~martinimoe/nixos-config

My personal NixOS configuration
Update flake
Add gamescope
Merge branch 'main' of git.sr.ht:~martinimoe/nixos-config

refs

main
browse  log 

clone

read-only
https://git.sr.ht/~martinimoe/nixos-config
read/write
git@git.sr.ht:~martinimoe/nixos-config

You can also use your local clone with git send-email.

#NixOS Configuration

#README

  • GPG Key Management?!

#Hosts

  • galactica: My Thinkpad X280 Laptop (So say we all!)
  • omnissiah: My desktop computer (The emperor protects!)
  • caprica: My tiny vps (Capital of the colonies!)
  • sagittaron: An old Mac Mini, my homeserver (The ninth colony!)

#Agenix

  • Theres an SSH key in ~/.ssh/agenix
    • Its configured as age.identityPaths in home/agenix.nix, so agenix knows wich key to use to decrypt
    • Its public key is configured in home/secrets/secrets.nix, so agenix knows wich key to use to encrypt
    • home/secrets/secrets.nix does not get imported to home-manager config! Its only used by agenix cli!
    • Secrets are used for example in home/ssh.nix
  • To encrypt a new secret
    • Define it in home/secrets/secrets.nix
    • Execute in home/screts: agenix -e <secretname>
    • Use it like age.secrets.<secretname>.*

#Backups

  • Existing Backups
    • nextcloud_data: Mon 00:00
    • nextcloud_database: Mon 01:00
    • paperless: Mon 02:00
    • vaultwarden_data: Mon 03:00
    • vaultwarden_database: Mon 04:00
    • immich_data: Tue 00:00
    • immich_database: Tue 01:00
  • Check backups with for examplenix run 'nixpkgs#borgbackup' -- info --rsh 'ssh -p 23 -i /home/moe/.ssh/storagebox_nextcloud_data' u409248-sub1@u409248-sub1.your-storagebox.de:nextcloud_data_backups
  • Prepare Storagebox
    • Enable Samba
    • Mount locally
    • Create root folder for new backup
    • Create subaccount with ssh and external access
    • Disable Samba
  • Create keypair and passphrase
    • `ssh-keygen -t ed25519 -f ~/.ssh/storagebox_
    • Generate borg passphrase with e.g. pwgen 64
    • Create agenix secrets
    • Copy ssh key to storagebox with ssh-copy-id -o PubkeyAuthentication=no -o PreferredAuthentications=password -p 23 -s -i ~/.ssh/<privatekey> u409248-sub1@u409248-sub1.your-storagebox.de
  • Configure according to other backups

#Useful stuff

#Find GNOME dconf settings

To find the right dconf settings to configure GNOME you may execute dconf watch / and then just click around in GNOMEs settings. caprica common galactica omnissiah sagittaron

Do not follow this link