jsutter/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
NixOS configuration
419 commits 2 branches 0 tags 443 KiB
Find a file
Julian Sutter 46b60f6ade Update DNS procedure to use non-proxied Cloudflare records
2026-02-16 22:18:36 -08:00
desktop forgejo good, nginx coming along 2026-02-15 22:46:17 -08:00
servers Add Immich server configuration 2026-02-16 21:51:05 -08:00
systems Remove unnecessary DNS workaround - local DNS is now working 2026-02-16 17:33:45 -08:00
users forgejo good, nginx coming along 2026-02-15 22:46:17 -08:00
.gitignore forgejo good, nginx coming along 2026-02-15 22:46:17 -08:00
agents.md Update DNS procedure to use non-proxied Cloudflare records 2026-02-16 22:18:36 -08:00
flake.lock Add Immich server configuration 2026-02-16 21:51:05 -08:00
flake.nix Add Immich server configuration 2026-02-16 21:51:05 -08:00
README.md Add development standards and procedures for app deployment 2026-02-16 22:05:18 -08:00

README.md

NixOS Configuration Repository

Session Start Protocol

Always begin by reading agents.md for workflow instructions and development standards.

System Installation

  1. Partition the disk:
sudo parted /dev/nvme0n1 -- mklabel gpt
sudo parted /dev/nvme0n1 -- mkpart primary ext4 512MB 100%
sudo parted /dev/nvme0n1 -- mkpart ESP fat32 1MB 512MB
sudo parted /dev/nvme0n1 -- set 2 esp on
sleep 2
sudo mkfs.ext4 /dev/disk/by-partlabel/primary
  1. Mount the filesystems:
sudo mount -o rw /dev/disk/by-partlabel/primary /mnt/
sudo mkdir /mnt/boot
sudo mkfs.vfat /dev/disk/by-partlabel/ESP
sudo mount -o rw /dev/disk/by-partlabel/ESP /mnt/boot/
sudo mkdir /mnt/root
sudo git clone https://jsutter:b9cf9383b20dc6efe4d0a732d659709097879b67@git.symbiotrip.com/jsutter/nixos /mnt/root/nixos
  1. Install NixOS:
sudo -i
cd /mnt/root/nixos
nixos-install --flake .#<name> --no-root-password --impure
  1. Set user password:
nixos-enter --root '/mnt'
passwd jsutter

Infrastructure Roadmap

Planned Work

Borg Backup Server

  • Set up a dedicated Borg backup server for automated backups
  • Configure backup schedules for critical systems
  • Implement retention policies and pruning rules

Secrets Management with sops-nix

  • Implement sops-nix for secrets management
  • Move all hardcoded secrets from server configs into sops-nix
  • Set up encryption keys and key rotation policies
  • Document the secrets management workflow