6.8 KiB
6.8 KiB
NixOS Configuration Repository
NOTE: These configs expect this repo to be cloned to /etc/nixos/git/
# First run as root:
git clone https://git.sysctl.io/albert/nix /etc/nixos/git
ln -s /etc/nixos/git/flake.nix /etc/nixos/flake.nix
nixos-rebuild switch --flake '/etc/nixos#<HOSTNAME>'
mkdir /nix/var/nix/profiles/per-user/<USERNAME>
# as <USERNAME>:
home-manager switch -b backup --flake /etc/nixos/git
To Do List
- Set up IP forwarding via sysctl
- Sep 15 14:48:33 nixos-rpi4-01 tailscaled-autoconnect-start[103336]: Warning: IP forwarding is disabled, subnet routing/exit nodes will not work.
- Look into Remote Builds - Link
- Raspberry Pi 1:
- Set up Tailscale with pre-auth keys (services.tailscale.authKeyFile, add the key to secrets/secrets.yaml)
${hostname}-tailscale-key
- Set up sops and gpg
- Set up Tailscale with pre-auth keys (services.tailscale.authKeyFile, add the key to secrets/secrets.yaml)
- Configure GameMode / Gamescope
- Find a way to remove all default search engines in Firefox (Google, Amazon, etc)
- Figure out what the home-manager
account
options are for. - Figure out how to get GPG SSH auth working
- Security hardening
- cronjob
- Change wallpaper at a certain time of day
- emacs
- Add bracket auto-completion
- Find a way to have magit save login credentials
- Try disko - Link
- btrfs snapshots
- vscodium and user-config.js file?
- rofi - bitwarden-cli / bitwarden-menu (Link)
Completed ToDo List here
Configs
Hostname | Description | Status |
---|---|---|
nixos-laptop | Lenovo P1 Gen 5 | Complete |
nixos-framework | Ryzen 7 Framework 13 | Awaiting Hardware |
nixos-rpi4-01 | Testing Raspberry Pi / ARM | In Work |
Information
Home Manager
NixOS
- NixOS Documentation - Stable - Link
- NixOS Packages / Options Search - Link
- Nix User Repository (NUR) Search - Link
Useful Links
Examples
Theming
Theming
-
To change system-wide themes, you need to change the following:
-
Current themes:
- gruvbox
- synthwave
Desktops
gnome
nixos/common/desktops/gnome/default.nix
- Change the imports at the bottom.home-manager/hosts/$HOSTNAME/desktops/gnome-conf.nix
- Change the variables at the top.
hyprland
home-manager/hosts/$HOSTNAME/desktops/hyprland/$THEME/hyprland-conf.nix
- Change theWALLPAPER_DIR
variable in".config/hypr/start.sh".text
home-manager/hosts/$HOSTNAME/desktops/hyprland/$THEME/hyprland-conf.nix
- Changecol.active_border
andcol.inactive_border
in thegeneral
section.home-manager/bash.nix
- Update thesessionVariable
variableGTK_THEME
Software
waybar
home-manager/hosts/$HOSTNAME/desktops/hyprland/$THEME/waybar-conf.nix
- Update all relevant colors. Possibly make configs for colorschemes and import them.
swaylock
home-manager/hosts/$HOSTNAME/desktops/hyprland/$THEME/swaylock-conf.nix
- Update all relevant colors. Possibly make configs for colorschemes and import them.
kitty
home-manager/common/software/cli/kitty.nix
- Update the content ofhome.file.".config/kitty/theme.conf".text
Firefox
home-manager/common/software/gui/firefox.nix
- Change the entry under "# Theming"
btop
home-manager/common/software/cli/btop.nix
- Setcolor_theme
bash / powerline
home-manager/common/software/cli/bash.nix
- Settheme
inprograms.powerline-go.settings
neofetch
home-manager/common/software/cli/neofetch.nix
- Update the contents ofhome.file.".config/neofetch/config.conf".text
wlogout
home-manager/hosts/$HOSTNAME/desktops/hyprland/$THEME/wlogout.nix
- Update thestyle.css
section
Text Editors
emacs
home-manager/common/software/cli/doom-emacs.d/packages.el
- Include your theme here, if neededhome-manager/common/software/cli/doom-emacs.d/config.el
- Set your theme here(setq doom-theme '$THEME_NAME)
neovim
- Theming done within vim itself
<SPC> t h
GPG Keys
- Import the user private key:
gpg --import gpg/users/albert/privkey.asc
- Mark it as trusted:
gpg --edit-key albert@sysctl.io
, then typetrust
, then5
- On each new machine, run
sudo nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o /etc/nixos/git/keys/hosts/$(hostname).asc"
- This will output the identifier you add to
.sops.yaml
- Move
HOSTNAME.asc
tokeys/hosts/
and upload to git and rename accordingly.
- This will output the identifier you add to
Secrets
- To edit a file: cd to
/path/to/nix-files/
and run:nix-shell -p sops --run "sops secrets/secret_file.yml"
- New shell alias:
sops secrets/secret_file.yml
- When you add a new machine, you must update the secrets files encryption.
- Run
sops-update secrets/secrets.yaml
and commit the change.
- Run
Lanzaboote / SecureBoot
- Instructions here - Link
- Create your keys:
sbctl create-keys
- Verify your machine is ready for SecureBoot:
sbctl verify
- Everything except*-bzImage.efi
are signed - Enter Secureboot Setup mode in your EFI Settings on the motherboard (F10)
- Security -> SecureBoot -> Set to Enabled and "Reset to Setup Mode" and exit
- Enroll the keys:
sbctl enroll-keys --microsoft
- If you wish, you can select
--tpm-eventlog
, but checksums will change later (ie, at a kernel rebuild)
- If you wish, you can select
- Reboot and verify you are activated:
bootctl status