toph/dot.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update readme

Browse source
This commit is contained in:
Chris Toph 2025-06-17 11:08:24 -04:00
parent dc34a785f7
commit f496fcb0c7
1 changed files with 120 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

156
readme.md
View file

@ -21,11 +21,15 @@ This repository follows a **layered, modular approach** that separates system-le
├── ❄️ flake.nix # Central entry point & dependency management ├── ❄️ flake.nix # Central entry point & dependency management
├── 🔐 secrets.nix # Encrypted secrets (git-crypt) ├── 🔐 secrets.nix # Encrypted secrets (git-crypt)
├── 🏠 hosts/ # System-level configurations ├── 🏠 hosts/ # System-level configurations
│ ├── x86/ # Intel/AMD 64-bit systems
│ └── arm/ # ARM64 systems
├── 👤 home/ # User environment configurations ├── 👤 home/ # User environment configurations
├── 📦 modules/ # Reusable configuration modules ├── 📦 modules/ # Reusable configuration modules
├── 🎨 overlays/ # Package customizations ├── 🎨 overlays/ # Package customizations
├── 📋 pkgs/ # Custom package definitions ├── 📋 pkgs/ # Custom package definitions
└── 🛠️ lib/ # Helper functions & utilities ├── 🛠️ lib/ # Helper functions & utilities
├── 🔧 iso/ # ISO build configurations
└── ⚙️ .github/workflows/ # CI/CD automation
``` ```
--- ---
@ -57,16 +61,21 @@ The heart of the configuration, managing:
``` ```
hosts/global/ hosts/global/
├── core/ # Essential base settings ├── core/ # Essential base settings
│ ├── default.nix # Core system imports & Nix configuration
│ ├── fonts.nix # Font management │ ├── fonts.nix # Font management
│ ├── networking.nix # Network configuration │ ├── networking.nix # Network configuration
│ ├── ssh.nix # SSH server setup │ ├── ssh.nix # SSH server setup
│ └── user.nix # User account setup │ └── user.nix # User account setup & Home Manager integration
└── common/ # Optional system features └── common/ # Optional system features
├── audio.nix # PipeWire audio stack ├── audio.nix # PipeWire audio stack
├── gaming.nix # Steam, GameMode, hardware optimizations ├── gaming.nix # Steam, GameMode, hardware optimizations
├── gnome.nix # GNOME desktop environment ├── gnome.nix # GNOME desktop environment
├── docker.nix # Docker setup ├── docker.nix # Docker setup with update-containers script
└── libvirt.nix # VM tools and management ├── libvirt.nix # VM tools and management
├── warp.nix # Cloudflare WARP VPN support
└── system/
├── pool.nix # NFS pool mounting & symlink management
└── lxc.nix # Central hardware configuration for LXC hosts
``` ```
### **Host-Specific Configurations** ### **Host-Specific Configurations**
@ -78,15 +87,16 @@ Each system in `hosts/nixos/<hostname>/` contains:
#### 🖥️ **Current Hosts** #### 🖥️ **Current Hosts**
| Host | Type | Purpose | Hardware | Services | | Host | Type | Purpose | Hardware | Services |
| ---------- | ------------- | ---------------------- | --------------------------- | --------------------------------- | | ---------- | ------------- | ---------------------- | --------------------------- | -------------------------------- |
| **rune** | Desktop | My workstation | Ryzen 9 7900X3D, RX 9070 XT | Gaming, Development, VMs | | **rune** | Desktop | My workstation | Ryzen 9 7900X3D, RX 9070 XT | Gaming, Development, VMs |
| **gojo** | Desktop | Giovanni's workstation | Ryzen CPU, RX 6950 XT | Gaming, Development | | **gojo** | Desktop | Giovanni's workstation | Ryzen 7 7800X3D, RX 7900 XT | Gaming, Development |
| **haze** | Desktop | Cesar's workstation | Ryzen 7, RX 6950 XT | Gaming, Development | | **haze** | Desktop | Cesar's workstation | Ryzen 7, RX 6950 XT | Gaming, Development |
| **sock** | Server | Backup & Storage | Intel N150 | WIP; Hosted on Firewall | | **caenus** | Server | Oracle VPS | ARM 4vCPU, 24GB RAM, 200GB | FRP, Public IP |
| **cloud** | LXC Container | Storage & NFS | 4C/4GB | File storage, NFS server, Backups | | **sock** | Server | Backup & Storage | Intel N150 | Komodo (Docker), Backups, Newt |
| **komodo** | LXC Container | Docker orchestration | 12C/30GB | Authentik, Komodo, Web services | | **cloud** | LXC Container | Storage & NFS | 4C/4GB | File storage, NFS, Newt |
| **proxy** | LXC Container | Network proxy | 3C/2GB | Cloudflare tunnels, Caddy | | **komodo** | LXC Container | Docker orchestration | 12C/30GB | Authentik, Komodo (Docker), Newt |
| **nix** | LXC Container | Development server | 10C/12GB | Remote development, VSCode server | | **proxy** | LXC Container | Network proxy | 3C/2GB | Pangolin, AdGuard, Newt |
| **nix** | LXC Container | Development server | 10C/12GB | **Not Deployed ATM** |
| **vm** | VM | Testing environment | Variable | System testing | | **vm** | VM | Testing environment | Variable | System testing |
--- ---
@ -103,8 +113,11 @@ home/global/
│ └── ssh.nix # SSH client configuration │ └── ssh.nix # SSH client configuration
└── common/ # Optional user applications └── common/ # Optional user applications
├── gaming/ # Gaming tools & emulator backups ├── gaming/ # Gaming tools & emulator backups
│ └── switch.nix # Nintendo Switch emulator with Borg backups
├── gnome/ # GNOME-specific programs & settings ├── gnome/ # GNOME-specific programs & settings
│ └── dconf.nix # Enhanced PaperWM & extension configs
├── vscode/ # VS Code with patched SSH ├── vscode/ # VS Code with patched SSH
├── xdg.nix # XDG directory & file associations
└── zen.nix # Zen browser configuration └── zen.nix # Zen browser configuration
``` ```
@ -164,14 +177,9 @@ Each user in `home/users/<username>/` includes:
- **Curated Applications**: Includes configurations for applications like the Zen browser and VS Code. - **Curated Applications**: Includes configurations for applications like the Zen browser and VS Code.
