Repo for nix configuration files
desktops | ||
home-manager | ||
hosts | ||
keys | ||
modules | ||
secrets | ||
services | ||
software | ||
users | ||
.sops.yaml | ||
configuration.nix | ||
flake.nix | ||
README.md |
NixOS Configuration Repository
Repo for nix configuration files
Information
- Home Manager Documentation - Link
- Home Manager Options Search - Link
- NixOS Documentation - Stable - Link
- NixOS Packages / Options Search - Link
- Nix User Repository (NUR) Search - Link
- Tons of good examples here - Link
- Track a Nixpkgs PR - Link
- NixOS Flakes Intro Guide - Link
Theming
- To change system-wide themes, you need to change the following:
desktops/gnome.nix
- Change the imports at the bottom.users/albert/gnome-dconf.nix
- Change the theme variants in the following:org/gnome/shell/extensions/nightthemeswitcher/gtk-variants
org/gnome/shell/extensions/nightthemeswitcher/icon-variants
org/gnome/shell/extensions/nightthemeswitcher/shell-variants
common/dotfiles/neovim.nix
- Change the following:plugins = with pkgs.vimPlugins
- Add your theme under "Themes"extraConfig
- Change thecolorscheme
section
GPG Keys
- Import your GPG key
albert.key
- Add it to your GPG Keyring via
gpg --import albert.key
- Mark it as ultimately trusted via
gpg --edit-key albert@sysctl.io
, then typetrust
, then5
- Repeat this step for all users who need a GPG key assigned
SOPS Secrets
- To edit a file: cd to
/path/to/nix-files/
and run:nix-shell -p sops --run "sops secrets/secret_file.yml
- New shell alias:
sops secrets/secret_file.yml
- Ensure your GPG keys are set up.
Lanzaboote / SecureBoot
- Instructions here - Link
- Create your keys:
sbctl create-keys
- Verify your machine is ready for SecureBoot:
sbctl verify
- Everything except*-bzImage.efi
are signed - Enter Secureboot Setup mode in your EFI Settings on the motherboard (F10)
- Security -> SecureBoot -> Set to Enabled and "Reset to Setup Mode" and exit
- Enroll the keys:
sbctl enroll-keys --microsoft
- If you wish, you acan select --tpm-eventlog, but checksums will change later (ie, at a kernel rebuild)
- Reboot and verify you are activated:
bootctl status