Skip to content

mirdaki/computer-config

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

78 Commits
.vscode
.vscode
 
 
docs
docs
 
 
hosts
hosts
 
 
legacy/public
legacy/public
 
 
modules
modules
 
 
.editorconfig
.editorconfig
 
 
README.md
README.md
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 

Repository files navigation

Computer Config

Self-hosted Service Design

A diagram showing where services are running and how they connect

NixOS Configuration

To update the computer, run the below with the right profile (#alderaan below):

sudo nixos-rebuild switch --flake ~/computer-config#alderaan

First Time Setup

Install nixos using these instructions. Create the main user and su to them for cloning this repo (to keep file permissions sane). Create the new host (copy config from /etx/nixos/, add to flake, etc) and configure files as needed.

This may not be needed going forward, but I did need this to use experimental features (nix command and flakes) in CLI ad hoc:

nix-shell -p git 
git clone https://github.com/mirdaki/computer-config.git

nix run home-manager/master --extra-experimental-features nix-command --extra-experimental-features flakes -- init

If you need to create age keys for secrets, follow these steps, but use the below commands to not need to install age-keygen:

nix shell nixpkgs#age -c age-keygen -o ~/.config/sops/age/keys.txt
# or to get the public key if it already exists
nix shell nixpkgs#age -c age-keygen -y ~/.config/sops/age/keys.txt

Setting up a user password with sops-nix. Note: The value you put in the secrets file is a hash of the password from mkpasswd, not the password itself.

Updating Secrets

Regular secrets

nix-shell -p sops --run "sops hosts/alderaan/secrets/secret.yaml"

Binary files. With separate encrypt and decrypt stages

nix-shell -p sops --run "sops -e decrypted.txt > encrypted.txt"
nix-shell -p sops --run "sops -d encrypted.txt > decrypted.txt"

Creating OIDC Info

Per the Authelia docs

# For the ID
nix-shell -p authelia --run "authelia crypto rand --length 72 --charset rfc3986"

# For the secret
nix-shell -p authelia --run "authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986"

Creating Container Module

Using compose2nix, create a docker-compose.yml file and put it in the nixos modules directory. By default is uses podman.

nix run github:aksiksi/compose2nix -- -project=name

Cleaning Tables

If you want to drop a table (for instances, to remove testing data)

sudo -u postgres psql
\l
DROP DATABASE <name>;
\q

Manually Cleaning NixOS

sudo nix-collect-garbage -d

Upgrading NixOS

Update the input URLs in the flake.nix file. Then run

nix flake update
sudo nixos-rebuild switch --flake ~/computer-config#alderaan

About

Config for server and personal deployments

Resources

Readme
Activity

Stars

57 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

2 tags

Packages

No packages published

Languages