nix-config

System and user configuration for NixOS-based systems.

Shell:	zsh
DE:	GNOME
Theme:	Adwaita
Terminal:	Ptyxis

Provisioning a new host

nixos-anywhere is the module used for provisioning

Generate a new SSH host key in "$temp/etc/ssh" as per this guide.

ssh-keygen -t ed25519 -f /tmp/ssh_host_ed25519_key

Update nix-secrets with the new host key to enable the system to decrypt any relevant secrets.

In order to use the borgmatic module for backups, go to borgbase.com. Add the generated SSH host key and create a new repository for the system.

Create a new directory under hosts/ with a system configuration and disk layout.

Boot the NixOS installer (or any Linux distribution) on the target.

Then run:

nix run github:nix-community/nixos-anywhere -- \
  --disk-encryption-keys /tmp/secret.key /tmp/secret.key \
  --extra-files "$temp" \
  --flake .#<hostname> \
  root@<target-ip>

Post install

If backups are configured, you'll need to run:

borgmatic init --encryption repokey-blake2

then restart borgmatic.

To join the Tailscale network, run:

tailscale up --login-server https://headscale.vimium.net

then visit the URL, SSH onto vps1 and run headscale --user mesh nodes register --key <key>.

The new node can optionally be given a friendly name with headscale node rename -i <index> <hostname>.