| .forgejo/workflows | ||
| assets | ||
| nix | ||
| rust | ||
| .envrc | ||
| .gitignore | ||
| desktop.qcow2 | ||
| flake.lock | ||
| flake.nix | ||
| README.md | ||
Nix Machines
This is my repository for all my various machines running NixOS (or Using Nix Darwin).
It has been created as an attempt at unifying all the various provisioning of software/cloud resources that must happen, such that for every instance there's a unified set of commands to run.
When running on a desktop machine, simply running nixos-install as per usual should suffice.
Servers
To provision the cloud resources needed, and install NixOS, the following can be run:
nix run '.#create-instance' -- <hostname>
This will run the provision.pre terraform code to ensure the cloud resources are created as needed, on either hetzner or openstack. It should also select the appropriate secrets backend to fetch secrets from. In general every server should use vault (OpenBAO) as the backend, except for the server hosting OpenBAO. Then it will install NixOS.
When making changes to eg. the approle needed, and needing to provision the instance again (but not installing NixOS again, as that won't work), run:
nix run '.#provision-instance' -- <hostname>
To update the NixOS config on an instance:
nix run '.#update-instance` -- <hostname>
To delete the resources again run:
nix run '.#destroy-instance' -- <hostname>
Secrets
To transfer the secrets needed for OpenTofu from Bitwarden to OpenBAO/Vault run:
nix run '.#bitwarden-to-vault'