Encrypted NixOS home server with passwordless reboot
https://log.pfad.fr/2025/fde-nixos-colmena-passwordless-reboot/
These are my notes on refurbishing a laptop with a broken screen hinge to a NixOS home server. A coworker recommended Colmena for managing NixOS on remote machines, so I decided to give it a try. I got confused by the Colmena manual, which expects NixOS to be already set up on the remote host but doesn't clearly show how to move the existing nix (remote) config inside Colmena.
I use a TPM-backed ssh key which asks for a pin on every connection. To workaround the (documented) limitation of Colmena which requires non-interactive login, I started a ssh connection in "master mode" in another terminal. With this command running in the background, I am now able to run `colmena apply`.
originally posted at https://stacker.news/items/857807
nym
npub1hn…whtl5
2025-01-20 20:50:30
Author Public Key
npub1hn4zhxzsd5w4m5kvq326gqnsrc6zcakhparw8pee4tw7wlxw70ysawhtl5Published at
2025-01-20 20:50:30Event JSON
{
"id": "9c1704ae80a76984c61e0dfe033045ee01fd1e252af7b3515d4fe00025b1a0dd",
"pubkey": "bcea2b98506d1d5dd2cc0455a402701e342c76d70f46e38739aadde77ccef3c9",
"created_at": 1737406230,
"kind": 1,
"tags": [],
"content": "Encrypted NixOS home server with passwordless reboot\nhttps://log.pfad.fr/2025/fde-nixos-colmena-passwordless-reboot/\n\nThese are my notes on refurbishing a laptop with a broken screen hinge to a NixOS home server. A coworker recommended Colmena for managing NixOS on remote machines, so I decided to give it a try. I got confused by the Colmena manual, which expects NixOS to be already set up on the remote host but doesn't clearly show how to move the existing nix (remote) config inside Colmena.\n\nI use a TPM-backed ssh key which asks for a pin on every connection. To workaround the (documented) limitation of Colmena which requires non-interactive login, I started a ssh connection in \"master mode\" in another terminal. With this command running in the background, I am now able to run `colmena apply`.\n\noriginally posted at https://stacker.news/items/857807",
"sig": "130213674648944b9e7f4e67f1edf067954ec606af68c07dc0ef7b9c938f050c0e6016268d7a679916fbec03749f20284a56ac93804f56ce9974d488073b522d"
}