sokrates-dev
Summary
The sokrates-dev NixOS configuration target for internal development on GMKtec hardware (Intel Alder Lake-N). Permissive environment with full internet access, open debugging ports, and local Docker builds — contrasting with the locked-down sokrates-box production appliance.
Details
Hardware and Installation
Standard hardware: GMKtec mini-PC. Install process:
- Flash NixOS minimal ISO (x86_64) to USB
- Boot, wipe pre-installed OS
- Generate hardware config:
nixos-generate-config --show-hardware-config→ committed tonixos/modules/hardware-gmktec.nix - Install:
nixos-install --flake .#sokrates-dev
Configuration Profile (dev.nix)
Defined in nixos/modules/dev.nix:
- User:
hakonwith passwordless sudo and docker group membership - Networking: Standard firewall without
nftablesegress restrictions (full internet access) - Open ports: SSH (22), Neo4j (7474/7687), Eidos (8000)
- Tooling: git, neovim, tmux, just, ripgrep, fd, bat, docker-compose, nil (Nix LSP)
Docker and Workspace
Dev stack builds containers locally from source (vs production pulling from ghcr.io). Source of truth: nixos/containers/docker-compose.yml. Stack lifecycle via just build && just up.
The docker.nix NixOS module references the compose file via relative path (../containers/docker-compose.yml from modules/), integrating Docker service lifecycle with NixOS management.
Deviations from Production
- Fleet Agent: Skipped (reduces overhead, avoids unnecessary egress)
- Network policy: Open internet (vs strict nftables egress whitelist on sokrates-box)
- Secrets: Handled manually — create files in
/var/lib/sokrates/secrets/directly
Rebuild
sudo nixos-rebuild switch --flake .#sokrates-dev