nym on Nostr: Encrypted NixOS home server with passwordless reboot These are my notes on ...
Encrypted NixOS home server with passwordless reboot
https://log.pfad.fr/2025/fde-nixos-colmena-passwordless-reboot/These are my notes on refurbishing a laptop with a broken screen hinge to a NixOS home server. A coworker recommended Colmena for managing NixOS on remote machines, so I decided to give it a try. I got confused by the Colmena manual, which expects NixOS to be already set up on the remote host but doesn't clearly show how to move the existing nix (remote) config inside Colmena.
I use a TPM-backed ssh key which asks for a pin on every connection. To workaround the (documented) limitation of Colmena which requires non-interactive login, I started a ssh connection in "master mode" in another terminal. With this command running in the background, I am now able to run `colmena apply`.
originally posted at
https://stacker.news/items/857807Published at
2025-01-20 20:50:30Event JSON
{
"id": "9c1704ae80a76984c61e0dfe033045ee01fd1e252af7b3515d4fe00025b1a0dd",
"pubkey": "bcea2b98506d1d5dd2cc0455a402701e342c76d70f46e38739aadde77ccef3c9",
"created_at": 1737406230,
"kind": 1,
"tags": [],
"content": "Encrypted NixOS home server with passwordless reboot\nhttps://log.pfad.fr/2025/fde-nixos-colmena-passwordless-reboot/\n\nThese are my notes on refurbishing a laptop with a broken screen hinge to a NixOS home server. A coworker recommended Colmena for managing NixOS on remote machines, so I decided to give it a try. I got confused by the Colmena manual, which expects NixOS to be already set up on the remote host but doesn't clearly show how to move the existing nix (remote) config inside Colmena.\n\nI use a TPM-backed ssh key which asks for a pin on every connection. To workaround the (documented) limitation of Colmena which requires non-interactive login, I started a ssh connection in \"master mode\" in another terminal. With this command running in the background, I am now able to run `colmena apply`.\n\noriginally posted at https://stacker.news/items/857807",
"sig": "130213674648944b9e7f4e67f1edf067954ec606af68c07dc0ef7b9c938f050c0e6016268d7a679916fbec03749f20284a56ac93804f56ce9974d488073b522d"
}