No description
| .helix | ||
| .woodpecker | ||
| bin | ||
| hm-modules | ||
| instances | ||
| lib | ||
| modules | ||
| overlays | ||
| packages | ||
| secrets | ||
| .envrc | ||
| .gitignore | ||
| flake.lock | ||
| flake.nix | ||
| LICENSE | ||
| README.md | ||
| sops.nix | ||
a new interation of xyno's nixos configurations meow
things to think about
- module imports
- manual imo, just have a all-modules.nix or smth
- otherwise unexpected stuff can be imported
- or smth like /nixos-modules/$moduleName/default.nix
- import all the default.nix es, and not more
- secret management
- age is good, secrets should be completely host scoped tho
- todo look into howeverthefuck the whole systemd secrets thing works
- maybe build a out of band encryption scheme out of that (laptop has all secrets age encrypted with user host key, ssh to deploy all secrets with tpm)
- systemd-creds + a deployment mechanism would be cool af
- language to write that in: nushell?
- general folder structure
- /hosts/$host/configuration.nix
- /hosts/$host/default.nix for settings (system, imports)
- /nixos-modules/
- /hm-modules/
- /apps
- /lib
- /hosts/$host/configuration.nix
- what should be a module
- configuration for an application
- secrets should be parameters
- reverse proxy conf sould be included
- podman services are allowed
- there should be a framework for podman services (creating networks and such)
- quadlet nix wrapper
- https://github.com/SEIAROTg/quadlet-nix
- a tagging system maybe
- eg: tag a confugration with "laptop" and "gaming" so it has steam and powerprofilesctl installed
- tooling for remote building
- secureboot is a must
- systemd init too
- CI
- auto builds for all systems
- auto issues for software updates
- both nix and podman
- nixpkgs fmt rfc style