ok hi this is my nixos config. it is pretty much a mess and the code sucks but welp
note to self on what needs to be installed on the host manually:
/etc/ssh/agenix-key(darwin:~/.ssh/agenix-key) - private key for secret decryption./secrets/unsafe.key- private key for unsafe secret decryption
"unsafe" secrets are only secret to the "outside" world (i.e. the git repo), but are decrypted at build-time and are available globally to the system. this is useful for things like server ips, since i don't want to expose them to everyone, but they are not really secret in the sense that they are not sensitive data.
/etc/iso/win11.iso- iso containing windows 11 installer (e.g. this: magnet)/etc/vms/haos.img- qcow2 image for haos vm (can be downloaded from the official website, the KVM/Proxmox image)./etc/vms/bnuuy.img- qcow2 image of an ubuntu cloud image (e.g.https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img)/etc/secureboot/keys- secure boot keys, generated withsudo nix-shell -p sbctl --run "sbctl create-keys"- to enroll fde onto tpm:
sudo systemd-cryptenroll /dev/nvme0n1p2 --tpm2-device=auto --tpm2-pcrs=0+2+7
cp /var/run/current-system/Library/Fonts/* /Library/Fonts - copy nix-managed fonts to system fonts (waiting for this PR)
macos:
curl -L https://nixos.org/nix/install | sh
git clone https://github.com/teidesu/nixos ~/nixos
cd ~/nixos
./switch