Homelab hardware: ThinkCenter M710q Tiny, Intel i5-7500T and 8GB RAM
This repo contains the Nix configurations for my homelab, AMD Ryzen desktop, M1 MacBook Air, and work WSL setup.
- βοΈ Nix flakes handle upstream dependencies and track latest stable release of Nixpkgs (currently 24.05)
- π home-manager manages dotfiles
- π nix-darwin manages MacBook
- π€« sops-nix manages secrets
- π Remote initrd unlock system to decrypt drives on boot
- π¬οΈ Root on tmpfs aka impermanence
- π Automatic Let's Encrypt certificate registration and renewal
- 𧩠Tailscale, Nextcloud, Jellyfin, Homebridge, Scrypted, among other nice self-hosted applications
- β‘οΈ
justfilecontains useful aliases for many frequent and atrociously longnixcommands - π€
flake.lockupdated daily via GitHub Action, servers are configured to automatically upgrade daily viamodules/nixos/auto-update.nix - 𧱠Modular architecture promotes readability for me and copy-and-paste-ability for you
- π¦ Custom ready-made tarball and ISO for installing NixOS-on-WSL and NixOS, respectively
On macOS, this script will install nix using the
Determinate Systems Nix installer and
prompt you to install my configuration.
Important
You'll need to run this script as sudo or have sudo permissions.
bash -c "$(curl -fsSL https://raw.githubusercontent.com/eh8/chenglab/main/install.sh)"Important
You'll need to run this script as sudo or have sudo permissions.
Warning
This script is primarily meant for my own use. Using it to install NixOS on your own hardware will fail. At minimum, you'll need to do the following before attemping installation:
- Create a configuration for your own device in the
machines/folder - Retool your own sops-nix secrets or remove them entirely if you don't use sops-nix
- Add an entry to flake.nix referencing the configuration created in step 1
On Linux, running this script from the NixOS installation ISO will prepare your system for NixOS by partitioning drives and mounting them.
bash -c "$(curl -fsSL https://raw.githubusercontent.com/eh8/chenglab/main/install.sh)"Tip
When installing NixOS onto a headless local server, place your own custom NixOS ISO file onto a USB drive with Ventoy. Ventoy can automatically load the NixOS ISO file, and you can enable connectivity by building your own custom ISO with your own personal SSH key. The custom ISO released in this repo is baked with my own key.
- Enable WSL if you haven't done already:
wsl --install --no-distribution-
Download
nixos-wsl.tar.gzfrom the latest release. -
Import the tarball into WSL:
wsl --import NixOS $env:USERPROFILE\NixOS\ nixos-wsl.tar.gz- You can now run NixOS:
wsl -d NixOSInstall just to access the simple aliases below
just deploy macosjust deploy MACHINETo remotely deploy MACHINE, which has an IP address of 10.0.10.2
just deploy MACHINE 10.0.10.2Make sure each machine's public key is listed as entry in .sops.yaml. To
modify secrets/secrets.yaml:
just secrets-editjust secrets-syncTo modify user password, first generate a hash
echo "password" | mkpasswd -m SHA-512 -sThen run just edit-secrets to replace the existing decrypted hash with the one
that you just generated. If you use a password manager, sure to update the new
password as necessary.
Make sure you update the public key as it appears across the repository.
Make sure the Determinate Nix installer one-liner in install.sh is consistent
with how it appears on the official website.
- Secure boot
- Binary caching
- Wireless remote unlocking
- An outstanding beginner friendly introduction to NixOS and flakes
- Conditional implementation
- Error when using lib.mkIf and lib.mkMerge to set configuration based on hostname
- Handling Secrets in NixOS: An Overview
- NixOS β: tmpfs as root
- NixOS on Hetzner Dedicated
- Setting up Nix on macOS
- Users.users..packages vs home-manager packages
- Declaratively manage dock via nix
- Dealing with post nix-flake god complex