NixOS Configuration Repository
NOTE: These configs expect this repo to be cloned to /etc/nixos/git/
For first-run, see setup.sh
Building
- To build the Raspberry Pi image:
nix build .#nixosConfigurations.nixos-rpi4-img.config.system.build.sdImage
- The resulting .img will be in
result/sd-image/*.img.zst
To Do List
Completed ToDo List here
Directory structure
.
├── home-manager
│ ├── common
│ │ ├── desktops
│ │ │ └── hyprland
│ │ │ ├── _default
│ │ │ │ └── wlogout
│ │ │ └── gruvbox
│ │ └── software
│ │ ├── cli
│ │ │ └── themes
│ │ │ ├── default
│ │ │ │ └── doom-emacs.d
│ │ │ └── gruvbox
│ │ │ └── doom-emacs.d
│ │ └── gui
│ │ └── themes
│ │ └── gruvbox
│ ├── hosts
│ │ └── nixos-laptop
│ │ └── desktops
│ │ ├── gnome
│ │ └── hyprland
│ │ ├── gruvbox
│ │ └── waybar
│ └── users
│ └── albert
├── keys
│ ├── hosts
│ ├── ssh
│ └── users
├── lib
├── nixos
│ ├── common
│ │ ├── desktops
│ │ │ ├── gnome
│ │ │ │ └── themes
│ │ │ └── hyprland
│ │ ├── modules
│ │ ├── services
│ │ └── software
│ │ ├── cli
│ │ └── gui
│ ├── hosts
│ │ ├── nixos-desktop
│ │ ├── nixos-laptop
│ │ ├── nixos-rpi4-01
│ │ ├── nixos-rpi4-02
│ │ ├── nixos-rpi4-03
│ │ ├── nixos-rpi4-img
│ │ └── nixos-vm-01
│ └── users
│ └── albert
├── secrets
└── wallpapers
├── colorful
└── gruvbox
Configs
Hostname |
Description |
Status |
nixos-laptop |
Lenovo P1 Gen 5 |
Complete |
nixos-framework |
Ryzen 7 Framework 13 |
Awaiting Hardware |
nixos-rpi4-01 |
Testing Raspberry Pi / ARM |
In Work |
nixos-vm-01 |
VM for building images |
In Work |
Information
Home Manager
- Home Manager Documentation - Link
- Home Manager Options Search - Link
NixOS
- NixOS Documentation - Stable - Link
- NixOS Packages / Options Search - Link
- Nix User Repository (NUR) Search - Link
- ARM NixOS Building - Link
Useful Links
- FlakeHub - Link
- Track a Nixpkgs PR - Link
- Awesome-Hyprland - Link
Examples
- Tons of good examples here - Link
- NixOS Flakes Intro Guide - Link
Theming
- Neofetch Themes - Link
- gruvbox-factory - Link
- Hyprland Gruvboxy - Link
Theming
Name |
Description |
Desktops |
Status |
default |
No theming applied |
All |
Complete |
gruvbox |
Fall / Retro groovy theme |
Hyprland/Gnome |
Hyprland Complete, Gnome WIP |
synth |
Synthwave / Cyberpunk theme |
Hyprland/Gnome |
Work in Progress |
- To change system-wide themes, you need to change the following:
Desktops
gnome
nixos/common/desktops/gnome/default.nix
- Change the imports at the bottom.
home-manager/hosts/$HOSTNAME/desktops/gnome-conf.nix
- Change the variables at the top.
hyprland
home-manager/hosts/$HOSTNAME/desktops/hyprland/$THEME/hyprland-conf.nix
- Change the WALLPAPER_DIR
variable in ".config/hypr/start.sh".text
home-manager/hosts/$HOSTNAME/desktops/hyprland/$THEME/hyprland-conf.nix
- Change col.active_border
and col.inactive_border
in the general
section.
home-manager/bash.nix
- Update the sessionVariable
variable GTK_THEME
Software
waybar
home-manager/hosts/$HOSTNAME/desktops/hyprland/$THEME/waybar-conf.nix
- Update all relevant colors. Possibly make configs for colorschemes and import them.
swaylock
home-manager/hosts/$HOSTNAME/desktops/hyprland/$THEME/swaylock-conf.nix
- Update all relevant colors. Possibly make configs for colorschemes and import them.
kitty
home-manager/common/software/cli/kitty.nix
- Update the content of home.file.".config/kitty/theme.conf".text
Firefox
home-manager/common/software/gui/firefox.nix
- Change the entry under "# Theming"
btop
home-manager/common/software/cli/btop.nix
- Set color_theme
bash / powerline
home-manager/common/software/cli/bash.nix
- Set theme
in programs.powerline-go.settings
neofetch
home-manager/common/software/cli/neofetch.nix
- Update the contents of home.file.".config/neofetch/config.conf".text
wlogout
home-manager/hosts/$HOSTNAME/desktops/hyprland/$THEME/wlogout.nix
- Update the style.css
section
Text Editors
emacs
home-manager/common/software/cli/doom-emacs.d/packages.el
- Include your theme here, if needed
home-manager/common/software/cli/doom-emacs.d/config.el
- Set your theme here (setq doom-theme '$THEME_NAME)
neovim
- Theming done within vim itself
<SPC> t h
GPG Keys
- Import the user private key:
gpg --import gpg/users/albert/privkey.asc
- Mark it as trusted:
gpg --edit-key albert@sysctl.io
, then type trust
, then 5
- On each new machine, run
sudo nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o /etc/nixos/git/keys/hosts/$(hostname).asc"
- This will output the identifier you add to
.sops.yaml
- Move
HOSTNAME.asc
to keys/hosts/
and upload to git and rename accordingly.
Secrets
- To edit a file: cd to
/path/to/nix-files/
and run:
nix-shell -p sops --run "sops secrets/secret_file.yml"
- New shell alias:
sops secrets/secret_file.yml
- When you add a new machine, you must update the secrets files encryption.
- Run
cd /etc/nixos/git; nix-shell; sops-update secrets/secrets.yaml
and commit the change.
Lanzaboote / SecureBoot
- Create your keys:
sbctl create-keys
- Verify your machine is ready for SecureBoot:
sbctl verify
- Everything except *-bzImage.efi
are signed
- Enter Secureboot Setup mode in your EFI Settings on the motherboard (F10)
- Security -> SecureBoot -> Set to Enabled and "Reset to Setup Mode" and exit
- Enroll the keys:
sbctl enroll-keys --microsoft
- If you wish, you can select
--tpm-eventlog
, but checksums will change later (ie, at a kernel rebuild)
- Reboot and verify you are activated:
bootctl status
Other