Repo for nix configuration files
desktops | ||
home-manager | ||
hosts | ||
keys | ||
modules | ||
secrets | ||
services | ||
software | ||
users | ||
.sops.yaml | ||
configuration.nix | ||
flake.nix | ||
README.md |
NixOS Configuration Repository
Repo for nix configuration files
To Do List
[ ] tmux config / theming [ ] waybar config / theming [ ] hyprland config / theming [ ] powerline config / theming [ ] nvidia drivers [ ] other things I'm probably forgetting
Information
Home Manager
NixOS
- NixOS Documentation - Stable - Link
- NixOS Packages / Options Search - Link
- Nix User Repository (NUR) Search - Link
Examples / Useful Links
Theming
- To change system-wide themes, you need to change the following:
gnome
desktops/gnome.nix
- Change the imports at the bottom.users/albert/gnome-dconf.nix
- Change the theme variants in the following:org/gnome/shell/extensions/nightthemeswitcher/gtk-variants
org/gnome/shell/extensions/nightthemeswitcher/icon-variants
org/gnome/shell/extensions/nightthemeswitcher/shell-variants
neovim
home-manager/neovim.nix
- Change the following:plugins = with pkgs.vimPlugins
- Add your theme under "Themes"extraConfig
- Change thecolorscheme
andAirlineTheme
sections
tmux / powerline
- WIP
hyprland / waybar
- WIP
Firefox
home-manager/firefox.nix
- Change the entry under "# Theming"
GPG Keys
-
Import the user private key:
gpg import gpg/users/albert/privkey.asc
-
Mark it as trusted:
gpg --edit-key albert@sysctl.io
, then typetrust
, then5
-
Import your GPG key
albert.key
-
Add it to your GPG Keyring via
gpg --import albert.key
-
Mark it as ultimately trusted via
gpg --edit-key albert@sysctl.io
, then typetrust
, then5
-
Repeat this step for all users who need a GPG key assigned
SOPS Secrets
- To edit a file: cd to
/path/to/nix-files/
and run:nix-shell -p sops --run "sops secrets/secret_file.yml
- New shell alias:
sops secrets/secret_file.yml
- Ensure your GPG keys are set up.
Lanzaboote / SecureBoot
- Instructions here - Link
- Create your keys:
sbctl create-keys
- Verify your machine is ready for SecureBoot:
sbctl verify
- Everything except*-bzImage.efi
are signed - Enter Secureboot Setup mode in your EFI Settings on the motherboard (F10)
- Security -> SecureBoot -> Set to Enabled and "Reset to Setup Mode" and exit
- Enroll the keys:
sbctl enroll-keys --microsoft
- If you wish, you acan select --tpm-eventlog, but checksums will change later (ie, at a kernel rebuild)
- Reboot and verify you are activated:
bootctl status