| keys | ||
| machines | ||
| modules | ||
| pkgs | ||
| .editorconfig | ||
| .envrc | ||
| .gitignore | ||
| .sops.yaml | ||
| flake.lock | ||
| flake.nix | ||
| README.md | ||
| shell.nix | ||
Nix Gscheits
NixOS configurations of the FabLab Bad Windsheim
General
This project uses Nix Flakes which currently are only available in unstable Nix.
To make the project more accessible to users of stable nix, a compatibility layer is provided. If you use direnv, a wrapper for unstable nix should transparently be added to the shell. This might only work if you are a trusted user.
Secrets for NixOS machines are managed with sops using sops-nix.
The gpg keys are stored in keys
and a flake app is provided for conveniently displaying the fingerprint of a stored key:
nix run .#showKeyFingerprint machines/raven
Directory structure
machines: NixOS configurations for machines.modules: Modules that either alter default values or add modules that can be enabled via options.pkgs: nixpkgs overlay for packages not in nixpkgs.
Deployment
The deployment uses krops (more precisely Mic92’s fork with flake support).
If your public key is installed for root on the target system,
deploying is as easy as nix run .#deploy/hostname.
Building a configuration locally is possible by running nixos-rebuild build --flake .#HOSTNAME
or on systems with stable Nix (using the compatibility wrapper) nix build .#nixosConfigurations.HOSTNAME.config.system.build.toplevel.
License
This project is licensed under the MIT license. For details, please see the COPYING file.
Note: The MIT license does not apply to the built packages or system closures, only to the source files in this repository. It also might not apply to patches included in this repository, which may be derivative works.