Repo for nix configuration files
Find a file
2023-09-16 12:11:21 +09:00
home-manager Update btop and tailscale 2023-09-16 08:41:09 +09:00
keys Add nixos-rpi4-01 gpg key 2023-09-15 22:49:56 +09:00
lib Rearrange things 2023-09-15 12:03:35 +09:00
nixos Test 2023-09-16 12:08:02 +09:00
secrets new tailscale secrets 2023-09-15 23:49:45 +00:00
.sops.yaml Add the user 2023-09-15 23:34:18 +09:00
complete.md rearrange 2023-09-01 14:47:11 +09:00
flake.lock sops updates 2023-09-15 14:09:23 +00:00
flake.nix test 2023-09-15 19:19:33 +09:00
README.md test 2023-09-15 23:50:03 +09:00
screenshot.png Add a screenshot 2023-08-31 09:24:50 +09:00
sd-image.nix test 2023-09-16 12:11:21 +09:00
shell.nix This gon' break everything 2023-08-23 14:30:15 +09:00

NixOS Configuration Repository

NOTE: These configs expect this repo to be cloned to /etc/nixos/git/

# First run as root:
git clone https://git.sysctl.io/albert/nix /etc/nixos/git
ln -s /etc/nixos/git/flake.nix /etc/nixos/flake.nix
nixos-rebuild switch --flake '/etc/nixos#<HOSTNAME>'
mkdir /nix/var/nix/profiles/per-user/<USERNAME>

# as <USERNAME>:
home-manager switch -b backup --flake /etc/nixos/git

Gruv'd Hyprland

To Do List

  • Set up IP forwarding via sysctl
    • Sep 15 14:48:33 nixos-rpi4-01 tailscaled-autoconnect-start[103336]: Warning: IP forwarding is disabled, subnet routing/exit nodes will not work.
  • Look into Remote Builds - Link
  • Raspberry Pi 1:
    • Set up Tailscale with pre-auth keys (services.tailscale.authKeyFile, add the key to secrets/secrets.yaml)
      • ${hostname}-tailscale-key
    • Set up sops and gpg
  • Configure GameMode / Gamescope
  • Find a way to remove all default search engines in Firefox (Google, Amazon, etc)
  • Figure out what the home-manager account options are for.
  • Figure out how to get GPG SSH auth working
  • Security hardening
  • cronjob
    • Change wallpaper at a certain time of day
  • emacs
    • Add bracket auto-completion
    • Find a way to have magit save login credentials
  • Try disko - Link
  • btrfs snapshots
  • vscodium and user-config.js file?
  • rofi - bitwarden-cli / bitwarden-menu (Link)

Completed ToDo List here

Configs

Hostname Description Status
nixos-laptop Lenovo P1 Gen 5 Complete
nixos-framework Ryzen 7 Framework 13 Awaiting Hardware
nixos-rpi4-01 Testing Raspberry Pi / ARM In Work

Information

Home Manager

  • Home Manager Documentation - Link
  • Home Manager Options Search - Link

NixOS

  • NixOS Documentation - Stable - Link
  • NixOS Packages / Options Search - Link
  • Nix User Repository (NUR) Search - Link
  • FlakeHub - Link
  • Track a Nixpkgs PR - Link
  • Awesome-Hyprland - Link

Examples

  • Tons of good examples here - Link
  • NixOS Flakes Intro Guide - Link

Theming

  • Neofetch Themes - Link
  • gruvbox-factory - Link
  • Hyprland Gruvboxy - Link

Theming

  • To change system-wide themes, you need to change the following:

  • Current themes:

  1. gruvbox
  2. synthwave

Desktops

gnome

  1. nixos/common/desktops/gnome/default.nix - Change the imports at the bottom.
  2. home-manager/hosts/$HOSTNAME/desktops/gnome-conf.nix - Change the variables at the top.

hyprland

  1. home-manager/hosts/$HOSTNAME/desktops/hyprland/$THEME/hyprland-conf.nix - Change the WALLPAPER_DIR variable in ".config/hypr/start.sh".text
  2. home-manager/hosts/$HOSTNAME/desktops/hyprland/$THEME/hyprland-conf.nix - Change col.active_border and col.inactive_border in the general section.
  3. home-manager/bash.nix - Update the sessionVariable variable GTK_THEME

Software

waybar

  1. home-manager/hosts/$HOSTNAME/desktops/hyprland/$THEME/waybar-conf.nix - Update all relevant colors. Possibly make configs for colorschemes and import them.

swaylock

  1. home-manager/hosts/$HOSTNAME/desktops/hyprland/$THEME/swaylock-conf.nix - Update all relevant colors. Possibly make configs for colorschemes and import them.

kitty

  1. home-manager/common/software/cli/kitty.nix - Update the content of home.file.".config/kitty/theme.conf".text

Firefox

  1. home-manager/common/software/gui/firefox.nix - Change the entry under "# Theming"

btop

  1. home-manager/common/software/cli/btop.nix - Set color_theme

bash / powerline

  1. home-manager/common/software/cli/bash.nix - Set theme in programs.powerline-go.settings

neofetch

  1. home-manager/common/software/cli/neofetch.nix - Update the contents of home.file.".config/neofetch/config.conf".text

wlogout

  1. home-manager/hosts/$HOSTNAME/desktops/hyprland/$THEME/wlogout.nix - Update the style.css section

Text Editors

emacs

  1. home-manager/common/software/cli/doom-emacs.d/packages.el - Include your theme here, if needed
  2. home-manager/common/software/cli/doom-emacs.d/config.el - Set your theme here (setq doom-theme '$THEME_NAME)

neovim

  1. Theming done within vim itself <SPC> t h

GPG Keys

  1. Import the user private key: gpg --import gpg/users/albert/privkey.asc
  2. Mark it as trusted: gpg --edit-key albert@sysctl.io, then type trust, then 5
  3. On each new machine, run sudo nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o /etc/nixos/git/keys/hosts/$(hostname).asc"
    • This will output the identifier you add to .sops.yaml
    • Move HOSTNAME.asc to keys/hosts/ and upload to git and rename accordingly.

Secrets

  1. To edit a file: cd to /path/to/nix-files/ and run:
    • nix-shell -p sops --run "sops secrets/secret_file.yml"
    • New shell alias: sops secrets/secret_file.yml
  2. When you add a new machine, you must update the secrets files encryption.
    • Run sops-update secrets/secrets.yaml and commit the change.

Lanzaboote / SecureBoot

  • Instructions here - Link
  1. Create your keys: sbctl create-keys
  2. Verify your machine is ready for SecureBoot: sbctl verify - Everything except *-bzImage.efi are signed
  3. Enter Secureboot Setup mode in your EFI Settings on the motherboard (F10)
    • Security -> SecureBoot -> Set to Enabled and "Reset to Setup Mode" and exit
  4. Enroll the keys: sbctl enroll-keys --microsoft
    • If you wish, you can select --tpm-eventlog, but checksums will change later (ie, at a kernel rebuild)
  5. Reboot and verify you are activated: bootctl status

Other