#NixOS Configuration
#README
#Hosts
- galactica: My Thinkpad X280 Laptop (So say we all!)
- omnissiah: My desktop computer (The emperor protects!)
- caprica: My tiny vps (Capital of the colonies!)
- sagittaron: An old Mac Mini, my homeserver (The ninth colony!)
#Agenix
- Theres an SSH key in ~/.ssh/agenix
- Its configured as
age.identityPaths
in home/agenix.nix
, so agenix knows wich key to use to decrypt
- Its public key is configured in
home/secrets/secrets.nix
, so agenix knows wich key to use to encrypt
home/secrets/secrets.nix
does not get imported to home-manager config! Its only used by agenix cli!
- Secrets are used for example in
home/ssh.nix
- To encrypt a new secret
- Define it in
home/secrets/secrets.nix
- Execute in
home/screts
: agenix -e <secretname>
- Use it like
age.secrets.<secretname>.*
#Backups
- Existing Backups
- nextcloud_data: Mon 00:00
- nextcloud_database: Mon 01:00
- paperless: Mon 02:00
- vaultwarden_data: Mon 03:00
- vaultwarden_database: Mon 04:00
- immich_data: Tue 00:00
- immich_database: Tue 01:00
- Check backups with for example
nix run 'nixpkgs#borgbackup' -- info --rsh 'ssh -p 23 -i /home/moe/.ssh/storagebox_nextcloud_data' u409248-sub1@u409248-sub1.your-storagebox.de:nextcloud_data_backups
- Prepare Storagebox
- Enable Samba
- Mount locally
- Create root folder for new backup
- Create subaccount with ssh and external access
- Disable Samba
- Create keypair and passphrase
- `ssh-keygen -t ed25519 -f ~/.ssh/storagebox_
- Generate borg passphrase with e.g.
pwgen 64
- Create agenix secrets
- Copy ssh key to storagebox with
ssh-copy-id -o PubkeyAuthentication=no -o PreferredAuthentications=password -p 23 -s -i ~/.ssh/<privatekey> u409248-sub1@u409248-sub1.your-storagebox.de
- Configure according to other backups
#Useful stuff
#Find GNOME dconf settings
To find the right dconf settings to configure GNOME you may execute dconf watch /
and then just click around in GNOMEs settings.
caprica
common
galactica
omnissiah
sagittaron