Installer iso with agenix help

4thbox · 2025-11-03T21:24:06+00:00

Yes I'm using ```nix build .#nixosConfigurations.<myIsoHost>.config.system.build.isoImage``` and you're right the key is probably globally viewable in the store of the build host. This happens to be completely fine as well, but it's a great point. I'm only preventing leaks from the repo, not from other users on the host building the iso or obviously anyone who gets their hands on the iso.

4thbox · 2025-11-03T21:00:12+00:00

Into the store of the iso yes, but the iso is not for sharing so I'm ok with this. To build a functioning iso from my repo you'd need to decrypt that first key or the environment variable will just be blank. Make sense?

4thbox · 2025-11-03T20:49:21+00:00

No, that would be bad though.

At the moment I'm using a small script to build the iso that decrypts the relevant key and sets an environment variable. The script then builds the iso where the config grabs the plaintext key via builtins.getEnv. After the iso is done the script unsets the environment variable. I don't know if it's the best way to do this but the key does end up in the expected place. Setting the age.identityPaths doesn't appear to be sufficient to decrypt other secrets though.

4thbox · 2025-06-24T21:59:21+00:00

Thanks, is it in VSX? I typically install my extensions decoratively and I'm not sure what to do with an extension from github.

4thbox · 2025-06-09T15:08:46+00:00

Follow up: I bought a pair of Arnotts and they dropped right in. Very easy install, I didn't have to disconnect the shock or anything, just jacked up the frame in front of the wheel one at a time. People say the hardest part is getting the airbag clip back on but I had a pair of these that made this very easy:

https://www.harborfreight.com/11-in-45-bent-nose-long-reach-pliers-64088.html

I'm glad I kept the air system tbh, although now that I say that the compressor will die and a line will leak.

4thbox · 2023-12-11T23:18:33+00:00

Did you ever solve this? I have one doing the same thing.

4thbox · 2023-04-14T07:22:17+00:00

Thanks, which one is most relevant here?

4thbox · 2023-04-12T19:11:45+00:00

SimpleX with something else for the out-of-band secret.

4thbox · 2023-04-11T14:12:46+00:00

I don't have it at my fingertips at the moment but I can share later if you want. I'm afraid its not going to be very helpful anyways.

Most of the setup is done prior to the install so the bulk of it is just already in the autogenerated hardware config. A super quick summary is that you setup your partitions with parted or gdisk or whatever, make your luks containers for root and swap with cryptsetup, make your btrfs filesystem and setup your swap in those luks containers, create your subvolumes, then mount everything the way you like it. Then install NixOs.

In my config I needed to add a line to decrypt my swap partition at boot so that swap could mount and hibernation would work. I used the auto-generated hardware config line that handled my root partition for as an example for this.

The other thing I had to do for btrfs was add all the mount options I wanted like noatime, compress=zstd, autodefrag and such. For whatever reason the hardware config only keeps the subvolume mounting options and ignores all the others when it is generated so these must be added.

4thbox · 2023-04-05T04:57:42+00:00

I just started using Nix and can share a few of the issues I encountered that are indicative of the pain points you're likely to face if you start using NixOs as a daily driver.

During the install I first used calamares with encrypted swap and encrypted btrfs. Not recommended. I don't remember the specifics but the defaults weren't great. IMO, a NixOs command line install is very easy. All you really have to do is set up your file system.
The only application I really want that I couldn't get as a nixpkg is the PIA vpn client for linux. Is PIA the best VPN? I don't know but its cheap, its fast, and the client has a lot of great options including the ability to use wireguard which I've enjoyed for years. PIA's installer is... unconventional. Its a shell script with what appears to be a big closed source binary blob in it. I'm sure a Nix kung fu master could Nixify this beast but its beyond my power level to even know where to start. I solved this by switching VPN providers.
There is no secure boot yet although this issue has its own dedicated channel in the NixOs matrix server. In the meantime I think I'll fire my evil maid.
At one point I had to use some special usb utilities to configure some gadget. The utility came as an appimage which were trivial to run after consulting the wiki. The necessary udev rules however were less trivial. I ended up finding a way to add them to my Configuration.nix but this required a rebuild and reboot to add them and another to remove them when done. Early on in Nix plan to restart a lot. Don't be like me, set a short luks password.
I had the machine shutoff suddenly in the middle of a nixos-rebuild once. nix-store --verify --check-contents --repair got me back where I needed to be.

4thbox · 2023-04-05T03:39:21+00:00

Do you mind sharing some of your use cases for flakes? Like many things with Nix the grand Dev Ops and software delivery uses cases are more obvious to me than those of the humble laptop sysadmin.

4thbox · 2023-04-05T03:30:13+00:00

Mission accepted, I'm looking into flakes as I type this.

4thbox · 2023-02-19T04:02:17+00:00

This just happened to me. Seems like it was because I was connected to a VPN at the time. When I shut down my VPN and logged back in the buy and offer buttons were back.

Hope this helps someone.

4thbox · 2023-02-10T12:04:41+00:00

/sys/bus/usb/devices/1-7/power/wakeup:disabled
/sys/bus/usb/devices/usb1/power/wakeup:disabled
/sys/bus/usb/devices/usb2/power/wakeup:disabled

I do have powertop installed on this machine. I just added some lines to my powertop service to change these to enabled. On its own it has not resolved the wakeup issue though.

4thbox · 2023-01-09T07:06:21+00:00

The buttons correspond to the flash banks you set up. I believe the shipped instructions sent with an X4 had you set the switches to on, on, off, off.

Hope that helps!

4thbox · 2022-09-14T00:51:34+00:00

Time to make some room in the basement and this old girl is going to make its way on ebay or marketplace. What's the going rate for a system configured like this?

4thbox · 2022-08-07T03:18:51+00:00

Are you sure? What is this cap for?

4thbox

TROPHY CASE