new machine, altostratus, my remote-work remote box.

README.md

@@ -31,3 +31,15 @@ Each host *must also* define the variables declared in `modules/hostopts.nix`.
 ## Secrets
 This repo uses nix-sops for secrets management, with the encrypted secrets being stored in a private repo imported as an input.
 if the `nix-secrets` input is commented out, the repo should still build, gracefully degrading to default, non-secret, values.
+
+## Spinning up a new machine:
+run `nix build ./#iso` or `nix build aarch64-iso.nix` (depending on architecture), and boot it while on the same network.
+(you can also use a regular nixos iso, but this has my tools and pub ssh keys already on it.)
+SSH into the machine (hostname will be nixos-installer), and run `nixos-generate --show-hardware-config`, and copy the kernel modules section into your config.
+run `ls /dev/disk/by-id`, and note the disk IDs.
+
+Now your ready to write a config.
+You should probably base it off of one of the other configs in `hosts`.
+Just modify it to your needs (adding roles, importing other configs, setting up networking, etc) and write a `disk-config.nix` for it.
+now, run `nix run github:nix-community/nixos-anywhere -- --flake .\#$CONFIG_NAME root@nixos-installer`, and nixos anywhere will do the rest.
+If the machine is headless, you probably also want to add an entry to the deploy config, to update it remotely.

configs/home-manager/direnv.nix

@@ -1,6 +1,6 @@
 {
   config,
-  pgks,
+  pkgs,
   lib,
   ...
 }: {

configs/nixos/distrobox.nix

@@ -0,0 +1,24 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  virtualisation.podman = {
+    enable = true;
+    dockerCompat = true;
+  };
+
+  home-manager.users.${config.host.details.user} = {config, ...}: {
+  home.file.distroboxConf = {
+    target = ".config/distrobox/distrobox.conf";
+    text = ''
+      container_additional_volumes="/nix/store:/nix/store:ro /etc/profiles/per-user:/etc/profiles/per-user:ro /etc/static/profiles/per-user:/etc/static/profiles/per-user:ro"
+    '';
+  };
+
+  home.packages = with pkgs; [
+    distrobox
+  ];
+  };
+}

flake.nix

@@ -96,6 +96,7 @@
       cumulus = import ./hosts/cumulus {inherit inputs myLib;};
       cirrus = import ./hosts/cirrus {inherit inputs myLib;};
       cirrostratus = import ./hosts/cirrostratus {inherit inputs myLib;};
+      altostratus = import ./hosts/altostratus {inherit inputs myLib;};
     };
 
     # Standalone home-manager configuration entrypoint
@@ -122,6 +123,10 @@
           profiles.system.path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.cirrostratus;
           remoteBuild = true;
         };
+        altostratus = {
+          hostname = "altostratus";
+          profiles.system.path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.altostratus;
+        };
       };
       sshUser = "root";
     };

hosts/altostratus/default.nix

@@ -0,0 +1,93 @@
+{
+  inputs,
+  myLib,
+  ...
+}:
+inputs.nixpkgs.lib.nixosSystem {
+  system = "x86_64-linux";
+  specialArgs = {inherit inputs myLib;};
+  modules = [
+    inputs.home-manager.nixosModules.home-manager
+    inputs.disko.nixosModules.disko
+    ./disk-config.nix
+    ./hardware-config.nix
+    ../../configs/nixos/common.nix
+    ../../configs/nixos/sshd.nix
+    ../../configs/nixos/secrets.nix
+    ../../configs/nixos/tailscale.nix
+          ../../roles/nixos/embedded-dev.nix
+    ({
+      config,
+      pkgs,
+      lib,
+      ...
+    }: {
+      hardware.enableRedistributableFirmware = true;
+      host.details = {
+        user = "gabe";
+        fullName = "Gabe Venberg";
+        gui.enable = false;
+      };
+      networking.hostName = "altostratus"; # Define your hostname.
+      networking.hostId = "c62c7ef6";
+      networking.networkmanager = {
+        enable = true;
+        dns = "systemd-resolved";
+      };
+      services.resolved.enable = true;
+      users.users.${config.host.details.user}.extraGroups = ["networkmanager"];
+
+      # home-manager.sharedModules = [
+      #   inputs.sops-nix.homeManagerModules.sops
+      # ];
+      home-manager.users.${config.host.details.user} = {
+        inputs,
+        osConfig,
+        lib,
+        ...
+      }: {
+        host.details = osConfig.host.details;
+        user = {
+          git = {
+            profile = {
+              name = config.host.details.fullName;
+              email = "gabevenberg@gmail.com";
+            };
+            workProfile = {
+              enable = true;
+              email = "gabriel.venberg@assistme.io";
+            };
+          };
+        };
+        imports = [
+          ../../roles/home-manager/minimal-terminal.nix
+          ../../configs/home-manager/common.nix
+          # ../../configs/home-manager/secrets.nix
+        ];
+
+        # sops = lib.mkIf (inputs ? nix-secrets) {
+        #   secrets = {
+        #   };
+        # };
+      };
+
+      # Bootloader.
+      boot.loader.systemd-boot.enable = true;
+      boot.loader.efi.canTouchEfiVariables = false;
+
+      # Open ports in the firewall.
+      # networking.firewall.allowedTCPPorts = [ ... ];
+      # networking.firewall.allowedUDPPorts = [ ... ];
+      # Or disable the firewall altogether.
+      # networking.firewall.enable = false;
+
+      # This value determines the NixOS release from which the default
+      # settings for stateful data, like file locations and database versions
+      # on your system were taken. It‘s perfectly fine and recommended to leave
+      # this value at the release version of the first install of this system.
+      # Before changing this value read the documentation for this option
+      # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+      system.stateVersion = "25.05"; # Did you read the comment?
+    })
+  ];
+}

hosts/altostratus/disk-config.nix

@@ -0,0 +1,32 @@
+{
+  disko.devices = {
+    disk = {
+      emmc = {
+        device = "/dev/disk/by-id/ata-INTENSO_SSD_1832501004002497";
+        type = "disk";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              type = "EF00";
+              size = "512M";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

hosts/altostratus/hardware-config.nix

@@ -0,0 +1,6 @@
+{
+  boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
+}

packages/iso.nix

@@ -21,7 +21,6 @@
       config,
       pkgs,
       lib,
-      inputs,
       modulesPath,
       options,
       ...

roles/nixos/embedded-dev.nix

@@ -0,0 +1,11 @@
+{
+  inputs,
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  imports = [
+    ../../configs/nixos/distrobox.nix
+  ];
+}