Nix Config

macbook

1. Install Nix with the Determinate Installer.
   • When prompted, make sure to use vanilla upstream Nix instead of Determinate Nix.
2. Run nix run nix-darwin/master#darwin-rebuild -- switch --flake github:fng97/nix-config#macbook.
3. To update with local changes to the flake run nix-darwin switch --flake .#macbook.

Windows

1. Update everything with winget upgrade --all and make sure win32yank.exe, WezTerm, and PowerToys are installed.
2. PowerToys: enable Keyboard Manager (swap CAPS for CTRL), FancyZones, and disable the rest.

wsl

1. Install NixOS-WSL.

2. Clone this repo to /tmp and unlock git-crypt.

   nix-shell -p git git-crypt

   git clone https://github.com/fng97/nix-config.git /tmp/nix-config && cd /tmp/nix-config

3. Switch to flake:

   sudo nixos-rebuild switch --flake .#wsl

4. Copy repo ~/src for future use.

5. Copy wezterm folder to ~/.config/wezterm (Windows home directory).

server

Setting up a new server:

1. Provision the server and install NixOS (e.g. with NixOS-Infect).

   NOTE: A configuration.nix and hardware-configuration.nix will be generated for us based on the server. NixOS-Infect will additionally generate a networking.nix for us.

2. Retrieve the generated configuration: scp -r root@<ip>:/etc/nixos hosts/server.

3. Replace the secrets with ones stored in secrets/secrets.json (git-crypt) and adjust the imports to include the tailscale module:

   imports = [
     ./hardware-configuration.nix
     ./tailscale.nix
     (import ./networking.nix { inherit secrets; })
   ];

4. Deploy the configuration:

   nix run nixpkgs#nixos-rebuild -- switch --fast --flake .#server \
       --target-host root@<ip> \
       --build-host root@<ip>

5. Over SSH, authenticate tailscale: tailscale up --ssh.

6. In the tailscale dashboard, make sure the new machine's token will not expire.

To deploy further changes to the configuration:

nix run nixpkgs#nixos-rebuild -- switch --fast --flake .#server \
    --target-host root@server \
    --build-host root@server