Skip to content
/ homelab Public

NixOS configuration for my homelab hypervisor, including OpenTofu definitions for provisioning VMs with libvirt

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

leierx/homelab

BranchesTags

Repository files navigation

SOPS quickstart (AGE)

You need an AGE private key at ~/.config/sops/age/keys.txt to decrypt/edit secrets.

Create key

mkdir -p ~/.config/sops/age
age-keygen -o ~/.config/sops/age/keys.txt

Show your public recipient (use this when encrypting): age-keygen -y "$HOME/.config/sops/age/keys.txt"

Common actions

Encrypt (in place):

sops --encrypt --in-place secrets.yml

Edit in place (auto-decrypts/encrypts on save): sops secrets.yml

Decrypt to stdout (don’t write plaintext to disk): sops --decrypt secrets.yml

Re-key file after changing recipients in .sops.yaml: sops updatekeys -y secrets.yml

Build a minimal ISO (with SSH key) for remote install

From the installer/ directory:

cd installer
docker build -t nixos-iso -q . | xargs docker run --rm -v "$PWD":/work nixos-iso

Remote install with nixos-anywhere (copy AGE key to /root)

# 1) Stage files in a temp dir that mirrors target paths
tmpdir="$(mktemp -d)"
install -D -m 0600 "$HOME/.config/sops/age/keys.txt" "$tmpdir/root/keys.txt"

# 2) Run nixos-anywhere, copying that tree to the target’s
nix run github:nix-community/nixos-anywhere -- \
  --flake '.#loftserveren01' \
  --target-host [email protected] \
  --extra-files "$tmpdir"

# 3) Clean up
rm -rf "$tmpdir"

About

NixOS configuration for my homelab hypervisor, including OpenTofu definitions for provisioning VMs with libvirt

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages