Colin
2ff4df069e
```
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/915c0fab841cc88045e00778b8e7fbdbdbd7d1aa' (2023-04-13)
→ 'github:nixos/nixpkgs/f294325aed382b66c7a188482101b0f336d1d7db' (2023-04-16)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/00d5fd73756d424de5263b92235563bc06f2c6e1' (2023-04-11)
→ 'github:Mic92/sops-nix/de6514f8fe1b3c2b57307569a0898bc4be9ae1c5' (2023-04-17)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/e45cc0138829ad86e7ff17a76acf2d05e781e30a' (2023-04-09)
→ 'github:NixOS/nixpkgs/1040ce5f652b586da95dfd80d48a745e107b9eac' (2023-04-16)
```
|
||
|---|---|---|
| hosts | ||
| modules | ||
| nixpatches | ||
| overlays | ||
| pkgs | ||
| scripts | ||
| secrets | ||
| templates/python-data | ||
| .gitignore | ||
| .sops.yaml | ||
| flake.lock | ||
| flake.nix | ||
| readme.md | ||
readme.md
to deploy:
nixos-rebuild --flake ".#servo" {build,switch}
if the target is the same as the host, nix will grab the hostname automatically:
nixos-rebuild --flake . {build,switch}
more options (like building packages defined in this repo):
nix flake show
secrets
i use sops for secrets.
see hosts/common/secrets.nix for some tips.
building images
to build a distributable image (GPT-formatted image with rootfs and /boot partition):
nix build ./#imgs.lappy
this can then be dd'd onto a disk and directly booted from a EFI system.
there's some post-processing to do before running a rebuild on the deployed system (deploying ssh keys, optionally changing fs UUIDs, etc).
refer to flake.nix for more details.
remote deployment
some of my systems support cross compilation (i.e. building from x86-64 for an aarch64 host without using emulation).
nixos-rebuild --flake '.#cross-moby' buildsudo nix sign-paths -r -k /run/secrets/nix_serve_privkey $(readlink ./result)nixos-rebuild --flake '.#cross-moby' switch --target-host colin@moby --use-remote-sudo
building packages
build anything with
nix build .#<pkgname>
specifically, i pass the full package closure to the legacyPackages flake output. that includes both my own packages and upstream packages.
on the other hand the packages output contains only my own packages.
in addition, my packages are placed into both the global scope and a sane scope.
so use the scoped path when you want to be explicit.
nix build sane.linux-megous
to build a package precisely how a specific host would see it (in case the host's config customizes it):
nix build '.#host-pkgs.moby-cross.xdg-utils'
using this repo in your own config
this should be a pretty "standard" flake. just reference it, and import either
nixosModules.sane(for the modules)overlays.pkgs(for the packages)
nixosModules.sane corresponds to everything in the modules/ directory.
it's a mix of broad and narrow scope options.
e.g. sane.fs is a completely standalone thing,
whereas sane.web-browser is highly personalized and doesn't really make sense to export.
regardless of scope, i do try to ensure that everything in modules/ is hidden behind some enable flag
so that the disorganization isn't that critical.
contact
if you want to contact me for questions, or collaborate to split something useful into a shared repo, etc, you can reach me via any method listed here.