Nicos configuration options

{
  inputs = {
    nicos.url = "github:plmercereau/nicos";
  };

  outputs = {nicos, ...}:
    nicos.lib.configure
    {
      projectRoot = ./.;
      adminKeys = [
        "ssh-ed25519 ..."
      ];
      extraModules = [./shared.nix];
      machinesPath = "./hosts-nixos";
      users = {
        enable = true;
        path = "./users";
      };
      wifi = {
        enable = true;
        path = "./wifi";
      };
      builders = {
        enable = true;
        path = "./builder";
      };
    };
}

projectRoot

path

required

Path where the configuration files are located, relative to the the root of the flake.

adminKeys

list of strings

required

List of SSH public keys of the administrators. Without it, they won’t be able to encrypt and decrypt secrets.

These keys won’t give access to any machine, and that admin users still need to be defined in the machines confuguration.

extraModules

list of paths

default:[]

Extra modules that will be imported in every machine.

machinesPath

string

Configuration relative to NixOS machines Directory where the NixOS machines configuration is located, relative to projectRoot.

users

attribute set

Configuration relative to user password. When enabled, it will

Show Users

enable

boolean

default:false

Enable the handling of user passwords.

path

string

Directory where the user passwords will be encrypted and stored, relative to projectRoot

This value is mandatory if users.enable is set to true

wifi

attribute set

Configuration relative to wifi networks. When enabled, the wifi.path folder will store two files:

psk.age: encrypted key-value pairs of the wifi networks and their passwords
list.json: list of the wifi networks, that will be used in the configurations of the machines that enabled wireless networking without taking the risk of exposing the passwords in the Nix store.

Show Wifi

enable

boolean

default:false

Enable the handling of wifi networks and passwords accross the machines

path

string

Directory where the list of networks and their encrypted passwords will be stored

This value is mandatory if wifi.enable is set to true

builders

attribute set

Configuration relative to the Nix builders. When enabled, the builders.path folder will store two files:

key.age: encrypted SSH private key used to connect to the builders
key.pub: SSH public key used to connect to the builders

Show Wifi

enable

boolean

default:false

Enable the handling of wifi networks and passwords accross the machines

path

string

Directory where the list of networks and their encrypted passwords will be stored

This value is mandatory if builders.enable is set to true

Reference