This respository hosts my servers and desktops nixos configuration It uses sops-nix disko home-manager with flakes Updates are built by github actions and deployed to servers using cachix-deploy
| Name | location | hardware | role |
|---|---|---|---|
| ocr1 | oci | arm64 4cpu 24G ram 60G ssd | k3s master |
| tiny1 | oci | amd64 2cpu 1G ram 60G ssd | k3s agent |
| tiny2 | oci | amd64 2cpu 1G ram 60G ssd | k3s agent |
| rp | home | rpi4b with 4gb ram | k3s cluster (solo) |
| laptop-nix | with me | dell xps16 9520 (i7 12700H 32G ram 1TB ssd) | daily driver |
| surface-nix | with me | Surface Pro 5 | handwritten notes |
- Create a file in
/etc/cachix-agent.token
CACHIX_AGENT_TOKEN=<token>
- Get the new public age key of the server
nix-shell -p ssh-to-age --run 'ssh-keyscan <ipAdress> | ssh-to-age'- Change public key of server in
.sops.yaml - Update keys for secrets
nix-shell -p sops --run "sops updatekeys nixos/_mixins/k3s/ocr-secrets.yml"-
Updates hosts in
hosts.nix -
If the host has
netdatarun the following command to enroll the node
sudo netdata-claim.sh
- Provision a new instance with ubuntu
- Connect via ssh and copy
authorized_keysto the root user - Login with root user
- Run the nixos-infect script:
curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-23.05 bash -x- Connect via the root user and change nix-config partitions uuids by looking at the
hardware-configuration.nixfile - Make common modification
- Apply custom nix config over the new node
nixos-rebuild --target-host root@tiny1 --flake ~/nix-config/.#tiny1 switch- Build a sd-card image out of the config
nix run nixpkgs#nixos-generators -- -f sd-aarch64 --flake .#rp --system aarch64-linux -o ../pi.sd- Make common modifications