First Time Setup
Prerequisites
Section titled “Prerequisites”- A machine with NixOS installed (standard ISO)
- 1Password CLI (
op) installed on your personal device 1password-token.agealready encrypted via Agenix in the repository (using the Homelab SSH public key)- Cloudflare Tunnel token configured in 1Password
1. Add Host Identity Key (Agenix Seed)
Section titled “1. Add Host Identity Key (Agenix Seed)”NixOS needs the private SSH key corresponding to the public key used to encrypt the 1password-token.age file. This allows agenix to decrypt the token during deployment.
Create the private key file on the NixOS machine:
sudo nano /etc/ssh/ssh_host_ed25519_keyPaste the content of the Homelab SSH private key from your 1Password vault and save.
Set the correct permissions:
sudo chmod 600 /etc/ssh/ssh_host_ed25519_keysudo chown root:root /etc/ssh/ssh_host_ed25519_key2. Clone the Configuration Repository
Section titled “2. Clone the Configuration Repository”NixOS reads its system configuration declaratively from /etc/nixos.
sudo git clone https://github.com/JavierSegoviaCordoba/homelab-nixos.git /etc/nixoscd /etc/nixos3. Apply System Configuration
Section titled “3. Apply System Configuration”Apply the NixOS flake to deploy the entire system, including services like Cloudflare and Home Assistant.
sudo nixos-rebuild switch --flake .Note: Once applied, systemd will automatically start all services. The Cloudflare tunnel will use the decrypted 1password-token to fetch the actual tunnel credentials from 1Password and establish the connection.
4. Verify Services are Running
Section titled “4. Verify Services are Running”systemctl status cloudflared-tunnelsystemctl status home-assistant