6.1 KiB
6.1 KiB
NixOS Configuration Repository
NOTE: These configs expect this repo to be cloned to /etc/nixos/git/
For first-run, see setup.sh
- Installing a system from the ISO:
nixos-install <Hostname> [<Username>]
HOSTNAME='YourHostnameHere'
curl https://git.sysctl.io/albert/nix/raw/branch/main/nixos/hosts/${HOSTNAME}/disks.nix >> /tmp/disks.nix
echo 'LUKSEncryptionKeyHere' >> /tmp/secret.key
nix run github:nix-community/disko -- --mode disko /tmp/disks.nix
mkdir -p /mnt/etc/nixos/
git clone https://git.sysctl.io/albert/nix /etc/nixos/git
nixos-install --flake /etc/nixos/git#${HOSTNAME} -v --show-trace --no-root-password
To Do List
- vscode / emacs
- Add the nix lsp - Link
- Automated ISO Creation
- Forgejo Actions
- Fix Grafana
- Look into
nix develop- Link - Build a better dashboard to monitor all my nixified devices
- Look into Remote Builds - Link
- Find a way to remove all default search engines in Firefox (Google, Amazon, etc)
- Figure out what the home-manager
accountoptions are for. - Security hardening
- Edit the hosts file
- cronjob
- Change wallpaper at a certain time of day
- emacs
- Add bracket auto-completion
- Find a way to have magit save login credentials
- Try disko - Link
- btrfs snapshotsd
- vscodium and user-config.js file?
- rofi - bitwarden-cli / bitwarden-menu (Link)
Completed ToDo List here
Directory Structure
.
├── home-manager
│ ├── common
│ │ ├── desktops
│ │ │ └── hyprland
│ │ │ ├── _default
│ │ │ │ └── wlogout
│ │ │ └── gruvbox
│ │ └── software
│ │ ├── cli
│ │ │ └── themes
│ │ │ ├── default
│ │ │ └── gruvbox
│ │ └── gui
│ │ └── themes
│ │ └── gruvbox
│ ├── hosts
│ └── users
│ └── albert
├── keys
│ ├── hosts
│ ├── ssh
│ └── users
├── lib
├── nixos
│ ├── common
│ │ ├── desktops
│ │ │ ├── gnome
│ │ │ │ └── themes
│ │ │ └── hyprland
│ │ ├── modules
│ │ ├── services
│ │ └── software
│ │ ├── cli
│ │ └── gui
│ ├── hosts
│ └── users
├── secrets
└── wallpapers
├── colorful
└── gruvbox
Information
Home Manager
NixOS
- NixOS Documentation - Stable - Link
- NixOS Packages / Options Search - Link
- Nix User Repository (NUR) Search - Link
- ARM NixOS Building - Link
Useful Links
Examples
Theming
Theming
- To change system-wide themes, see theming.md)
GPG Keys
- Import the user private key:
gpg --import gpg/users/albert/privkey.asc - Mark it as trusted:
gpg --edit-key albert@sysctl.io, then typetrust, then5 - On each new machine, run
sudo nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o /etc/nixos/git/keys/hosts/$(hostname).asc"- This will output the identifier you add to
.sops.yaml - Move
HOSTNAME.asctokeys/hosts/and upload to git and rename accordingly.
- This will output the identifier you add to
Secrets
- To edit a file: cd to
/path/to/nix-files/and run:nix-shell -p sops --run "sops secrets/secret_file.yml"- New shell alias:
sops secrets/secret_file.yml
- When you add a new machine, you must update the secrets files encryption.
- Run
cd /etc/nixos/git; nix-shell; sops-update secrets/secrets.yamland commit the change.
- Run
Lanzaboote / SecureBoot
- Instructions here - Link
- Create your keys:
sbctl create-keys - Verify your machine is ready for SecureBoot:
sbctl verify- Everything except*-bzImage.efiare signed - Enter Secureboot Setup mode in your EFI Settings on the motherboard (F10)
- Security -> SecureBoot -> Set to Enabled and "Reset to Setup Mode" and exit
- Enroll the keys:
sbctl enroll-keys --microsoft- If you wish, you can select
--tpm-eventlog, but checksums will change later (ie, at a kernel rebuild)
- If you wish, you can select
- Reboot and verify you are activated:
bootctl status