Screenshot updated: 2024-07-15
Install
To install NixOS on any of my devices I now use nixos-anywhere.
You will need to be able to SSH to the target machine from where this command will be run. Load nix installer ISO if
no OS on the device. You need to copy ssh keys onto the target machine
mkdir -p ~/.ssh && curl https://github.com/hmajid2301.keys > ~/.ssh/authorized_keys in my case I can copy them from GitHub.
git clone git@github.com:hmajid2301/nixicle.git ~/nixicle/
cd nixcile
nix develop
nixos-anywhere --flake '.#workstation' nixos@192.168.1.8 # Replace with your IPAfter building it you can copy the ISO from the result folder to your USB.
Then run nix_installer, which will then ask you which host you would like to install.
To build my config for a specific host you can do something like:
git clone git@github.com:hmajid2301/nixicle.git ~/nixicle/
cd nixicle
nix develop
# To build system configuration (uses hostname to build flake)
nh os switch
# To build user configuration (uses hostname and username to build flake)
nh home switch
# Build ISO in result/ folder
nix build .#iso-graphical
# Deploy my to remote server i.e. Home Lab (using SSH)
deploy .#ms01 --hostname ms01 --ssh-user nixos --skip-checks
# Build Home Lab diagram using nix-topology
nix build .#topology.config.output
# Build docker image used in ci
nix build .#containers-ci
# Run neovim
nix run .#homeConfigurations."haseeb@workstation".config.nixCats.out.packages.nixCats
# Build docker image used in ci
nix build .#containers-ciSome features of my config:
- Structured to allow multiple NixOS configurations, including desktop, laptop and homelab
- Custom live ISO for installing NixOS
- Styling with stylix
- Opt-in persistance through impermanence + blank snapshot
- Encrypted BTRFS partition
- Secure Boot with lanzaboote
- sops-nix for secrets management
- Different environments like niri, hyprland and gnome
- Custom Neovim setup declaratively using NixCats
- Homelab all configured in nix.
After deploying the system, OpenBao requires manual setup for AppRole authentication:
# Login with admin credentials (password is in SOPS secrets.yaml)
curl -X POST http://127.0.0.1:8200/v1/auth/userpass/login/admin \
-H "Content-Type: application/json" \
-d '{"password":"<OPENBAO_ADMIN_PASSWORD>"}' | jq -r '.auth.client_token'cd infra/tf
mv backend.tf backend.tf.disabled # Disable remote backend
tofu init
# Create terraform.tfvars with admin token
cat > terraform.tfvars << EOF
openbao_address = "http://127.0.0.1:8200"
openbao_token = "<admin-token-from-step-1>"
# ... add other required variables
EOF
# Apply Spindle AppRole resources
tofu apply -target=vault_auth_backend.approle \
-target=vault_mount.spindle \
-target=vault_policy.spindle \
-target=vault_approle_auth_backend_role.spindle \
-target=vault_approle_auth_backend_role_secret_id.spindle# Get the credentials from Terraform
tofu output spindle_role_id
tofu output -raw spindle_secret_id
# Add to modules/nixos/services/secrets.yaml
sops modules/nixos/services/secrets.yaml
# Add: spindle_role_id and spindle_secret_idUpdate modules/nixos/services/openbao/proxy.nix to use SOPS secrets, then rebuild:
nh os switch- Dot icons created by Roundicons - Flaticon
- You can read more about my dotfiles and development workflows on my blog here (#ShamelessPlug).
- Wallpaper From Catppuccin Discord
- Galaxy: https://discord.com/channels/907385605422448742/1199293891392852009
- Old Catppuccin wallpaper: https://github.com/Gingeh/wallpapers
- Catppuccino: https://discord.com/channels/907385605422448742/1130546126374838342
- Catppuccino: https://discord.com/channels/907385605422448742/1130546126374838342
- Snowfall config: https://github.com/jakehamilton/config?tab=readme-ov-file
- More snowfall config: https://github.dev/khaneliman/khanelinix/blob/f4f4149dd8a0fda1c01fa7b14894b2bcf5653572/flake.nix
- My original structure and nixlang code: https://github.com/Misterio77/nix-config
- Waybar & scripts: https://github.dev/yurihikari/garuda-sway-config
- Neovim UI: https://github.com/NvChad/nvchad
- README: https://github.com/notohh/snowflake/tree/master
- README table: https://github.com/wimpysworld/nix-config