john/ad-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
65 Commits 2 Branches 0 Tags
2f219876ba1b9944730499a301a5a63788a2ee3b
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
John Lancaster 2f219876ba changed python version and added gdbm for namespaces
2024-12-29 16:33:01 -06:00
home-manager
home dir updates
2024-12-29 13:47:27 -06:00
nixos
enabled services
2024-12-29 14:30:01 -06:00
scripts
fixed services
2024-12-29 14:12:53 -06:00
secrets
renamed file
2024-12-29 15:22:10 -06:00
.gitignore
big refactor
2024-12-18 00:52:36 -06:00
.sops.yaml
opened up sops regex
2024-12-29 15:07:12 -06:00
ad-nix.code-workspace
workspace updates
2024-12-29 10:16:11 -06:00
configuration.nix
renamed file
2024-12-29 15:22:10 -06:00
flake.lock
big refactor
2024-12-18 00:52:36 -06:00
flake.nix
changed python version and added gdbm for namespaces
2024-12-29 16:33:01 -06:00
README.md
readme tweak
2024-12-29 16:32:34 -06:00
shell.nix
started flakes
2024-12-04 22:03:18 -06:00

README.md

NixOS Configuration for AppDaemon Development

Objectives

  • SSH remote with VSCode
  • Debugger must work
  • Multiple dev versions (different branches, forks)
  • Multiple config directories - deployment and test
  • devenv-based workflow
    • Shell
      • Makes uv available
      • Syncs devenv virtual environment
      • appdaemon
    • Build Docker
  • Use flakes
  • Jupyter through VSCode
    • autoreload must work with editable install of the dev version
    • could always work in a dev container
  • Observation - telegraf/promtail
  • Utility - portainer, watchtower

Usage

nfs

Used to rebuild the ad-nix system with whatever is currently symlinked to /etc/nixos

ads

Used to enter the development shell. Be careful, as this will create a .devenv directory and venv wherever it's entered.

venv

.devenv/state/venv/bin/python

Used in VSCode for type hints, running, and debugging

Jupyter

  • Install devenv kernel - might not be useful?
    • python -m ipykernel install --user --name devenv --display-name "Python (devenv)"
  • Run jupyter notebook on the side with a uv run jupyter notebook command
  • Use the link with the token to connect the jupyter notebook kernel to it

Mechanics

SSH Connection

SSH keys are pre-authorized from secrets/authorized_keys which contains the public keys for desktop, laptop, and phone.

SOPS

  • secrets/secrets.yaml contains the encrypted keys.
  • There needs to be a ~/.config/sops/age/keys.txt file with the age secret key. This file has to be manually placed.
  • .sops.yaml indicates to SOPS that the yaml file is encrypted with that secret key.
  • sops-ad is a convenience script for editing the secrets.yaml file.

Setup

Bootstrapping

SSH in to the host as root and get into a shell with git.

nix-channel --update && nix-shell -p git

Then build the system from the flake

nixos-rebuild switch --flake git+https://gitea.john-stream.com/john/ad-nix#ad-nix

Secrets

During build time /etc/ssh/ssh_host_ed25519_key automatically gets imported as an age key. If that fingerprint is included in the .sops.yaml file, then secrets/secrets.yaml can be decrypted during the build. Otherwise ~/.config/sops/age/keys.txt needs to already be populated.

secrets/secrets.yaml needs to be edited from the terminal. There's a sops-ad command for convenience. The following keys are required:

  • telegraf_influx_token

~/.config/sops/age/keys.txt needs to be set for the sops-ad command to work.

Tailscale

Needs this in the /etc/pve/lxc/<vmid>.conf file on the proxmox host.

lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 427 KiB
Languages
Nix 98.1%
Shell 1.9%