- **XDG & Mime Associations**: Sensible default applications configured via `xdg.mimeApps`, using `handlr-regex` for flexibility. - **XDG & Mime Associations**: Sensible default applications configured via `xdg.mimeApps`, using `handlr-regex` for flexibility.
### **🐳 Container Management**
- **Komodo Integration**: Docker stack management through web UI
- **Service Definitions**: Authentik SSO, Caddy reverse proxy, various applications
- **compose2nix**: Docker Compose files converted to NixOS modules
### **🐳 Advanced Container Management** ### **🐳 Advanced Container Management**
- **Docker Orchestration**: Komodo provides a web UI for managing Docker stacks. - **Docker Orchestration**: Komodo provides a web UI for managing Docker stacks.
- **Key Services**: Pre-defined declarative configurations for services like Authentik (SSO) and Caddy (reverse proxy). - **Key Services**: Pre-defined declarative configurations for services like Authentik (SSO) and Pangolin (reverse proxy).
- **Declarative Stacks**: `compose2nix` is used to convert Docker Compose files into NixOS declarative modules for services like FileRun, Authentik, etc. - **Declarative Stacks**: `compose2nix` is used to convert Docker Compose files into NixOS declarative modules for services like FileRun, Authentik, etc.
### **🔐 Integrated Security** ### **🔐 Integrated Security**
@ -190,12 +198,12 @@ For setting up a new system (in NixOS) with this configuration:
#### **1. Clone Configuration Repository** #### **1. Clone Configuration Repository**
```bash ```bash
# Get yay.nix temporarily for installation # Enter development shell with necessary tools for installation
nix shell github:Tophc7/yay.nix --extra-experimental-features flakes --extra-experimental-features nix-command --no-write-lock-file nix develop github:TophC7/dot.nix --extra-experimental-features "flakes nix-command"
# Clone the configuration repository using yay try # Clone the configuration repository using yay try
yay try git git-crypt micro FLAKE=~/Documents/dot.nix
cd ~/Documents/ cd ~/Documents
git clone https://github.com/tophc7/dot.nix git clone https://github.com/tophc7/dot.nix
``` ```
@ -205,22 +213,53 @@ cd ~/Documents/dot.nix
git-crypt unlock <<path/to/symmetric.key>> # Or use GPG key git-crypt unlock <<path/to/symmetric.key>> # Or use GPG key
``` ```
#### **3. Configure Hardware Settings** <details>
1. **Compare hardware configurations:** <summary><b>Setup Your Own Secrets</b></summary>
Since you won't have access to the encrypted secrets, create your own:
