john/ad-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
85 Commits 2 Branches 0 Tags
4e69da43c969c70cc128b5968037bc9b7715f999
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
John Lancaster 4e69da43c9 Update flake.lock
2025-02-17 01:45:17 -06:00
home-manager
Update flake.lock
2025-02-17 01:44:19 -06:00
nixos
added https
2025-02-17 01:13:14 -06:00
scripts
Update flake.lock
2025-02-17 01:45:17 -06:00
secrets
added restic
2025-02-17 00:36:47 -06:00
.gitignore
added crontab for auto updating
2024-12-29 16:57:36 -06:00
.sops.yaml
opened up sops regex
2024-12-29 15:07:12 -06:00
ad-nix.code-workspace
added ad-test repo to workspace
2025-01-31 19:02:40 -06:00
configuration.nix
added gdbm to packages
2025-01-25 09:51:25 -06:00
flake.lock
updated flake.lock
2025-02-17 00:37:11 -06:00
flake.nix
changed PS1
2025-01-25 09:51:41 -06:00
README.md
added crontab for auto updating
2024-12-29 16:57:36 -06:00
shell.nix
started flakes
2024-12-04 22:03:18 -06:00

README.md

NixOS Configuration for AppDaemon Development

Objectives

  • SSH remote with VSCode
  • Debugger must work
  • Multiple dev versions (different branches, forks)
  • Multiple config directories - deployment and test
  • devenv-based workflow
    • Shell
      • Makes uv available
      • Syncs devenv virtual environment
      • appdaemon
    • Build Docker
  • Use flakes
  • Jupyter through VSCode
    • autoreload must work with editable install of the dev version
    • could always work in a dev container
  • Observation - telegraf/promtail
  • Utility - portainer, watchtower

Usage

nfs

Used to rebuild the ad-nix system with whatever is currently symlinked to /etc/nixos

ads

Used to enter the development shell. Be careful, as this will create a .devenv directory and venv wherever it's entered.

venv

.devenv/state/venv/bin/python

Used in VSCode for type hints, running, and debugging

Jupyter

  • Install devenv kernel - might not be useful?
    • python -m ipykernel install --user --name devenv --display-name "Python (devenv)"
  • Run jupyter notebook on the side with a uv run jupyter notebook command
  • Use the link with the token to connect the jupyter notebook kernel to it

Mechanics

SSH Connection

SSH keys are pre-authorized from secrets/authorized_keys which contains the public keys for desktop, laptop, and phone.

SOPS

  • secrets/secrets.yaml contains the encrypted keys.
  • There needs to be a ~/.config/sops/age/keys.txt file with the age secret key. This file has to be manually placed.
  • .sops.yaml indicates to SOPS that the yaml file is encrypted with that secret key.
  • sops-ad is a convenience script for editing the secrets.yaml file.

Setup

Bootstrapping

SSH in to the host as root and get into a shell with git.

nix-channel --update && nix-shell -p git

Then build the system from the flake

nixos-rebuild switch --flake git+https://gitea.john-stream.com/john/ad-nix#ad-nix --impure

Secrets

During build time /etc/ssh/ssh_host_ed25519_key automatically gets imported as an age key. If that fingerprint is included in the .sops.yaml file, then secrets/secrets.yaml can be decrypted during the build. Otherwise ~/.config/sops/age/keys.txt needs to already be populated.

secrets/secrets.yaml needs to be edited from the terminal. There's a sops-ad command for convenience. The following keys are required:

  • telegraf_influx_token

~/.config/sops/age/keys.txt needs to be set for the sops-ad command to work.

Tailscale

Needs this in the /etc/pve/lxc/<vmid>.conf file on the proxmox host.

lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 427 KiB
Languages
Nix 98.1%
Shell 1.9%