44 lines
1.6 KiB
Markdown
44 lines
1.6 KiB
Markdown
|
|
|
|
|
|
a new interation of xyno's nixos configurations
|
|
meow
|
|
|
|
## things to think about
|
|
|
|
- module imports
|
|
- manual imo, just have a all-modules.nix or smth
|
|
- otherwise unexpected stuff can be imported
|
|
- or smth like /nixos-modules/$moduleName/default.nix
|
|
- import all the default.nix es, and not more
|
|
- secret management
|
|
- age is good, secrets should be completely host scoped tho
|
|
- todo look into howeverthefuck the whole systemd secrets thing works
|
|
- maybe build a out of band encryption scheme out of that (laptop has all secrets age encrypted with user host key, ssh to deploy all secrets with tpm)
|
|
- systemd-creds + a deployment mechanism would be cool af
|
|
- language to write that in: nushell?
|
|
- general folder structure
|
|
- /hosts/$host/configuration.nix
|
|
- /hosts/$host/default.nix for settings (system, imports)
|
|
- /nixos-modules/
|
|
- /hm-modules/
|
|
- /apps
|
|
- /lib
|
|
- what should be a module
|
|
- configuration for an application
|
|
- secrets should be parameters
|
|
- reverse proxy conf sould be included
|
|
- podman services are allowed
|
|
- there should be a framework for podman services (creating networks and such)
|
|
- quadlet nix wrapper
|
|
- https://github.com/SEIAROTg/quadlet-nix
|
|
- a tagging system maybe
|
|
- eg: tag a confugration with "laptop" and "gaming" so it has steam and powerprofilesctl installed
|
|
- tooling for remote building
|
|
- secureboot is a must
|
|
- systemd init too
|
|
- CI
|
|
- auto builds for all systems
|
|
- auto issues for software updates
|
|
- both nix and podman
|
|
- nixpkgs fmt rfc style
|