stesie/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
92 commits 1 branch 0 tags 739 KiB
  • Nix 39.3%
  • TypeScript 37.7%
  • HTML 16.6%
  • Shell 5.4%
  • CSS 0.6%
  • Other 0.4%
Find a file
Exact
Stefan Siegl 69dd0a4fcf README
2026-03-20 23:34:18 +01:00
home Restore full tree from nix store (history lost due to filter-repo accident) 2026-03-20 23:09:22 +01:00
hosts manage wg0 2026-03-20 23:34:08 +01:00
modules/nixos install authorized keys automatically 2026-02-28 17:55:26 +01:00
.gitignore Restore full tree from nix store (history lost due to filter-repo accident) 2026-03-20 23:09:22 +01:00
flake.lock update. 2026-03-20 23:10:30 +01:00
flake.nix Restore full tree from nix store (history lost due to filter-repo accident) 2026-03-20 23:09:22 +01:00
README.md README 2026-03-20 23:34:18 +01:00

README.md

NixOS Configuration Flake

This is the NixOS configuration for my personal devices. It is structured as a flake and also contains some "for personal use only" applications and scripts. Maybe some bits are useful for you as well 🤷

Deployment

Deploying the configuration to the device is done via nixos-rebuild and the --build-host and --target-host options.

nixos-rebuild switch --flake .#claw --build-host stesie@claw.local --target-host stesie@claw.local --sudo

It is important to note that the --build-host and --target-host options must be used together, otherwise (if you only specify --build-host) the configuration will be built on the remote machine, and then rolled out locally.

Device Bootstrapping

Raspberry Pi

Source: https://raw.githubusercontent.com/britter/nix-configuration/77809ecf605b466cb41c47253dc3e9598a0b8bee/README.md

This is the description for a network install that does not require the Raspberry Pi to be connected to a display. Instead it's sufficient to connet it to the network via ethernet cable and ssh into the machine. The SD card image will setup the root account and a user called nixos without password. However the SSH service is configred to not accept empty passwords. So in order to login via SSH, you need to pre-load your SSH key into the authorized_keys file of either the root user or the nixos user. The first step is to download the bootable SD card image from the Hydra build system, see this nixos.wiki entry.

Pre-load an SSH key into the image

  1. Use nix run nixpkgs#parted <img> to find out what exactly to mount. See this stackoverflow answer for details.
  2. Mount the image file into a local directory by running
mkdir img
sudo mount -o loop,offset=<result from parted> <image file name> img
  1. Generate an SSH key if you haven't already using the ssh-keygen tool.
  2. The SD card image will setup a user called nixos on first boot. For that reason /home/nixos does not exist in the image you just mounted. Create the user home, and pre-load your SSH key as an authorized key:
sudo mkdir -p img/home/nixos/.ssh
sudo cp ~/.ssh/id_rsa.pub img/home/nixos/.ssh/authorized_keys
sudo chown -R 1000:100 img/home/nixos
sudo chmod -R 700 img/home/nixos
sudo chmod 600 img/home/nixos/.ssh/authorized_keys
  1. Unmount the image via sudo umount img
  2. Use nix run nixpkgs#rpi-imager to run the Raspberry Pi imager and write the image to the SD card.

After first boot

  1. Once the key is on the device, ssh into it as the nixos user.
  2. Run sudo nixos-generate-config to generate the initial configuration.
  3. IMPORTANT: You need to make two modifications to /etc/nixos/configuration.nix. If you forget to add this to the config, when you nixos-rebuild switch you won't be able to login anymore!
  • Configure the nixos user:
users.users.nixos = {
  isNormalUser = true;
  extraGroups = ["wheel"];
};
  • Enable the SSH services:
services.openssh = {
  enable = true;
  # require public key authentication for better security
  settings.PasswordAuthentication = false;
  settings.KbdInteractiveAuthentication = false;
  #settings.PermitRootLogin = "yes";
};