# NixOS Configuration

Desktop and laptop configurations.

## Getting started

1. Setup shell enviroment `nix-shell -p git openssh`.
2. Create ssh key for root. `sudo ssh-keygen -t ed25519 -N '' -f /root/.ssh/id_ed25519 && sudo cat /root/.ssh/id_ed25519.pub`.
3. Add root's key as a deploy key to [My NixOS Secrets](https://gitlab.com/marvinroman/my-nixos-secrets/-/settings/repository#js-deploy-keys-settings).
4. Create system key for host. `sudo ssh-keygen -t ed25519 -N '' -f /etc/ssh/ssh_host_ed25519_key && sudo cat /etc/ssh/ssh_host_ed25519_key.pub`.
5. Add the system's key the systems array in secrets.nix file in [My NixOS Secrets](https://gitlab.com/marvinroman/my-nixos-secrets). Then run `agenix -r` to rekey.
6. Create a user key. `ssh-keygen -t ed25519 -N '' -f ~/.ssh/id_ed25519 && cat ~/.ssh/id_ed25519.pub`.
7. Add the user's key the users array in secrets.nix file in [My NixOS Secrets](https://gitlab.com/marvinroman/my-nixos-secrets). Then run `agenix -r` to rekey.
8. Bring down the repository `git clone git@gitlab.com:marvinroman/nixos-configuration.git myNixOS && cd myNixOS`.
9. Build the system `sudo nixos-rebuild switch --flake ./#[baker|toaster]`.

## Upgrading

### Flake lock file

This is not necessary for regular updates you have to be in repository directory to run.

Update secrets input.

```bash
nix flake update mysecrets
```

Update all flake inputs.

```bash
nix flake update
```

### Upgrade system

This is automatically run every day so it's no necesary to run unless you want to run after updating lock file.

```bash
sudo nixos-rebuild switch --flake ./#[baker|toaster] --upgrade
```

## Setup Yubikey

Need to authorize any keys within the user account to be available for pam by running the following commands.

```bash
nix-shell -p yubico-pam
ykpamcfg -2
```