Skip to content

eelcovv/elixos

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

elixos logo

elixos

The Declarative Cure for Your NixOS Headaches

🌐 Introduction

Elixos is a modular, declarative NixOS configuration system for multi-host and multi-user environments. It leverages flakes and sops-nix for secure, reproducible, and extendable NixOS installations.

πŸ“ Project Structure

elixos/
β”œβ”€β”€ flake.nix
β”œβ”€β”€ flake.lock
β”œβ”€β”€ justfile
β”œβ”€β”€ nixos/
β”‚   β”œβ”€β”€ configuration.nix
β”‚   β”œβ”€β”€ disks/
β”‚   β”œβ”€β”€ hardware/
β”‚   β”œβ”€β”€ hosts/
β”‚   β”œβ”€β”€ home/
β”‚   β”œβ”€β”€ users/
β”‚   β”œβ”€β”€ modules/
β”‚   └── secrets/

πŸš€ Quick VM Installation Workflow

Use the following steps to quickly install a NixOS VM using QEMU.

πŸ› οΈ 1. Preparation on the Host

just vm_prerequisites      # Install qemu, ovmf, rage, sops
just vm_reset              # Remove old VM files
just vm_prepare            # Download ISO and create VM disk
just vm_run_installer      # Boot the live installer in QEMU

πŸ” 2. Bootstrap the VM from the Host

Load the .env file which set the environment variables of the current setup. For instance, load

. .env-generic-vm

This sets:

HOST=generic-vm
SSH_USER=nixos
SSH_PORT=2222
SSH_HOST=localhost
SSH_KEY=$HOME/.ssh/ssh_key_generic-vm_eelco
REPO_DIR=/home/nixos/elixos

Now you can run the bootstrap for this VM

just bootstrap-vm

This performs the following:

  • Pushes your Age master key (keys.txt) to the live installer
  • Pushes your repo to a bare Git repo on the VM
  • Clones the repo into ~/elixos on the VM
  • Installs the master key to /etc/sops/age/keys.txt
  • Partitions the disk using disko
  • Installs NixOS using the generic-vm configuration

After bootstrapping the VM, the age key is available in memory, but not yet in the installed system. To fix that, after booting the VM, run:

just post-boot-setup HOST=localhost

This will:

  • Push the age key to the real VM
  • Install the key to /etc/sops/age/keys.txt
  • Push and clone the repo again
  • Prepare for nixos-rebuild switch

▢️ 3. Boot the Installed VM

just vm_run

πŸ”‘ 4. SSH Login

ssh -p 2222 eelco@localhost

If backspace does not work:

export TERM=xterm

πŸ§ͺ Development & Testing via VM

  1. Modify your configuration (e.g. hosts/tongfang.nix, modules/, etc.)

  2. Push to GitHub or directly to the live VM:

    git add . && git commit -m "Update" && git push
    
  3. On the VM:

    cd ~/elixos
    git pull
    sudo nixos-rebuild switch --flake .#generic-vm
    

πŸ” SOPS and SSH Key Management

Secrets like your SSH private key are stored as encrypted YAML files.

πŸ”‘ Create and Encrypt a New Key

just make-secret HOST USER

This creates:

  • ~/.ssh/ssh_key_HOST_USER
  • nixos/secrets/HOST-USER-secrets.yaml

πŸ“¦ Encryption Helpers

just encrypt-key       # Convert ~/.ssh/id_ed25519 to encrypted YAML
just show-key          # View decrypted secret
just decrypt-key       # Restore ~/.ssh/id_ed25519 from secrets

πŸ”§ Maintenance

just update              # Update flake inputs
just clean               # Run nix garbage collection
just fmt                 # Format all .nix files
just vm_reset            # Reset and clean VM setup
just vm_build_generic-vm # Build the system only (no run)

🧩 Live Installer SSH Setup

For manual access to the live installer:

just live_setup_ssh       # Start sshd and set root password
just ssh_authorize USER   # Add your SSH key to the live VM

πŸ“ˆ Installation Flow Visualization

Host (QEMU & Just)
       |
       v
Live Installer (VM)
       |
       v
Installed NixOS VM
       |
       v
sops decrypt β†’ ~/.ssh/id_ed25519
       |
       v
Working SSH login

πŸ“š Tips

  • Add export TERM=xterm to your VM shell profile for better terminal compatibility.
  • Use just vm_run_gpu for graphical output with virtio-vga and virgl.
  • Create VM snapshots before major system changes.

Happy hacking with Elixos! 🧬

Steps laptop installation

Preparation

  1. Download the [https://nixos.org/download/](nixos minimal ISO image) and create a live USB starter with it

  2. Start up live NIXOS installer

Connectig with wifi

  1. Log in as root

    sudo su
  2. Look up the name of your wifi device

    ip link

    The name is for example wlp2s0

  3. Scan the available networks

    iw dev wlp2s0 scan | grep SSID

    If you get: 'Network is down (-100), activate it with:

    ip link set wlp2s0 up

    If you now get Operation not possible due to RF-kill, then check

    rfkill list

    Check if

    0: phy0: Wireless LAN
        Soft blocked: yes
        Hard blocked: no

    If it it soft blocked, unblock with

    rfkill unblock all

    Now, activate your device

    ip link set wlp2s0 up

    and scan again

    iw dev wlp2s0 scan | grep SSID

    Also, check if you on the right interface with:

    iw dev

    this should show

    Interface wlp2s0
        type: managed

    Now you should see your network

  4. Connect to your network

    wpa_passphrase "mijn-wifi-ssid" "mijn-wifi-wachtwoord" > wpa.conf

    and then

    wpa_supplicant -B -i wlp2s0 -c wpa.conf

    and now request a ip-address using

    dhcpcd wlp2s0

    You can ignore the notification read_config: /etc/dhcpcd.conf: No such file or directory. Just check that you are connected with

    ip a show wlp2s0

    Also, check if you are connected to the internet with

    ping 1.1.1.1
  5. Starting sshd deamon

    To start your demeaon, first set your root password with

    passwd
    

    Then run

    sudo systemctl start sshd

    Check if it is running

    sudo systemctl status sshd

    Look up your ip address with:

    ip ad

    It should be something like 192.168.2.3

  6. Loging in on the live installer from a host laptop

    Make sure you have set the root password. To do that, on your live installer, login as root as

    sudo su

    and

    passwd

    Then you should be able to login from your host machine as

    If you get a warning about 'Remote Host Identification Has Changed', you have probably logged in on this IP Address earlier.Delete you key with

    ssh-keygen -R "[192.168.2.3]:22"

    In case logging in is not allowed at all, you may want to change your /etc/ssh/sshd_config file. Since in nixos, you cannot change settings files (even not as root), just copy the file to your home

    cp /etc/ssh/sshd_config ~  

    You may want to change the setting UsePAM Yes to UsePAM No

    Then, restart your sshd deamon with this new settings file as

    sudo $(which sshd) -f ~/sshd_config

    (Note that this which sshd is needed since you need to use the full path to the sshd file)

    Check if you are now listening to port 22 with

    ss -tlnp | grep 22
    sudo useradd -r -s /urs/sbin/nologin -c "sshd user" sshd

    start sshd in the background with

    sudo nix run --extra-experimental-features 'nix-command flakes' github:nix-community/disko -- --flake .#singer --mode zap_create_mount

    to login: don't use password, but copy you public ssh key and add to authorized_keys. I used keep to copy my key.

    also check your firewall if it is not running

    To transer your git repo, either bundle or just add your publish key to your git hub account

  7. Tranfering you git repository to the laptop

    In your terminal where you are remotely logged in on you laptop do:

    mkdir /tmp/elixos.git

    and turn it into a bare repository with

    git init --bare /tmp/elixos.git

    On you host, do

    ssh-copy-ip [email protected]

    to prevent that you have to type a password each time

    In your elixos repository do

    git remote add nixtmp [email protected]:/tmp/elixos.git

    No you can push your repository to the laptop with

    git push nixtmp main
  8. Installing your laptop

    Install just to be able to use is

    nix-shell -p just

    Start with running disko to partition your hard-drive

    just partition singer

    Check your partitions with

    findmnt /mnt

    which should give you

    TARGET
         SOURCE         FSTYPE OPTIONS
    /mnt /dev/nvme0n1p2 ext4   rw,relatime
    

    Copy the sops age key to the laptop installer. Run from your host:

    scp ~/.config/sops/age/keys.txt [email protected]:~

    And then run in your live installer

    mkdir /root/.config/sops
    mv /root/keys.txt /root/.config/sops

    And also copy them to your future hardrive

    mkdir -p /mnt/etc/sops/age
    cp /root/keys.txt /mnt/etc/sops/age/keys.txt
    chmod 400 /mnt/etc/sops/age/keys.txt

    Now you can install your laptop with

    nixos-install --flake .#singer

    After installing, if you ssh keys are not present yet, you can try the following.

    First, loging onto your newly installed laptop using the same prodceedure as above (start sshd deamon). Then copy the ~/.config/sops/age/keys.txt file to the newly installed laptop. Clone the repository to the newly installed laptop.

    Then do this

        mkdir -p /mnt/etc/sops/age
        cp /root/keys.txt /mnt/etc/sops/age/keys.txt
        chmod 400 /mnt/etc/sops/age/keys.txt
    ```shell
    
    And try to rebuild your system with
    
    ```shell
    sudo nixos-rebuild switch --flake .#singer 

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •