I use sops to encrypt some data in git. Not all hosts and users need this, but my primary user yeldir and my primary hosts do.
Each user and each host has its own age key. So when adding a new host, it is necessary to put a list of age keys into /persist/sops/age/keys.txt or wherever configured, so that each required key is present. For example to provision yeldir@recreate, which is my main host/user combo, the age keys for user-yeldir and for host-recreate are required.
Using the nixos installer image...
- Clone this repo and cd into the quickstart folder
- Follow the quickstart instructions
- Clone this repo again to /persist/home/yeldir/querbeet/workspace/nix-config (this is later mounted into your home directory and this config assumes that's where it's installed)
- Add new host configuration and configure it according to your needs
- include the generated hardware-configuration.nix file
- don't forget to set the disko device
- Put your sops keys into
/persist/sops/age/keys.txt - Create all folders defined in hosts/common/global/persistence.nix. (I'll try to automate this)
- nboot & reboot
- Add ssh key
chmod -R 700 ~/.gnupg(I'll try to automate this)- Import private gpg key matching above fingerprint
- Create a new keyring using seahorse and mark it as default
- Reboot
- Application specific setup
- Chrome - Log in, enable sync for extensions and settings - Log into 1password
- Thunderbird - import public gpg key (this somehow can't be avoided)
qmk setup yeldiRium/qmk_firmware
This was written without testing. It might fail and after doing everything something might be missing in the persisted folders. Needs to be evaluated!
I don't know if the hardware-configuration.nix changes depending on the host system. So far I assume that WSL is identical everywhere. YMMV.
The WSL setup does not use impermanence or sops, so no further setup and no encryption keys are required.
- Prepare your system for WSL (install WSL latest version, enable optional features, whatever weird microsoft domain stuff your workstation requires)
- Add a NixOS WSL instance according to this guide and start it
- Clone this repo to ~/querbeet/workspace/nix-config, because it assumes that's where it's installed
- Set your git username/email and gpg signing key in the wsl home config
- Run
nixos-rebuild switch --flake ~/querbeet/workspace/nix-config#wsl --impure - Restart WSL to be sure
- Optional: If you want to use commit signing, import your private key
If after starting the WSL VM your user's systemd bus does not work, which sometimes happens, you can start it by restarting your user unit:
sudo systemctl restart user@1000I've built some scripts to easily manage worker servers using my nix config and to differentiate them from my work computers. I might extend this to easily setup k3s clusters or similar, but for now they're just machines that don't do anything but connect to a tailscale network.
I have a separate guide to using them.
Some parts of this config assume certain paths are present in the system, because that is how I structure my systems. These paths are:
- ~/querbeet/nextcloud
- ~/querbeet/stuff/temp
- ~/querbeet/workspace/ledger
- ~/querbeet/workspace/nix-config
- ~/querbeet/workspace/obsidian
- ~/querbeet/workspace/private/qmk_firmware
- ~/querbeet/workspace/vendor