3.4 KiB
3.4 KiB
NixOS Configuration Repository
Repo for nix configuration files
To Do List
- tmux config / theming
- waybar config / theming
- hyprland config / theming
- powerline config / theming
- neofetch config / theming
- weechat / weechat-matrix
- nvidia drivers
- btop config / theming
- other things I'm probably forgetting
Information
Home Manager
NixOS
- NixOS Documentation - Stable - Link
- NixOS Packages / Options Search - Link
- Nix User Repository (NUR) Search - Link
Examples / Useful Links
Theming
- To change system-wide themes, you need to change the following:
gnome
desktops/gnome.nix
- Change the imports at the bottom.users/albert/gnome-dconf.nix
- Change the theme variants in the following:org/gnome/shell/extensions/nightthemeswitcher/gtk-variants
org/gnome/shell/extensions/nightthemeswitcher/icon-variants
org/gnome/shell/extensions/nightthemeswitcher/shell-variants
neovim
home-manager/neovim.nix
- Change the following:plugins = with pkgs.vimPlugins
- Add your theme under "Themes"extraConfig
- Change thecolorscheme
andAirlineTheme
sections
tmux / powerline
- WIP
hyprland / waybar
- WIP
Firefox
home-manager/firefox.nix
- Change the entry under "# Theming"
GPG Keys
- Import the user private key:
gpg import gpg/users/albert/privkey.asc
- Mark it as trusted:
gpg --edit-key albert@sysctl.io
, then typetrust
, then5
- On each new machine, run
nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o HOSTNAME.asc"
- This will output the identifier you add to
.sops.yaml
- Move
HOSTNAME.asc
tokeys/hosts/
and upload to git and rename accordingly.
- This will output the identifier you add to
Secrets
- To edit a file: cd to
/path/to/nix-files/
and run:nix-shell -p sops --run "sops secrets/secret_file.yml"
- New shell alias:
sops secrets/secret_file.yml
- When you add a new machine, you must update the secrets files encryption.
- Run
sops-update secrets/secrets.yaml
and commit the change.
- Run
Lanzaboote / SecureBoot
- Instructions here - Link
- Create your keys:
sbctl create-keys
- Verify your machine is ready for SecureBoot:
sbctl verify
- Everything except*-bzImage.efi
are signed - Enter Secureboot Setup mode in your EFI Settings on the motherboard (F10)
- Security -> SecureBoot -> Set to Enabled and "Reset to Setup Mode" and exit
- Enroll the keys:
sbctl enroll-keys --microsoft
- If you wish, you acan select --tpm-eventlog, but checksums will change later (ie, at a kernel rebuild)
- Reboot and verify you are activated:
bootctl status