NixOS Configuration Repository

NOTE: These configs expect this repo to be cloned to /etc/nixos/git/

• Clone this repo

sudo git clone https://git.sysctl.io/albert/nix /etc/nixos/git
sudo chown -R albert:root /etc/nixos/git
# or, with wallpapers
sudo git clone --recursive https://git.sysctl.io/albert/nix /etc/nixos/git
sudo chown -R albert:root /etc/nixos/git

• Installing a system from the ISO:

nixos-install <Hostname> [<Username>]
# or 
./docs/install.sh <Hostname> [<Username>]

• Post install:

nix develop -c /etc/nixos/git/docs/setup.sh

Machines

Name	Description	Status
backups-rpi4	Japan Raspberry Pi 4 for backups from nuc-server	Done
framework-server	sysctl.io - main server, framework 13th gen mainboard	Done
nixos-desktop	My main desktop	Done
nixos-framework	My AMD Framework 13 laptop	Done
nixos-vm-01	A NixOS VM used for testing	Done
nuc-server	Second NUC server at my brothers house	On Hold
osaka-linode-01	Osaka Linode relay for sysctl.io external connections	Done
piaware-rpi4	FlightAware for Raspberry Pi	Done
quitman-rpi4	Raspberry Pi at my parents house. Headscale Exit Node	On Hold

Images

Name	Description	Build Commands
nixos-iso-console	Console ISO image of this flake for installing	nix build .#imageConfigurations.nixos-iso-desktop
nixos-iso-desktop	Desktop ISO image of this flake for installing	nix build .#imageConfigurations.nixos-iso-console
nixos-linode-img	Image of this flake for use on Linode	nix build .#imageConfigurations.nixos-linode-img
nixos-rpi4-img	Image of this flake for use on Raspberry Pi 4's	nix build .#imageConfigurations.nixos-rpi4-img

---

To Do List

Host Specific

framework-server

• Need to set up a new PGP key for use with ProtonMail
• Try this https://www.ntop.org/products/traffic-analysis/ntop/
• Podman mgiration - Potentially use nix-defined containers.

Packaging

• Try packaging BoxBuddy - Link

General

• nixified.ai - https://github.com/nixified-ai/flake
• Security hardening / scans / etc
• Edit the hosts file/config/workspace/nix/home-manager/common/software/cli/themes
• Replace RSA keys with ED25519 keys where possible

Forgejo

• Set up actions/forgejo-release - Link

Home-Manager

• Figure out what the home-manager account options are for.
• home-manager/common/software/cli/bash.nix - Break this out for theming -- Currently statically set to 'gruvbox'

Desktop / GUI

• Syncthing + Logseq
• vscodium and user-config.js file?
  • extensionsFromVscodeMarketplace
  • https://github.com/jasoncrevier/nixos-config/blob/main/home-manager/home.nix
  • https://nixos.wiki/wiki/Visual_Studio_Code
  • https://github.com/nix-community/nix-vscode-extensions
• rofi - bitwarden-cli / bitwarden-menu (Link)
• Try this - Nix colors - Link
• Or this - stylix - Link
• Find a way to remove all default search engines in Firefox (Google, Amazon, etc)
• xfce4 configs - ~/.config/xfce4

Completed ToDo List here

---

Information

Home Manager

• Home Manager Documentation - Link
• Home Manager Options Search - Link

NixOS

• nix.dev - Official Nix Documentation - Link
• NixOS Documentation - Stable - Link
• NixOS Packages / Options Search - Link
• Nix User Repository (NUR) Search - Link
• ARM NixOS Building - Link
• NixOS Manual - Link

Useful Links

• FlakeHub - Link
• Flakestry.dev - Link
• Track a Nixpkgs PR - Link
• Awesome-Hyprland - Link

Examples

• Tons of good examples here - Link
• NixOS Flakes Intro Guide - Link

Theming

• Neofetch Themes - Link
• gruvbox-factory - Link
• Hyprland Gruvboxy - Link
• Stylix - Link
• Nix colors - Link
• Hyprland Inspirations
  • Aylur - Link

---

Theming

• To change system-wide themes, see theming.md

---

Lanzaboote / SecureBoot

• Instructions here - Link

1. Create your keys: sbctl create-keys
2. Verify your machine is ready for SecureBoot: sbctl verify - Everything except *-bzImage.efi are signed
3. Enter Secureboot Setup mode in your EFI Settings on the motherboard (F10)
   • Security -> SecureBoot -> Set to Enabled and "Reset to Setup Mode" and exit
4. Enroll the keys: sbctl enroll-keys --microsoft
   • If you wish, you can select --tpm-eventlog, but checksums will change later (ie, at a kernel rebuild)
5. Reboot and verify you are activated: bootctl status

Manual: GPG Keys

1. Import the user private key: gpg --import gpg/users/albert/privkey.asc
2. Mark it as trusted: gpg --edit-key albert@sysctl.io, then type trust, then 5
3. On each new machine, run sudo nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o /etc/nixos/git/keys/hosts/$(hostname).asc"
   • This will output the identifier you add to .sops.yaml
   • Move HOSTNAME.asc to keys/hosts/ and upload to git and rename accordingly.

Secrets

1. Run nix-develop in /etc/nixos/git to import new keys
2. To edit a file: sops secrets/file.yml"
3. When you add a new machine, you must update the secrets files encryption.
   • Run sops updatekeys secrets/file.yaml and commit the change.

Troubleshooting

1. To troubleshoot disko issues, this command can come in handy:

 nix eval .#nixosConfigurations.[CONFIG_NAME].config.disko.devices._config

Directory Structure

├── docs
├── home-manager
│   ├── common
│   │   ├── desktops
│   │   │   ├── gnome
│   │   │   │   ├── common
│   │   │   │   └── themes
│   │   │   ├── hyprland
│   │   │   │   ├── common
│   │   │   │   └── themes
│   │   │   └── xfce
│   │   │       ├── common
│   │   │       └── themes
│   │   └── software
│   │       ├── cli
│   │       │   └── themes
│   │       └── gui
│   │           └── themes
│   ├── hosts
│   └── users
├── keys
│   ├── hosts
│   ├── ssh
│   └── users
├── lib
├── nixos
│   ├── common
│   │   ├── desktops
│   │   │   ├── gnome
│   │   │   ├── hyprland
│   │   │   └── xfce
│   │   ├── modules
│   │   ├── services
│   │   └── software
│   │       ├── cli
│   │       └── gui
│   ├── hosts
│   └── users
├── secrets
└── wallpapers