Nix Configurations

This is my humble flakes-only collection of all and everything needed to set up and maintain all my nixified devices.

Features

• Automation scripts to setup a fresh installation and update the system easily
• Secret management in NixOS (agenix) and home-manager (homeage) with age
• nix-on-droid-managed android phone with home-manager
• One system (neon) set up with ephemeral root directory using impermanence and btrfs
• Generated shell scripts are always linted with shellcheck
• Checks source code with deadnix, statix and nixpkgs-fmt (using nix-formatter-pack)
• Github Actions pipeline for aarch64-linux systems
• Every output is built with Github Actions and pushed to cachix
• Weekly automatic flake input updates committed to master when CI passes
• Automatic deployments on all NixOS systems with cachix deployment agents after successful pipeline runs

Supported configurations

• NixOS-managed
  • argon (Oracle Cloud Compute Instance)
  • krypton (private server)
  • neon (private laptop)
  • xenon (Raspberry Pi 3B+)
• home-manager-managed
  • bwpm-FP2CYXKY2V
  • gamer on WSL2 with Ubuntu 20.04 (windows dual boot for games and stuff)
  • R2026
• nix-on-droid-managed
  • pixel7a

See flake.nix for more information like system.

First installation

If any of these systems need to be reinstalled, you can run:

nix run \
  --extra-experimental-features "nix-command flakes" \
  github:Gerschtli/nix-config#setup

Manual instructions for some systems

Darwin

# Install nix via Determinate Nix Installer https://determinate.systems/posts/determinate-nix-installer
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install

echo "trusted-users = $USER" | sudo tee -a /etc/nix/nix.conf
sudo launchctl stop org.nixos.nix-daemon
sudo launchctl start org.nixos.nix-daemon

# see and execute files/scripts/darwin-setup.sh

nix run github:Gerschtli/nix-config#setup

NixOS

1. Set up like written in the NixOS manual with image from nix build ".#installer-image"
2. Add the following to configuration.nix:

   {
    users.users.root.password = "nixos";
    users.users.tobias = {
      password = "nixos";
      isNormalUser = true;
      extraGroups = [ "wheel" ];
    };
   }

3. When booted in the new NixOS system, login as tobias and run setup script

Raspberry Pi

1. Build image

   nix build ".#rpi-image"

2. Copy (dd) result/sd-image/*.img to sd-card
3. Inject sd-card in raspberry and boot
4. When booted in the new NixOS system, login as tobias and run setup script

Update firmware

Firmware of Raspberry Pi needs to be updated manually on a regular basis with the following steps:

1. Build firmware

   nix build ".#rpi-firmware"

2. Mount /dev/disk/by-label/FIRMWARE
3. Create backup of all files
4. Copy result/* to firmware partition (ensure that old ones are deleted)
5. Unmount and reboot

Ubuntu 20.04

# update and install system packages
sudo apt update
sudo apt upgrade
sudo apt install zsh

# install nix setup
sh <(curl -L https://nixos.org/nix/install) --no-channel-add --no-modify-profile
. ~/.nix-profile/etc/profile.d/nix.sh
nix run \
  --extra-experimental-features "nix-command flakes" \
  github:Gerschtli/nix-config#setup

# download and install UbuntuMono from nerdfonts.com

# set login shell
chsh -s /bin/zsh

# configure inotify watcher
echo "fs.inotify.max_user_watches = 524288" | sudo tee /etc/sysctl.d/local.conf

# set default shell (needed if using home-manager to setup xsession)
sudo ln -snf bash /bin/sh

Oracle Cloud ARM Compute Instance

1. Create final boot volume

   1. Create any instance
   2. Detach boot volume

2. Create bootstrap instance

   1. Create "VM.Standard.A1.Flex"

      1. with Ubuntu 20.04
      2. 1 OCPUs and 6 GB of memory
      3. set ssh public key
      4. Attach previously created boot volume as block volume (via ISCSI)

   2. ssh into instance with ubuntu user

   3. Login as root

   4. Set ssh public key in /root/.ssh/authorized_keys and run nixos-infect:

      cat /home/ubuntu/.ssh/authorized_keys > /root/.ssh/authorized_keys
      curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-22.05 bash -x

   5. ssh into instance with root user

   6. Add the following to /etc/nixos/configuration.nix:

      {
      boot.loader.grub.efiSupport = true;
      boot.loader.grub.device = "nodev";
      services.openiscsi.enable = true;
      services.openiscsi.name = "x";
      }

   7. Activate with nixos-rebuild switch

   8. Copy and run ISCSI mount commands from Oracle Cloud WebUI

   9. Partion mounted boot volume

   10. Install NixOS like described in NixOS manual with following options:

       {
       services.openssh.enable = true;
       services.openssh.settings.PermitRootLogin = "yes";
       
       users.users.root.password = "nixos";
       users.users.tobias = {
         password = "nixos";
         isNormalUser = true;
         extraGroups = [ "wheel" ];
       };
       }

   11. Copy and run ISCSI unmount commands from Oracle Cloud WebUI

   12. Detach volume in Oracle Cloud WebUI

3. Create final instance

   1. Create instance of previously created boot volume
   2. ssh into instance with tobias user and password
   3. Run setup script

Note: This is all needed to be able to partition the volume to have more than 100MB available in /boot. The boot volume of the bootstrap instance can be reused at any time.