# nix-config

System and user configuration for NixOS-based systems.

| | |
|-|-|
| **Shell:** | zsh |
| **DE:** | GNOME |
| **Theme:** | Adwaita |
| **Terminal:** | Ghostty |

## Provisioning a new host
> [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) is the module used
> for provisioning

Generate a new SSH host key in "$temp/etc/ssh" as per [this guide](https://nix-community.github.io/nixos-anywhere/howtos/secrets.html#example-decrypting-an-openssh-host-key-with-pass).
```
ssh-keygen -t ed25519 -f /tmp/ssh_host_ed25519_key
```

Update [nix-secrets](/jordan/nix-secrets) with the new host key to enable the system to decrypt
any relevant secrets.

In order to use the borgmatic module for backups, go to [borgbase.com](https://borgbase.com).
Add the generated SSH host key and create a new repository for the system.

Create a new directory under `hosts/` with a system configuration and disk layout.

Boot the NixOS installer (or any Linux distribution) on the target.

Then run:
```
nix run github:nix-community/nixos-anywhere -- \
  --disk-encryption-keys /tmp/secret.key /tmp/secret.key \
  --extra-files "$temp" \
  --flake .#<hostname> \
  root@<target-ip>
```

### Post install

If backups are configured, you'll need to run:
```
borgmatic init --encryption repokey-blake2
```
then restart `borgmatic`.

To join the Tailscale network, run:
```
tailscale up --login-server https://headscale.vimium.net
```
then visit the URL, SSH onto `vps1` and run `headscale --user mesh nodes register --key <key>`.

The new node can optionally be given a friendly name with `headscale node rename -i <index> <hostname>`.