NixOS Configuration Repository
NOTE: These configs expect this repo to be cloned to /etc/nixos/git/
sudo git clone https://git.sysctl.io/albert/nix /etc/nixos/git
sudo chown -R albert:root /etc/nixos/git
# or, with wallpapers
sudo git clone --recursive https://git.sysctl.io/albert/nix /etc/nixos/git
sudo chown -R albert:root /etc/nixos/git
- Installing a system from the ISO:
nixos-install <Hostname> [<Username>]
# or
./docs/install.sh <Hostname> [<Username>]
nix develop -c /etc/nixos/git/docs/setup.sh
Machines
Name |
Description |
Status |
backups-rpi4 |
Japan Raspberry Pi 4 for backups from nuc-server |
Done |
framework-server |
sysctl.io - main server, framework 13th gen mainboard |
Done |
nixos-desktop |
My main desktop |
Done |
nixos-framework |
My AMD Framework 13 laptop |
Done |
nixos-vm-01 |
A NixOS VM used for testing |
Done |
osaka-linode-01 |
Osaka Linode relay for sysctl.io external connections |
Done |
piaware-rpi4 |
FlightAware for Raspberry Pi |
Done |
quitman-rpi4 |
Raspberry Pi at my parents house. Headscale Exit Node |
On Hold |
nuc-server |
Second NUC server at my brothers house |
On Hold |
Images
Name |
Description |
Build Commands |
nixos-iso-console |
Console ISO image of this flake for installing |
nix build .#imageConfigurations.nixos-iso-console |
nixos-iso-desktop |
Gnome ISO image of this flake for installing |
nix build .#imageConfigurations.nixos-iso-desktop |
nixos-linode-img |
Image of this flake for use on Linode |
nix build .#imageConfigurations.nixos-linode-img |
nixos-rpi4-img |
Image of this flake for use on Raspberry Pi 4's |
nix build .#imageConfigurations.nixos-rpi4-img |
To Do List
Host Specific
framework-server
Packaging
General
Home-Manager
Desktop / GUI
Completed ToDo List here
Information
Home Manager
- Home Manager Documentation - Link
- Home Manager Options Search - Link
NixOS
- nix.dev - Official Nix Documentation - Link
- NixOS Documentation - Stable - Link
- NixOS Packages / Options Search - Link
- Nix User Repository (NUR) Search - Link
- ARM NixOS Building - Link
- NixOS Manual - Link
Useful Links
- FlakeHub - Link
- Flakestry.dev - Link
- Track a Nixpkgs PR - Link
- Awesome-Hyprland - Link
Examples
- Tons of good examples here - Link
- NixOS Flakes Intro Guide - Link
Theming
- Neofetch Themes - Link
- Stylix - Link
- Hyprland Inspirations
- Base16 Color Schemes - Link
Lanzaboote / SecureBoot
Generic Instructions:
- Create your keys:
sbctl create-keys
- Verify your machine is ready for SecureBoot:
sbctl verify
- Everything except *-bzImage.efi
are signed
- Enter Secureboot Setup mode in your EFI Settings on the motherboard (F10)
- Security -> SecureBoot -> Set to Enabled and "Reset to Setup Mode" and exit
- Enroll the keys:
sbctl enroll-keys --microsoft
- If you wish, you can select
--tpm-eventlog
, but checksums will change later (ie, at a kernel rebuild)
- Reboot and verify you are activated:
bootctl status
Framework Specific:
- Change boot import from
boot.nix
to secureboot.nix
in ./nixos/hosts/<hostname>/default.nix
- Run
rebuild-host
to switch from boot.nix
to secureboot.nix
- Reboot into EUFI and set SecureBoot settings to:
- Enforce Secure Boot - Enabled
- Erase all Secure Boot Settings - Enabled
- Restore Secure Boot to Factory Settings - Disabled
- Save and reboot
- Run
sudo sbctl create-keys
- Run
sudo sbctl enroll-keys
Manual: GPG Keys
- Import the user private key:
gpg --import gpg/users/albert/privkey.asc
- Mark it as trusted:
gpg --edit-key albert@sysctl.io
, then type trust
, then 5
- On each new machine, run
sudo nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o /etc/nixos/git/keys/hosts/$(hostname).asc"
- This will output the identifier you add to
.sops.yaml
- Move
HOSTNAME.asc
to keys/hosts/
and upload to git and rename accordingly.
Secrets
- Run
nix-develop
in /etc/nixos/git
to import new keys
- To edit a file:
sops secrets/file.yml"
- When you add a new machine, you must update the secrets files encryption.
- Run
sops updatekeys secrets/file.yaml
and commit the change.
Troubleshooting
- To troubleshoot disko issues, this command can come in handy:
nix eval .#nixosConfigurations.`hostname`.config.disko.devices._config
Directory Structure
/etc/nixos/git/
├── docs
├── home-manager
│ ├── common
│ │ ├── desktops
│ │ │ ├── gnome
│ │ │ ├── hyprland
│ │ │ │ ├── assets
│ │ │ │ └── components
│ │ │ └── plasma6
│ │ └── software
│ │ ├── cli
│ │ └── gui
│ ├── hosts
│ └── users
│ └── albert
├── keys
│ ├── hosts
│ ├── ssh
│ └── users
├── lib
├── nixos
│ ├── common
│ │ ├── desktops
│ │ │ ├── gnome
│ │ │ ├── hyprland
│ │ │ └── plasma6
│ │ ├── modules
│ │ ├── services
│ │ └── software
│ │ ├── cli
│ │ └── gui
│ ├── hosts
│ └── users
│ └── albert
├── secrets
├── stylix
└── wallpapers