computer-config icon indicating copy to clipboard operation
computer-config copied to clipboard

verified publisher icon mirdaki

Metadata

Config for server and personal deployments

Computer Config

Self-hosted Service Design

A diagram showing where services are running and how they connect

NixOS Configuration

To update the computer, run the below with the right profile (#alderaan below):

sudo nixos-rebuild switch --flake ~/computer-config#alderaan

First Time Setup

Install nixos using these instructions. Create the main user and su to them for cloning this repo (to keep file permissions sane). Create the new host (copy config from /etx/nixos/, add to flake, etc) and configure files as needed.

This may not be needed going forward, but I did need this to use experimental features (nix command and flakes) in CLI ad hoc:

nix-shell -p git 
git clone https://github.com/mirdaki/computer-config.git

nix run home-manager/master --extra-experimental-features nix-command --extra-experimental-features flakes -- init

If you need to create age keys for secrets, follow these steps, but use the below commands to not need to install age-keygen:

nix shell nixpkgs#age -c age-keygen -o ~/.config/sops/age/keys.txt
# or to get the public key if it already exists
nix shell nixpkgs#age -c age-keygen -y ~/.config/sops/age/keys.txt

Setting up a user password with sops-nix. Note: The value you put in the secrets file is a hash of the password from mkpasswd, not the password itself.

Updating Secrets

Regular secrets

nix-shell -p sops --run "sops hosts/alderaan/secrets/secret.yaml"

Binary files. With separate encrypt and decrypt stages

nix-shell -p sops --run "sops -e decrypted.txt > encrypted.txt"
nix-shell -p sops --run "sops -d encrypted.txt > decrypted.txt"

Creating OIDC Info

Per the Authelia docs

# For the ID
nix-shell -p authelia --run "authelia crypto rand --length 72 --charset rfc3986"

# For the secret
nix-shell -p authelia --run "authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986"

Creating Container Module

Using compose2nix, create a docker-compose.yml file and put it in the nixos modules directory. By default is uses podman.

nix run github:aksiksi/compose2nix -- -project=name

Cleaning Tables

If you want to drop a table (for instances, to remove testing data)

sudo -u postgres psql
\l
DROP DATABASE <name>;
\q

Manually Cleaning NixOS

sudo nix-collect-garbage -d

Upgrading NixOS

Update the input URLs in the flake.nix file. Then run

nix flake update
sudo nixos-rebuild switch --flake ~/computer-config#alderaan

Metadata

58
Stars
2
Forks
Watchers

Owner

verified publisher icon mirdaki

Metadata

Config for server and personal deployments

Back