Configuration files for my NixOS machines.
Devices: xiatian
- Put device into setup mode by wiping the PK key
- Install NixOS and enable flakes
- Setup age key:
mkdir -p /var/lib/sops-nix sudo nix-shell -p neovim --run "nvim /var/lib/sops-nix/key.txt" chmod 400 /var/lib/sops-nix/key.txt - Generate and enroll secure boot keys:
sudo nix-shell -p sbctl --run "sbctl create-keys" sudo nix-shell -p sbctl --run "sbctl enroll-keys -m" - Deploy:
nix-shell -p git --run "git clone https://github.com/ungeskriptet/nix-config.git" cd nix-config sudo nixos-rebuild boot --flake "path:.#<HOSTNAME>" sudo reboot
Devices: rpi5
- AdGuard Home
- Caddy with LEGO for TLS certificates
- ESPHome
- Home Assistant
- MollySocket (For Signal push notifications on degoogled Android phones)
- Nextcloud
- ntfy.sh (UnifiedPush provider)
- samsung-update-bot
- soju and gamja (IRC)
- Sshwifty
- Stalwart (E-Mail)
- Vaultwarden
- Wireguard
- yuribot
- Generate the installer image (make sure to add your public SSH key into the flake):
git clone https://github.com/nvmd/nixos-raspberrypi.git cd nixos-raspberrypi vim flake.nix sudo nix build ".#installerImages.rpi5" - Flash the image to a USB drive (preferred) or SD card:
zstd -c -d result/sd-image/nixos-installer-rpi5-kernelboot.img.zst | pv -Yo /dev/sdX - Boot the Raspberry Pi and download this configuration:
sudo -i nix-shell -p git git clone https://github.com/ungeskriptet/nix-config.git cd nix-config - Setup age key:
mkdir -p /root/.config/sops/age vim /root/.config/sops/age/keys.txt chmod 400 /root/.config/sops/age/keys.txt - Edit secrets:
nix-shell -p sops --run "EDITOR=vim sops secrets/secrets.yaml" - Deploy:
nixos-rebuild boot --flake "path:.#rpi5" reboot