Kipos

Collection of system configs for my machines.

TODO

• Configure a basic test VM with flake
• Build test VM locally (ref: Setting up qemu VM using nix flakes)

  nixos-rebuild build-vm --flake .#test
  QEMU_NET_OPTS="hostfwd=tcp::2221-:22" result/bin/run-nixos-vm
  # VM will run in the terminal where you started it, but you can also SSH in:
  ssh -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no admin@localhost -p 2221
  # Once done, hit CTRL+a,x to shut down VM

• Build test VM locally
• Build test VM in GHA
• Wire secrets into the repo (ref blog post)
  • Set up kipos-secrets non-public repo to hold SOPS yaml (ref sops-nix for basic getting-started info)
  • Generate kipos-secrets Deploy Key pair (public key goes into kipos-secrets settings, private key goes into kipos secret)
  • Update kipos GHA to load private Deploy Key from secret into ssh-agent
  • Reference kipos-secrets as an input to flake
  • Wire dummy secrets into hello.nix test
• Auto-update flake via GHA
• See if disko works with tests
• Clean up hello.nix

Router

• Pull in old config
• Simplify config:
  • No VLANs to start
  • Single subnet
  • DNS / DHCP
  • NAT for basics
• Set up secrets
• Re-image machine, add deploy key to CI
• SSH config for remote builds
• Simple WiFi network
• Wireguard
• Observability
  • Logging
  • Metrics
  • pmacct or ntopng

Refs

Other people's configs...

• https://github.com/dustinlyons/nixos-config/blob/main/modules/darwin/casks.nix
• https://github.com/cameronraysmith/nix-config/blob/main/flake.nix
• https://0xda.de/blog/2024/07/framework-and-nixos-sops-nix-secrets-management/#separating-our-secrets-from-our-config