Inspired by Dustin Lyons' repo.
Lets you have 99% the same command-line tools and configuration across macOS, Linux (nixOS) and Windows (WSL).
See Screenshots for some pictures.
You need to do this only once for a new machine.
-
Install Nix using the Determinate Systems Nix installer.
-
Install Homebrew (it's only used to install Casks and Mac App Store apps, its not in the
$PATH
). -
Ensure that the current user is able to clone the private secrets repo before proceeding to the next step, by putting the SSH private key needed to clone the repo into
$HOME/.ssh/id_rsa
. -
Run
env FLAKE=<NAME> ./bootstrap
. After a successful bootstrap, the hostname will be updated to match the flake. -
Whenever you make configuration changes, run
./rebuild
. If any files are reported as being in the way, move them out of the way and re-run.
-
Install and start up NixOS following the instructions in the NixOS-WSL repository.
-
Run
sudo nix-channel --update
andsudo nixos-rebuild switch
to set up the base system. -
Run the below to enter a shell with
git
installed:export NIXPKGS_ALLOW_UNFREE=1 nix-shell --impure -p git
-
Clone this repository to
/etc/nixos/nixos-config
. -
Ensure the
root
user has the SSH public key for cloning the secret repository referenced by theflake.nix
, it should be put in/root/.ssh
with appropriate permissions. Runssh [email protected]
at least once, and save the GitHub SSH key (needed to avoid thenixos-install
command hanging waiting for user input when cloning the secrets repo). -
Change to
/etc/nixos/nixos-config
and runenv FLAKE=<NAME> ./rebuild
to do the initial build. Subsequent builds will not need you to specify the hostname. -
To change the default user from being
root
(after failing to usenixos
), run:sudo -E /run/current-system/sw/bin/nixos-rebuild boot --impure --flake .#<NAME>
Do not run
./rebuild
ornixos-rebuild switch
after this! -
Then exit the NixOS shell, and run
wsl -t NixOS
to stop it from running. -
Run
wsl -d NixOS --user root exit
. -
Stop the distribution again with
wsl -t NixOS
. Now when you next start it, it will use the user created by the flake.
-
Download the latest NixOS stable distribution, these instructions were tested with 24.05. Download the minimal distribution, not graphical.
-
Create a bootable USB.
-
Boot from the USB device.
-
Create root and boot partitions and format them with the file system of your choice, use the nixos and swap labels, as our configuration depends on these labels, and mount the file systems in
/mnt
and/mnt/boot
, respectively. -
Run
nixos-generate-config --root /mnt
, and copy the generated/etc/nixos/*.nix
files to $HOME. -
Remove
/etc/nixos
directory entirely. -
Clone this repository to
/mnt/etc/nixos
:export NIXPKGS_ALLOW_UNFREE=1 nix-shell --impure -p git git clone https://github.com/leonbreedt/nix-config.git /mnt/etc/nixos
-
Move the generated
$HOME/hardware-configuration.nix
file to thehw
subdirectory of/mnt/etc/nixos
if not already there, and name it after the machine host name.Remember, this file contains the details of the partitions specific to this machine, as well as required kernel modules, which will be needed to rebuild the system while its hardware remains the same.
Edit it if needed. Uncomment the explicit per-interface enablement for the interfaces you want to use DHCP.
mv $HOME/hardware-configuration.nix /mnt/etc/nixos/hw/<HOSTNAME>.nix
-
Ensure the
root
user has the SSH public key for cloning the secret repository referenced by theflake.nix
, it should be put in/root/.ssh
with appropriate permissions. Runssh [email protected]
at least once, and save the GitHub SSH key (needed to avoid thenixos-install
command hanging waiting for user input when cloning the secrets repo). -
Create a script named
/root/git-askpass.sh
and put the below in it:echo PASSWORD
Where PASSWORD is the passworf for the GitHub user. Make it executable with
chmod +x /root/git-askpass.sh
. -
Run
export GIT_ASKPASS=/root/git-askpass.sh
-
Run the installer in flake installation mode, where
<SYSTEM>
is the name of the system inflake.nix
:nixos-install -v --impure --flake "/mnt/etc/nixos#<SYSTEM>"
You will be prompted for a root password, which you can use after reboot to give the normal user a password to log in if you want to use X11. Only the normal user will be able to SSH in.
Now you have a purely flake-based NixOS installation.
-
Whenever you make changes to the configuration, you can Run
env FLAKE=<SYSTEM> ./rebuild
in/etc/nixos
, where<SYSTEM>
is the name of the system inflake.nix
. This will runnixos-rebuild
in flake mode, and switch to the built configuration afterwards.
Whenever you make changes to the configuration, just run ./rebuild
in the cloned
flake directory to apply it to your system. Since the value of FLAKE
defaults
to the current hostname, you don't have to pass a hostname for subsequent builds,
once it has been built once.
There are still some rough edges with this configuration. Mainly around first-time setup/retrieval of credentials from my private repo, you won't get access to it :)
If you remove the private repo input in flake.nix
and the secrets references
you can likely get it going.
If you run a command that is not installed, and you get an error like this:
DBI connect('dbname=/nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite','',...) failed:
unable to open database file at /run/current-system/sw/bin/command-not-found line 13.
Then you can likely resolve it by updating your Nix channels for the root user.
sudo nix-channel --update
Since are using rustup
instead of global native Nix Rust packages, make
sure rust-analyzer
is installed:
rustup component add rust-analyzer