diff --git a/README.md b/README.md index 08acbd9b..06e6fb27 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ # NixOS Configuration Repository -## NOTE: These configs expect this repo to be cloned to /etc/nixos/git/ -### For first-run, see [setup.sh](docs/setup.sh) +## NOTE: These configs expect this repo to be cloned to `/etc/nixos/git/` * Installing a system from the ISO: ``` @@ -36,8 +35,63 @@ nix develop -c /etc/nixos/git/docs/setup.sh * [ ] rofi - bitwarden-cli / bitwarden-menu ([Link](https://search.nixos.org/packages?channel=23.05&show=bitwarden-menu&from=0&size=50&sort=relevance&type=packages&query=bitwarden)) Completed ToDo List [here](docs/complete.md) + --- +# Information +### Home Manager + * Home Manager Documentation - [Link](https://nix-community.github.io/home-manager/index.html) + * Home Manager Options Search - [Link](https://mipmip.github.io/home-manager-option-search/) + +### NixOS + * NixOS Documentation - Stable - [Link](https://nixos.org/manual/nixos/stable/) + * NixOS Packages / Options Search - [Link](https://search.nixos.org/) + * Nix User Repository (NUR) Search - [Link](https://nur.nix-community.org/) + * ARM NixOS Building - [Link](https://nixos.wiki/wiki/NixOS_on_ARM#NixOS_installation_.26_configuration) + +### Useful Links + * FlakeHub - [Link](https://flakehub.com) + * Track a Nixpkgs PR - [Link](https://nixpk.gs/pr-tracker.html) + * Awesome-Hyprland - [Link](https://github.com/hyprland-community/awesome-hyprland) + +### Examples + * Tons of good examples here - [Link](https://github.com/Mic92/dotfiles/blob/main/nixos/modules/) + * NixOS Flakes Intro Guide - [Link](https://nixos-and-flakes.thiscute.world/) + +### Theming + * Neofetch Themes - [Link](https://github.com/Chick2D/neofetch-themes/) + * gruvbox-factory - [Link](https://github.com/paulopacitti/gruvbox-factory) + * Hyprland Gruvboxy - [Link](https://github.com/0bCdian/Hyprland_dotfiles/tree/gruvboxy) + +--- +# Theming +* To change system-wide themes, see [theming.md](docs/theming.md) + +--- +# Lanzaboote / SecureBoot +* Instructions here - [Link](https://git.sysctl.io/Mirrors/lanzaboote/src/branch/master/docs/QUICK_START.md) +1. Create your keys: `sbctl create-keys` +2. Verify your machine is ready for SecureBoot: `sbctl verify` - Everything except `*-bzImage.efi` are signed +3. Enter Secureboot Setup mode in your EFI Settings on the motherboard (F10) + * Security -> SecureBoot -> Set to Enabled and "Reset to Setup Mode" and exit +4. Enroll the keys: `sbctl enroll-keys --microsoft` + * If you wish, you can select `--tpm-eventlog`, but checksums will change later (ie, at a kernel rebuild) +5. Reboot and verify you are activated: `bootctl status` + +# Manual: GPG Keys +1. Import the user private key: `gpg --import gpg/users/albert/privkey.asc` +2. Mark it as trusted: `gpg --edit-key albert@sysctl.io`, then type `trust`, then `5` +3. On each new machine, run `sudo nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o /etc/nixos/git/keys/hosts/$(hostname).asc"` + * This will output the identifier you add to `.sops.yaml` + * Move `HOSTNAME.asc` to `keys/hosts/` and upload to git and rename accordingly. + +# Secrets +1. Run `nix-develop` in `/etc/nixos/git` to import new keys +2. To edit a file: `sops secrets/file.yml"` +3. When you add a new machine, you must update the secrets files encryption. + * Run `sops updatekeys secrets/file.yaml` and commit the change. + + # Directory Structure ``` . @@ -83,62 +137,6 @@ Completed ToDo List [here](docs/complete.md) └── gruvbox ``` ---- - -# Information -### Home Manager - * Home Manager Documentation - [Link](https://nix-community.github.io/home-manager/index.html) - * Home Manager Options Search - [Link](https://mipmip.github.io/home-manager-option-search/) - -### NixOS - * NixOS Documentation - Stable - [Link](https://nixos.org/manual/nixos/stable/) - * NixOS Packages / Options Search - [Link](https://search.nixos.org/) - * Nix User Repository (NUR) Search - [Link](https://nur.nix-community.org/) - * ARM NixOS Building - [Link](https://nixos.wiki/wiki/NixOS_on_ARM#NixOS_installation_.26_configuration) - -### Useful Links - * FlakeHub - [Link](https://flakehub.com) - * Track a Nixpkgs PR - [Link](https://nixpk.gs/pr-tracker.html) - * Awesome-Hyprland - [Link](https://github.com/hyprland-community/awesome-hyprland) - -### Examples - * Tons of good examples here - [Link](https://github.com/Mic92/dotfiles/blob/main/nixos/modules/) - * NixOS Flakes Intro Guide - [Link](https://nixos-and-flakes.thiscute.world/) - -### Theming - * Neofetch Themes - [Link](https://github.com/Chick2D/neofetch-themes/) - * gruvbox-factory - [Link](https://github.com/paulopacitti/gruvbox-factory) - * Hyprland Gruvboxy - [Link](https://github.com/0bCdian/Hyprland_dotfiles/tree/gruvboxy) - ---- -# Theming -* To change system-wide themes, see [theming.md](docs/theming.md) - ---- -# GPG Keys -1. Import the user private key: `gpg --import gpg/users/albert/privkey.asc` -2. Mark it as trusted: `gpg --edit-key albert@sysctl.io`, then type `trust`, then `5` -3. On each new machine, run `sudo nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o /etc/nixos/git/keys/hosts/$(hostname).asc"` - * This will output the identifier you add to `.sops.yaml` - * Move `HOSTNAME.asc` to `keys/hosts/` and upload to git and rename accordingly. - -# Secrets -1. To edit a file: cd to `/path/to/nix-files/` and run: - * `nix-shell -p sops --run "sops secrets/secret_file.yml"` - * New shell alias: `sops secrets/secret_file.yml` -2. When you add a new machine, you must update the secrets files encryption. - * Run `cd /etc/nixos/git; nix-shell; sops-update secrets/secrets.yaml` and commit the change. - -# Lanzaboote / SecureBoot -* Instructions here - [Link](https://git.sysctl.io/Mirrors/lanzaboote/src/branch/master/docs/QUICK_START.md) -1. Create your keys: `sbctl create-keys` -2. Verify your machine is ready for SecureBoot: `sbctl verify` - Everything except `*-bzImage.efi` are signed -3. Enter Secureboot Setup mode in your EFI Settings on the motherboard (F10) - * Security -> SecureBoot -> Set to Enabled and "Reset to Setup Mode" and exit -4. Enroll the keys: `sbctl enroll-keys --microsoft` - * If you wish, you can select `--tpm-eventlog`, but checksums will change later (ie, at a kernel rebuild) -5. Reboot and verify you are activated: `bootctl status` - # Other * Waybar inspirations * https://github.com/Pipshag/dotfiles_nord