFIG SAVES YOUR ASS FROM A FIRE; JUST LET ME KNOW I'M NOT ALONE OUT HERE. ONE LITTLE MESSAGE TO LET ME KNOW IT WAS WORTH IT :)

Adding a New Machine

VPN

TODO

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Contributors

Uh oh!

Languages