fablab-nea/nix-gscheits
1
0
Fork 0
Code Issues 7 Pull requests 3 Projects Releases Packages Wiki Activity Actions

Draft: add content to readme #11

Open
sbruder wants to merge 4 commits from readme into main
pull from: readme
merge into: fablab-nea:main
Conversation 10 Commits 4 Files changed 3 +74 -5
3 changed files with 74 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

48
README.md
View file

@ -1 +1,47 @@
# NixOS configurations of the FabLab Bad Windsheim
# Nix Gscheits
NixOS configurations of the FabLab Bad Windsheim
## General
This project uses Nix Flakes
which currently are only available in unstable Nix.
To make the project more accessible to users of stable nix,
a compatibility layer is provided.
If you use [direnv](https://direnv.net/),
a wrapper for unstable nix should transparently be added to the shell.
This might only work if you are a [trusted user](https://nixos.org/manual/nix/stable/#conf-trusted-users).
Secrets for NixOS machines are managed with sops using [sops-nix](https://github.com/Mic92/sops-nix).
The gpg keys are stored in `keys`
and a flake app is provided for conveniently displaying the fingerprint of a stored key:
`nix run .#showKeyFingerprint machines/raven`
### Directory structure
* `machines`: NixOS configurations for machines.
* `modules`: Modules that either alter default values
or add modules that can be enabled via options.
* `pkgs`: nixpkgs overlay for packages not in nixpkgs.
## Deployment
The deployment uses [krops](https://github.com/krebs/krops)
(more precisely [Mic92s fork with flake support](https://github.com/Mic92/krops)).
If your public key is installed for root on the target system,
deploying is as easy as `nix run .#deploy/hostname`.
Building a configuration locally is possible by running `nixos-rebuild build --flake .#HOSTNAME`
or on systems with stable Nix (using the compatibility wrapper) `nix build .#nixosConfigurations.HOSTNAME.config.system.build.toplevel`.
## License
This project is licensed under the MIT license.
For details, please see the [COPYING](./COPYING) file.
Note: The MIT license does not apply to the built packages or system closures,
only to the source files in this repository.
It also might not apply to patches included in this repository,
which may be derivative works.

22
machines/raven/README.md Normal file
View file

@ -0,0 +1,22 @@
# raven
## setup
```bash
parted -s /dev/sda -- \
mktable GPT \
mkpart primary fat32 1MiB 1GiB \
set 1 esp on \
mkpart primary ext2 1GiB 100%
mkfs.vfat -i 0FEAFAF6 /dev/sda1
cryptsetup luksFormat --type luks2 --uuid=ad04bc72-bc84-42e3-856f-152c162ad88c /dev/sda2
cryptsetup open --type luks2 /dev/sda2 cryptroot
mkfs.btrfs -U 1ac13504-fb49-4739-a0e3-f87a3f840fb1 /dev/mapper/cryptroot
mount -o compress=zstd /dev/mapper/cryptroot /mnt
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot
```

9
machines/raven/configuration.nix
View file

@ -33,6 +33,11 @@
prefixLength = 24;
}];
};
nat = {
enable = true;
externalInterface = "jt";
internalInterfaces = "labdev";
};
};
i18n.defaultLocale = "en_US.UTF-8";
@ -55,9 +60,5 @@
services.openssh.enable = true;
environment.systemPackages = with pkgs; [
neovim
];
system.stateVersion = "21.05";
}