Repo for nix configuration files
Find a file
2023-09-22 08:16:40 +09:00
docs Update README 2023-09-21 13:15:42 +09:00
home-manager Update build aliases 2023-09-21 10:36:23 +09:00
keys Setup of: albert@nixos-rpi4-02 2023-09-19 08:00:29 +00:00
lib Break all the things 2023-09-21 21:47:59 +09:00
nixos Testing 2023-09-22 08:16:40 +09:00
secrets Updating Keys 2023-09-19 08:05:13 +00:00
.sops.yaml Test 2023-09-19 17:01:58 +09:00
flake.lock update lock file 2023-09-21 07:45:29 +09:00
flake.nix More dsko testing 2023-09-21 21:01:13 +09:00
README.md Break all the things 2023-09-21 21:47:59 +09:00
screenshot.png Add a screenshot 2023-08-31 09:24:50 +09:00
shell.nix vim 2023-09-21 21:07:25 +09:00

NixOS Configuration Repository

NOTE: These configs expect this repo to be cloned to /etc/nixos/git/

For first-run, see setup.sh

  • Installing a system from the ISO:
HOSTNAME='YourHostnameHere'
curl https://git.sysctl.io/albert/nix/raw/branch/main/nixos/hosts/${HOSTNAME}/disks.nix >> /tmp/disks.nix
echo 'LUKSEncryptionKeyHere' >> /tmp/secret.key
nix run github:nix-community/disko -- --mode disko /tmp/disks.nix
mkdir -p /mnt/etc/nixos/
git clone https://git.sysctl.io/albert/nix /etc/nixos/git
nixos-install --flake /etc/nixos/git#${HOSTNAME} -v --show-trace --no-root-password

Gruv'd Hyprland

To Do List

  • Automated ISO Creation
    • Forgejo Actions
  • Fix Grafana
  • Look into nix develop - Link
  • Build a better dashboard to monitor all my nixified devices
  • Look into Remote Builds - Link
  • Find a way to remove all default search engines in Firefox (Google, Amazon, etc)
  • Figure out what the home-manager account options are for.
  • Security hardening
  • Edit the hosts file
  • cronjob
    • Change wallpaper at a certain time of day
  • emacs
    • Add bracket auto-completion
    • Find a way to have magit save login credentials
  • Try disko - Link
  • btrfs snapshots
  • vscodium and user-config.js file?
  • rofi - bitwarden-cli / bitwarden-menu (Link)

Completed ToDo List here

Directory Structure

.
├── home-manager
│   ├── common
│   │   ├── desktops
│   │   │   └── hyprland
│   │   │       ├── _default
│   │   │       │   └── wlogout
│   │   │       └── gruvbox
│   │   └── software
│   │       ├── cli
│   │       │   └── themes
│   │       │       ├── default
│   │       │       └── gruvbox
│   │       └── gui
│   │           └── themes
│   │               └── gruvbox
│   ├── hosts
│   └── users
│       └── albert
├── keys
│   ├── hosts
│   ├── ssh
│   └── users
├── lib
├── nixos
│   ├── common
│   │   ├── desktops
│   │   │   ├── gnome
│   │   │   │   └── themes
│   │   │   └── hyprland
│   │   ├── modules
│   │   ├── services
│   │   └── software
│   │       ├── cli
│   │       └── gui
│   ├── hosts
│   └── users
├── secrets
└── wallpapers
    ├── colorful
    └── gruvbox

Information

Home Manager

  • Home Manager Documentation - Link
  • Home Manager Options Search - Link

NixOS

  • NixOS Documentation - Stable - Link
  • NixOS Packages / Options Search - Link
  • Nix User Repository (NUR) Search - Link
  • ARM NixOS Building - Link
  • FlakeHub - Link
  • Track a Nixpkgs PR - Link
  • Awesome-Hyprland - Link

Examples

  • Tons of good examples here - Link
  • NixOS Flakes Intro Guide - Link

Theming

  • Neofetch Themes - Link
  • gruvbox-factory - Link
  • Hyprland Gruvboxy - Link

Theming


GPG Keys

  1. Import the user private key: gpg --import gpg/users/albert/privkey.asc
  2. Mark it as trusted: gpg --edit-key albert@sysctl.io, then type trust, then 5
  3. On each new machine, run sudo nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o /etc/nixos/git/keys/hosts/$(hostname).asc"
    • This will output the identifier you add to .sops.yaml
    • Move HOSTNAME.asc to keys/hosts/ and upload to git and rename accordingly.

Secrets

  1. To edit a file: cd to /path/to/nix-files/ and run:
    • nix-shell -p sops --run "sops secrets/secret_file.yml"
    • New shell alias: sops secrets/secret_file.yml
  2. When you add a new machine, you must update the secrets files encryption.
    • Run cd /etc/nixos/git; nix-shell; sops-update secrets/secrets.yaml and commit the change.

Lanzaboote / SecureBoot

  • Instructions here - Link
  1. Create your keys: sbctl create-keys
  2. Verify your machine is ready for SecureBoot: sbctl verify - Everything except *-bzImage.efi are signed
  3. Enter Secureboot Setup mode in your EFI Settings on the motherboard (F10)
    • Security -> SecureBoot -> Set to Enabled and "Reset to Setup Mode" and exit
  4. Enroll the keys: sbctl enroll-keys --microsoft
    • If you wish, you can select --tpm-eventlog, but checksums will change later (ie, at a kernel rebuild)
  5. Reboot and verify you are activated: bootctl status

Other