| Distro | NixOS |
| WM | Hyprland |
| Bar | Waybar |
| Editor | Helix + Tmux |
| FileManager | yazi |
| WP-Manager | swww |
| Keyboard | tbk_mini-QMK |
sudo nixos-rebuild switch --flake ./.#laptop
sudo nixos-rebuild build --flake ~/Desktop/dotfiles/#laptop
nix run github:nix-community/nixos-generators -- --flake .#vm_oracle_aarch64 --format iso
- Boot a nixos ISO.
sudo cp ./nixos-minimal-24.11.714287.a45fa362d887-x86_64-linux.iso /dev/sdb
- Become a root user:
sudo su
- Go to home:
cd
- Find out the disk you want to install nixos to:
lsblk
- Create a disko layout, or borrow someone elses layout:
- Get all layouts in this repo.
git clone https://github.com/hakan-demirli/dotfiles
- Get all layouts in this repo.
- Format the disk using disko:
sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko ./dotfiles/hosts/common/hardware/disko-btrfs-lvm.nix --arg diskDevice '"/dev/vda"' --arg swapSize '"8G"'
- Obtain a new hardware-configuration.nix for your device
- Generate nixos config:
sudo nixos-generate-config --no-filesystems --root .
- Generate nixos config:
- Create a new host dir for your device and copy hardware-configurations.nix there:
cp ./etc/nixos/hardware-configuration.nix ./dotfiles/hosts/vm/hardware
- Install nixos:
nixos-install --root /mnt --flake ./dotfiles/.#vm
- Reboot
reboot
- Set authorizedKeys in ./kexec.nix
nix-build --system aarch64-linux '<nixpkgs/nixos>' -A config.system.build.kexec_bundle -I nixos-config=./kexec.nixscp -i ~/.ssh/id_ed25519_proton ./result [email protected]:/tmp/kexecssh [email protected] -i ~/.ssh/id_ed25519_proton -t sudo /tmp/kexec- Wait for it to load kexec.
ssh [email protected] -i ~/.ssh/id_ed25519_proton- Continue as if you have booted the minimal iso
- Follow
Oracle VPS ARMinstallation guide (remove--system aarch64-linuxfrom nix-build) and boot the kexec image. - Compile everything local and send it to vm:
- Prepare disko:
nix build --extra-experimental-features "nix-command flakes" github:nix-community/disko#disko --print-out-paths > /tmp/disko-path.txtDISKO_LOCAL_STORE_PATH=$(cat /tmp/disko-path.txt)echo "Disko built locally at: $DISKO_LOCAL_STORE_PATH"
- Prepare the system:
nix build .#nixosConfigurations.vm_oracle_x86.config.system.build.toplevel --extra-experimental-features "nix-command flakes" --print-out-paths > /tmp/system-path.txtSYSTEM_LOCAL_STORE_PATH=$(cat /tmp/system-path.txt)echo "System built locally at: $SYSTEM_LOCAL_STORE_PATH"
- Copy the system and disko to VPS:
nix copy --to ssh://[email protected]?ssh-key=/home/emre/.ssh/id_ed25519_proton $DISKO_LOCAL_STORE_PATHnix copy --to ssh://root@VPS_IP?ssh-key=/home/YOUR_USER/.ssh/id_ed25519_proton $SYSTEM_LOCAL_STORE_PATHscp -i ~/.ssh/id_ed25519_proton /home/emre/Desktop/dotfiles/hosts/vm_oracle/hardware/disko.nix [email protected]:/tmp/disko.nix
- Format the disk using disko:
REMOTE_DISKO_BIN_PATH=$(echo $DISKO_LOCAL_STORE_PATH | sed 's|^/nix/store/||') # Get the hash-name partREMOTE_DISKO_BIN_PATH="/nix/store/$REMOTE_DISKO_BIN_PATH/bin/disko"ssh [email protected] -i ~/.ssh/id_ed25519_proton "$REMOTE_DISKO_BIN_PATH --mode disko /tmp/disko.nix --arg device '\"/dev/sda\"'"
- Activate the system:
REMOTE_SYSTEM_STORE_PATH=$(echo $SYSTEM_LOCAL_STORE_PATH | sed 's|^/nix/store/||') # Get the hash-name partREMOTE_SYSTEM_STORE_PATH="/nix/store/$REMOTE_SYSTEM_STORE_PATH"
ssh root@VPS_IP -i ~/.ssh/id_ed25519_proton <<EOF mkdir -p /mnt/nix/var/nix/profiles/ nix-env --profile /mnt/nix/var/nix/profiles/system --set $REMOTE_SYSTEM_STORE_PATH NIXOS_INSTALL_BOOTLOADER=1 /mnt/nix/var/nix/profiles/system/bin/switch-to-configuration boot echo "Activation finished." EOF
- reboot
- Prepare disko:
- Boot minimal iso in qemu and allow ssh access
- On your pc:
nix-shell -p nixos-anywhere nixos-anywhere --flake .#vm_oracle_aarch64 [email protected]
- On each clean installation of the Headscale server:
- Ensure the users specified in the ACL policy exist:
sudo headscale users list- If not create them:
sudo headscale users create emre
- Create a new tailscale-key:
sudo headscale preauthkeys create --user 1 --reusable --expiration 1752000h --tags tag:bootstrap- Add it to
./secrets/tailscale-key
- Add it to
- git pull and switch to the new key on all hosts.
- Configure the exit nodes:
- Get the ID of the node you want to use as an exit node:
sudo headscale nodes routes list
- Allow the routing through that node:
sudo headscale nodes approve-routes -i 1 -r "0.0.0.0/0,::/0"- Check if it is approved:
sudo headscale nodes routes list
- Assign exit node tag for the ACL policy:
- Find the host you want to use as an exit node:
sudo headscale nodes list
- Assign exitnode tag:
sudo headscale nodes tag -i 1 -t tag:exitnode
- Find the host you want to use as an exit node:
- Get the ID of the node you want to use as an exit node:
- Ensure the users specified in the ACL policy exist:
- [Optional QOL]
- Remove unused nodes:
sudo headscale nodes delete --identifier 4 - Rename hostnames:
sudo headscale nodes rename laptop -i 6
- Remove unused nodes:
- Decrypt the Master Key (Install the God Key):
nix-shell -p agesudo mkdir -p /var/lib/sops-nixage -d secrets/age.key.enc | sudo tee /var/lib/sops-nix/key.txt > /dev/null- Enter Passphrase
sudo chmod 600 /var/lib/sops-nix/key.txt
- Install/Switch:
sudo nixos-rebuild switch --flake .#hostname
nix-shell -p sops age ssh-to-ageSOPS_AGE_KEY=$(age -d secrets/age.key.enc) sops secrets/secrets.yaml