| homes/x86_64-linux/rafiq | ||
| lib | ||
| modules | ||
| packages | ||
| secrets | ||
| systems/x86_64-linux | ||
| .gitignore | ||
| .sops.yaml | ||
| flake.lock | ||
| flake.nix | ||
| hostSpec.nix | ||
| README.md | ||
Pantheon
This repository serves as a flake for storing nixos and nix-darwin configurations.
Planning
To-do
- Copy over ~/.ssh/id_ed25519 and zellij status bar plugin confirmation
- Migrate immich to apollo, point to helios
- Migrate LibreChat to apollo, maintain db
- Figure out wakapi
- Add forgejo
- Add simple blog
Versions
- 1.0.0
- Setup desktop as hypervisor with nixos and win11
- Spare drive as steam library
- GPU passthrough to either system
- Always running, VMs spun down except when in use
- Apollo as hypervisor
- VMs for docker host, home-assistant, bare metal or containerised services
- Automated backups for home and state directories
- Ability to build VMs of all systems and implement integration tests
- Staging VMs for ad-hoc testing
- All servers set up with following services:
- Git server
- Chat app
- Network shares
- Federation with ActivityPub
- Wakapi
- Add a way to define services per host and refer to them by hostname
- helios as file and db server, apollo as services and reverse proxy
- Setup desktop as hypervisor with nixos and win11
- 0.3.0
- Integration tests for all services
- Migrate services from helios
Structure
- Each system configuration should be defined by a list of profiles, e.g. desktop, docker, server, etc.
- Each service should work with contracts e.g. reverse proxy provider and subscriber, databases, etc.
- Each system configuration should have an ephemeral root directory built from the nixosConfiguration at boot.
- Servers should be as minimal as possible (to reduce attack surface)
- All systems should be able to build as VMs
- CI should be set up for updating packages and testing in VMs
- Home configurations should work across darwin and nixos
- Home configurations should be dotfiles only, and packages should be configured from the system config (tentative)
- Packages should only be installed to the path if they are actively used. One use programs should be used via comma or scripts calling their packages.
Modules
The nixosModules and homeModules exposed by this flake are slightly out of the norm.
Option declarations for user specific configuration are kept to:
- homeModules for CLI
- nixosModules for desktop
System configurations, to this end, should include the window manager, lockscreen, terminal etc. for that system.
These desktop programs will be configured in home-manager for each user, but those configurations consult the osConfig variable passed in by home-manager.
System Setup
The following files are required for system activation:
- /persist/home/${mainUser}/.ssh/id_ed25519
This private key will be used by sops-nix to decrypt the secrets in this encrypted file. The secrets inside the yaml file should also be set, or otherwise removed alongside their declarations , found here and references.
# On the target machine
# Boot into the NixOS installer
sudo passwd
# On the host machine
deploy --user "rafiq" --ip "10.10.0.102" --hostname "apollo"
From a Local NixOS Installer
The installation may run out of space when installing from an install ISO. In that case, use Disko to format the drives first, then create a /mnt/tmp directory and set it as TMPDIR for nixos-install.
sudo su
nix --extra-experimental-features "nix-command flakes" run github:nix-community/disko/master -- --mode destroy,format,mount --flake github:rrvsh/pantheon#<HOSTNAME>
# Copy SSH key to /persist/home/rafiq/.ssh
mkdir /mnt/tmp
TMPDIR=/mnt/tmp nixos-install --flake github:rrvsh/pantheon#<HOSTNAME> --no-root-password
reboot
Impermanence
System and user state is stored under /persist. Anything not declared under
{environment,home}.persistence is deleted on system boot.