nixos/README.md

# NixOS Configuration Repository

## Session Start Protocol
Always begin by reading agents.md for workflow instructions and development standards.

## System Installation

1. Partition the disk:
```
sudo parted /dev/nvme0n1 -- mklabel gpt
sudo parted /dev/nvme0n1 -- mkpart primary ext4 512MB 100%
sudo parted /dev/nvme0n1 -- mkpart ESP fat32 1MB 512MB
sudo parted /dev/nvme0n1 -- set 2 esp on
sleep 2
sudo mkfs.ext4 /dev/disk/by-partlabel/primary
```

2. Mount the filesystems:
```
sudo mount -o rw /dev/disk/by-partlabel/primary /mnt/
sudo mkdir /mnt/boot
sudo mkfs.vfat /dev/disk/by-partlabel/ESP
sudo mount -o rw /dev/disk/by-partlabel/ESP /mnt/boot/
sudo mkdir /mnt/root
sudo git clone https://jsutter:b9cf9383b20dc6efe4d0a732d659709097879b67@git.symbiotrip.com/jsutter/nixos /mnt/root/nixos
```

3. Install NixOS:
```
sudo -i
cd /mnt/root/nixos
nixos-install --flake .#<name> --no-root-password --impure
```

4. Set user password:
```
nixos-enter --root '/mnt'
passwd jsutter
```

## Infrastructure Roadmap

### Planned Work

#### Borg Backup Server
- Set up a dedicated Borg backup server for automated backups
- Configure backup schedules for critical systems
- Implement retention policies and pruning rules

#### Secrets Management with sops-nix
- Implement sops-nix for secrets management
- Move all hardcoded secrets from server configs into sops-nix
- Set up encryption keys and key rotation policies
- Document the secrets management workflow