- Update
flake.lock
and commit:nix flake update --commit-lock-file
- Shortcut:
doit up
- Shortcut:
- Run a check:
nix flake check --no-build
- Shortcut:
doit check
- Shortcut:
- Rebuild the local host:
nh os boot -a
(orswitch
)nh home switch -a .
- Without
nh
:sudo nixos-rebuild boot
(orswitch
)home-manager switch
- Auto-format:
nix fmt
To make this the default configuration for a machine, make a symbolic link
from the flake to /etc/nixos
:
ln -s $(pwd)/flake.nix /etc/nixos/
# for remote machines:
ln -s /home/samh/nixos-sync/flake.nix /etc/nixos/flake.nix
It looks like you should be able to do the same for Home Manager:
mkdir -p ~/.config/home-manager
ln -s $(pwd)/flake.nix ~/.config/home-manager/
Things that are not included in the Nix configuration
- User password
- Tailscale:
sudo tailscale up [options...]
sudo tailscale up --accept-routes
(to enable subnet routes)--accept-dns=false
(to disable MagicDNS)- I've had some issues with it; also local Blocky DNS automatically forwards Tailnet queries to Tailscale DNS
- To disable later:
sudo tailscale set --accept-dns=false
- Wireless networks (could be declared; see for example https://github.com/Misterio77/nix-config/blob/main/hosts/common/optional/wireless.nix)
I'm working on switching to sops-nix
for secrets management; see hosts/goomba.
/root/.ssh/id_ed25519.pub
- root's SSH keyssh-keygen -t ed25519
- Needs to be added to BorgBase
/root
- used for secrets that should only be readable by the root user, since only root can read it by default.- Borg passphrases for each repo
/root/borg-pass
(default)
/root/borgmatic.env
:HEALTHCHECKS_URL=https://hc-ping.com/...
- Or just
touch /root/borgmatic.env
if not needed
/root/acme.env
- secrets for ACME certificates (Let's Encrypt)- Credentials for mounting Samba shares:
root@nixos-2022-desktop ~# cat /root/smb-secrets username=samh password=password-here
- Borg passphrases for each repo
- BorgBase - repos need to be initialized
sudo borgmatic init -e repokey-blake2
- Usually stored under
/var/lib
for each service- In particular, the systemd option
StateDirectory
creates a directory under/var/lib
for the service - When
DynamicUser=true
, it will be under/var/lib/private
with a symbolic link under/var/lib
.
- In particular, the systemd option
Since nixos-rebuild
defaults to the flake pointed at by a symbolic link at
/etc/nixos/flake.nix
and the configuration matching the hostname, we should
normally be able to do a rebuild with the usual command, for example:
sudo nixos-rebuild boot
# or switch, etc.
I haven't found a remote management solution that I like yet, so I'm using
plain ssh
for now with a simple wrapper script, which runs from each
machine's subdirectory:
./hosts/yoshi/nixos-rebuild.sh boot
This has the advantage of being able to use nh
to get nice-looking output.
Each machine has its own subdirectory, which is included from the main
flake.nix
.
Shared modules are stored under the include
subdirectory
(for lack of a better name).
options.my
/config.my
refers to my personal configurations (i.e. things that are locally defined, local to the repo)
If flake.nix
is linked into the right place as shown in the initial setup,
then we should be able to call home-manager
without specifying the
flake explicitly:
home-manager switch