Repo for nix configuration files
Find a file
2023-08-11 11:01:58 +09:00
desktops Add firewall rule for gnome-remote-desktop 2023-07-13 21:07:53 +09:00
home-manager Add nix-shell alias 2023-07-15 22:17:43 +09:00
hosts Testing master nixpkgs 2023-08-11 11:01:58 +09:00
keys Update pubkeys 2023-07-05 13:09:33 +09:00
modules Comments 2023-08-05 22:07:38 +09:00
secrets Testing 2023-07-05 19:49:29 +09:00
services Rearrange and update 2023-07-12 23:41:12 +09:00
software test 2023-07-06 12:35:33 +09:00
users test 2023-07-13 18:25:41 +09:00
.sops.yaml add machine to sops 2023-07-05 13:12:30 +09:00
configuration.nix add docs 2023-07-26 21:42:33 +09:00
flake.nix Testing master nixpkgs 2023-08-11 11:01:58 +09:00
README.md add docs 2023-07-12 15:13:20 +09:00

NixOS Configuration Repository

Repo for nix configuration files

Information

  • Home Manager Documentation - Link
  • Home Manager Options Search - Link
  • NixOS Documentation - Stable - Link
  • NixOS Packages / Options Search - Link
  • Nix User Repository (NUR) Search - Link
  • Tons of good examples here - Link

Theming

  • To change system-wide themes, you need to change the following:
    1. desktops/gnome.nix - Change the imports at the bottom.
    2. users/albert/gnome-dconf.nix - Change the theme variants in the following:
      • org/gnome/shell/extensions/nightthemeswitcher/gtk-variants
      • org/gnome/shell/extensions/nightthemeswitcher/icon-variants
      • org/gnome/shell/extensions/nightthemeswitcher/shell-variants
    3. common/dotfiles/neovim.nix - Change the following:
      • plugins = with pkgs.vimPlugins - Add your theme under "Themes"
      • extraConfig - Change the colorscheme section

GPG Keys

  1. Import your GPG key albert.key
  2. Add it to your GPG Keyring via gpg --import albert.key
  3. Mark it as ultimately trusted via gpg --edit-key albert@sysctl.io, then type trust, then 5
  4. Repeat this step for all users who need a GPG key assigned

SOPS Secrets

  1. To edit a file: cd to /path/to/nix-files/ and run:
    • nix-shell -p sops --run "sops secrets/secret_file.yml
    • New shell alias: sops secrets/secret_file.yml
  2. Ensure your GPG keys are set up.

Lanzaboote / SecureBoot

  • Instructions here - Link
  1. Create your keys: sbctl create-keys
  2. Verify your machine is ready for SecureBoot: sbctl verify - Everything except *-bzImage.efi are signed
  3. Enter Secureboot Setup mode in your EFI Settings on the motherboard (F10)
    • Security -> SecureBoot -> Set to Enabled and "Reset to Setup Mode" and exit
  4. Enroll the keys: sbctl enroll-keys --microsoft
    • If you wish, you acan select --tpm-eventlog, but checksums will change later (ie, at a kernel rebuild)
  5. Reboot and verify you are activated: bootctl status