NixOS

NixOS¶

Configurations:
Plex configuration for NixOS
Good Configuration
Walk through on Making a gaming config
Kubernetes Servers

Tools:
Install Nixos Through SSH

Rebuild System:

#rebuild system to force changes
sudo nixos-rebuild switch

#test out system first
sudo nixos-rebuild test

#Rebuild with flake
sudo nixos-rebuild switch --flake /etc/nixos#default

Install single packages:

export NIXPKGS_ALLOW_INSECURE=1 ; nix-env -iA nixpkgs.sublime4

Delete packages after 15 days:

sudo nix-collect-garabge --delete-older-than 15d

Install with nix-anywhere¶

Install with the target OS running the Nixos Live CD without an OS.

Steps:

#Get target IP
ip addr

#Change Password
passwd

#Generate Disk Encryption Key
dd bs=512 count=4 if=/dev/random of=/tmp/crypto_keyfile.bin iflag=fullblock

#Run Nix on
nix run github:nix-community/nixos-anywhere --extra-experimental-features "nix-command flakes" -- --flake '.#devvm' --disk-encryption-keys /tmp/crypto_keyfile.bin /tmp/crypto_keyfile.bin [email protected]

Install from Scratch¶

#Make Partitions with disko
sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko /tmp/disk-config.nix

#Set Secure Boot
#sudo nix run nixpkgs#sbctl create-keys --extra-experimental-features nix-command --extra-experimental-features flakes


#Install Bootloader 
sudo nixos-rebuild --install-bootloader boot


#

Secure Boot¶

Requires UEFI mode and systemd-boot

VM Options tab -> Boot Options -> Secure Boot

Setup:

#Check UEFI
bootctl status


#install Secure Boot Key Manager 
nix-env -iA pkgs.sbctl

#Create keys
sudo sbctl create-keys

#Install niv
niv add nix-community/lanzaboote -r v0.4.1 -v 0.4.1


#Check configurations
sudo nixos-rebuild test

#Verify Secure Boot
sudo sbctl verify

#reboot

# Enroll Microsoft key
sudo sbctl enroll-keys --microsoft

#reboot

Encrypted Drive¶

Nix Shell¶

Install a package for a single command:

nix shell nixpkgs#age -c age-keygen -o ~/.config/sops/age/keys.txt

Start environment for a set of tools:

Home Manager¶

Install Home-manager¶

#Update /etc/nixos/configuration.nix to install 

#Generate /etc/nixos/flake

Home-mamager commands¶

Update user config:

Home-manager switch

Secret Management¶

agenix - age-encrypted secrets for NixOS

Config Biased on Hostname¶

{ config, ... }:
mkMerge [{
  # main config options
}
(mkIf config.networking.hostName == "x" {
  # ...
})
(mkIf config.networking.hostName != "x" {
  # ...
})];