Dotfiles

Secrets

Secrets are managed with sops-nix. Create age secret key from ssh machine private key:

mkdir -p ~/.config/sops/age
nix-shell -p ssh-to-age --run "ssh-to-age -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt"

To see age public use:

nix-shell -p ssh-to-age --run "ssh-to-age -i ~/.ssh/id_ed25519.pub"

To rebuild and switch to new build:

sudo nixos-rebuild switch --flake .#

We can build and test our nixos environment inside virtual machine.

nix build  ./#nixosConfigurations.vm.config.system.build.vm

Start virtual machine with:

./result/bin/run-nixos-vm

To be able to connect via SSH, we have to forward port 2222 to 22:

QEMU_NET_OPTS="hostfwd=tcp::2222-:22" ./result/bin/run-nixos-vm

Now we can ssh to the vm:

ssh -p 2222 nixos@localhost

nix --extra-experimental-features "nix-command flakes" run nix-darwin -- switch --flake .#

Name		Name	Last commit message	Last commit date
Latest commit History 783 Commits
hosts		hosts
modules		modules
overlays		overlays
scripts		scripts
secrets		secrets
wallpapers		wallpapers
.envrc		.envrc
.gitignore		.gitignore
.sops.yaml		.sops.yaml
flake.lock		flake.lock
flake.nix		flake.nix
readme.md		readme.md
shell.nix		shell.nix