My NixOS configuration and assorted other crap.
My NixOS configuration and assorted other crap, powered by flakes.
Clone to /etc/nixos
.
CI checks ensure that code is formatted and passes linting. Run those locally with:
nix flake check
nix run .#fmt
nix run .#lint
See the documentation.
This is an opinionated config making assumptions which work for me but might not for you:
/
on boot is good actually.Everything in shared/default.nix
is enabled on every host by default.
Notable decisions are:
~/tmp
directory with files cleaned out after 7 days.For monitoring and alerting specifically:
If using ZFS there are a few more things configured:
Everything else in shared/
is available to every host, but disabled by
default.
Backups are managed by shared/restic-backups
and uploaded to Backblaze B2
with restic.
List all the snapshots with:
nix run .#backups # all snapshots
nix run .#backups -- snapshots --host <hostname> # for a specific host
nix run .#backups -- snapshots --tag <tag> # for a specific tag
Restore a snapshot to <restore-dir>
with:
nix run .#backups restore <snapshot> [<restore-dir>]
If unspecified, the snapshot is restored to /tmp/restic-restore-<snapshot>
.
Secrets are managed with sops-nix. Create / edit secrets with:
nix run .#secrets # secrets.yaml for current host
nix run .#secrets <hostname> # secrets.yaml for <hostname>
nix run .#secrets <hostname> <name> # <name>.yaml for <hostname>