No description

Find a file

Mohammad Rafiq f6e775bbd9 refactor: move wl-clipboard to system packages		2025-04-01 22:13:21 +08:00
.github/workflows	fix(ci): add pull request write permission	2025-03-31 05:29:56 +08:00
modules	refactor: move wl-clipboard to system packages	2025-04-01 22:13:21 +08:00
flake.lock	flake.lock: Update	2025-03-30 21:31:24 +00:00
flake.nix	refactor: move var defs in flake	2025-03-31 05:08:28 +08:00
README.md	feat: add apollo nixos configuration	2025-03-30 04:17:26 +08:00

README.md

"This is fucking brilliant. Nobody needs this, nobody has a real use for this and this definitely does not attract girls. Still, I'll try this and probably love it. -Tim Goeree"

As Yet Unreproducible

~~User passwords~~ -> Managed with sops-nix
Spotify login
Firefox login

Adding Secrets with sops-nix

Secrets are stored in configs/secrets/secrets.yaml. You can edit these secrets with sops secrets.yaml given you have an age private key stored at ~/.config/sops/age/keys.txt.

To decrypt these secrets with sops-nix during a rebuild, you must add your host public key to the .sops.yaml file. Generate it with cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age, add it to the file, then run sops updatekeys secrets.yaml.

Provisioning A New Machine

On the target system, boot into the NixOS installer and run:

# Create a password for the nixos user for SSH access.
passwd

# Start wpa_supplicant and connect to a wifi network.
sudo systemctl start wpa_supplicant
wpa_cli
> add_network
> set_network 0 ssid "SSID"
> set_network 0 psk "password"
> enable_network 0
> quit

# Get the IP address of the target system.
ip addr

On the host machine, run the following command to build the new system configuration and copy it over SSH along with the sops age key and ssh keys.

# WARNING: You must use the IP address of the machine.
# The hostname will not suffice as it will boot into a NixOS installer through kexec.
deploy --flake .#<hostname> --target-host <username>@<ip_address>

Complete the setup by running the following on the target system once it is booted into the new install.

# On the target machine:
sudo rm /etc/ssh/ssh_host_*
sudo ssh-keygen -A
cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age

# On the host machine:
# Add the host age public key to .sops.yaml
sops updatekeys secrets.yaml

Acknowledgements

https://www.youtube.com/watch?v=CwfKlX3rA6E for piquing my interest in this OS in the first place
https://nixos-and-flakes.thiscute.world/ for teaching me about nix, nixos, flakes, and home-manager in an extremely easy to follow and well-documented fashion
https://blog.notashelf.dev/posts/2025-02-24-ssh-signing-commits.html for teaching me how to trivially sign my commits
https://www.reddit.com/r/NixOS/comments/fsummx/comment/fm3jbcm/ for an easy way to list all installed packages (nix-store --query --requisites /run/current-system | cut -d- -f2- | sort | uniq)