```bash ```bash
micro ~/Documents/dot.nix/hosts/nixos/gojo/hardware.nix cd ~/Documents/dot.nix
# Copy the example and customize it
cp lib/public/secrets.example.nix secrets.nix
# Edit with your credentials, SSH keys, etc.
micro secrets.nix
# Initialize git-crypt for your secrets
git-crypt init
git-crypt add-gpg-user YOUR_GPG_KEY_ID
```
After setting up your secrets, encrypt the file:
```bash
git add secrets.nix
git-crypt lock
```
</details>
#### **3. Configure Hardware Settings**
1. Compare hardware configurations:
```bash
# Note: path structure (hosts/x86/ or hosts/arm/)
micro ~/Documents/dot.nix/hosts/x86/gojo/hardware.nix
micro /etc/nixos/hardware-configuration.nix micro /etc/nixos/hardware-configuration.nix
``` ```
2. **Update hardware.nix** with the `fileSystems` and `swapDevices` from the generated `/etc/nixos/hardware-configuration.nix` 2. Update hardware.nix with the `fileSystems` and `swapDevices` from the generated `/etc/nixos/hardware-configuration.nix`
#### **4. Install Configuration (TTY)** #### **4. Install Configuration (TTY Recommended)**
1. **Switch to TTY**: `Ctrl+Alt+F2` 1. Switch to TTY: `Ctrl+Alt+F2` (to avoid desktop service conflicts)
2. **Login to TTY** 2. Login to TTY
3. **Rebuild system:** 3. Rebuild system:
```bash ```bash
nix shell github:Tophc7/yay.nix --extra-experimental-features flakes --extra-experimental-features nix-command --no-write-lock-file # Enter development shell again with necessary tools for installation
yay rebuild -H gojo -p ~/Documents/dot.nix -e nix develop github:TophC7/dot.nix --extra-experimental-features "flakes nix-command"
# Rebuild with your host configuration
yay rebuild -H your-hostname -p ~/Documents/dot.nix
sudo reboot -f sudo reboot -f
``` ```
@ -257,6 +296,27 @@ yay untar myfiles.tar.zst
--- ---
## 🔧 ISO Generation
### **Automated Build System**
- **GitHub Actions**: CI/CD pipeline for ISO releases
- **Variants**: Server (minimal) and Desktop (GNOME) ISOs
- **Architectures**: x86_64 and aarch64 support with optimized builds
- **Cross-compilation**: ARM ISOs can be built on x86_64 systems
- **Distribution**: Automatic releases with artifact uploads (X86 only)
### **Local Building**
```bash
# Build locally
cd iso
nix build .#server-iso-x86
nix build .#desktop-iso-arm
# Cross-compile ARM ISOs on x86_64 systems
nix build .#server-iso-arm --system x86_64-linux --extra-platforms aarch64-linux
```
---
## 📚 Development Philosophy ## 📚 Development Philosophy
### **Modularity** ### **Modularity**
@ -286,28 +346,38 @@ yay untar myfiles.tar.zst
| **Virtualization** | libvirt, QEMU, LXC | | **Virtualization** | libvirt, QEMU, LXC |
| **Storage** | MergerFS, SnapRAID, BorgBackup, NFS, `inotify-tools` | | **Storage** | MergerFS, SnapRAID, BorgBackup, NFS, `inotify-tools` |
| **Containers** | Docker, Komodo, compose2nix | | **Containers** | Docker, Komodo, compose2nix |
| **Security** | git-crypt, ACME, Cloudflare Tunnels | | **Networking** | Newt, Pangolin, AdGuard Home, Cloudflare WARP |
| **Reverse Proxy** | Traefik (via Pangolin) |
| **Security** | git-crypt, ACME, Zero Trust tunneling |
| **Development** | VS Code (Patched SSH), `nixfmt`, `biome` | | **Development** | VS Code (Patched SSH), `nixfmt`, `biome` |
| **Gaming** | Steam, Proton, GameScope, GameMode, `lact` | | **Gaming** | Steam, Proton, GameScope, GameMode, `lact` |
| **Monitoring** | Apprise notifications, systemd timers | | **Monitoring** | Apprise notifications, systemd timers |
| **CI/CD** | GitHub Actions, Automated ISO builds |
--- ---9;ulj]
## 📝 Quick Reference ## 📝 Quick Reference
### **Directory Structure** ### **Key Configuration Files**
- `hosts/nixos/<name>/` - System configurations
- `home/users/<name>/` - User environments
- `home/hosts/<name>/` - Host-specific user overrides
- `modules/global/` - Shared specifications
- `pkgs/` - Custom packages
- `secrets.nix` - Encrypted secrets (git-crypt) - `secrets.nix` - Encrypted secrets (git-crypt)
### **Key Files**
- `flake.nix` - Dependency management & outputs
- `shell.nix` - Recovery environment
- `modules/global/host-spec.nix` - Host attribute definitions - `modules/global/host-spec.nix` - Host attribute definitions
- `modules/global/secret-spec.nix` - Secret structure definitions - `modules/global/secret-spec.nix` - Secret structure definitions
- `modules/nixos/newt.nix` - Newt tunneling service module
- `flake.nix` - Main dependency management & host discovery
- `iso/flake.nix` - ISO generation configuration
### **Frequently Modified Directories**
- `home/users/<name>/` - Individual user configurations
- `home/global/` - Shared user settings & applications
- `hosts/global/` - System-wide shared configurations
- `hosts/{x86,arm}/<name>/` - Host-specific system configs
- `home/hosts/<name>/` - Host-specific user overrides
- `pkgs/` - Custom package definitions
### **Development Workflow**
- `shell.nix` - Recovery environment for troubleshooting
- `.github/workflows/` - CI/CD for ISO builds
- `iso/` - ISO build system (separate flake)
--- ---