Skip to content

stfl/dotfiles

BranchesTags

Repository files navigation

My NixOS configuration

Quick Start

Apply configuration changes:

just switch

Update

Update the flake inputs and rebuild:

just update

Or just update flake.lock without rebuilding:

just flake

Bootstrap a New NixOS System

Clone the repo:

git clone [email protected]:stfl/dotfiles.git ~/.config/dotfiles

Setup Emacs

https://github.com/stfl/doom.d#installation

System Configuration

Access user journal

Grant user access to system journal:

usermod -a -G systemd-journal $USER

Set default boot target to multi-user

For headless systems:

systemctl set-default multi-user.target

Hardware: ZSA Keyboards

ZSA keyboard support (ErgoDox EZ, Moonlander, Voyager) is configured in modules/hardware/zsa.nix.

The udev rules and plugdev group setup are handled automatically by NixOS.

Docker

Docker is configured via modules/docker.nix. The module handles:

  • Installing docker and docker-compose
  • Adding the user to the docker group
  • Enabling the docker service

Bashrc for root

Symlink root’s .bashrc to the versioned config:

ln /home/slendl/.config/dotfiles/config/bash/.bashrc.root /root/.bashrc -sf

Development Tools

password-store

Trust your password-store GPG key:

gpg --edit-key <password-store-key>
> trust
> 5 # trust ultimately

org-protocol in Brave Browser

Reddit about policy Brave Doku

Install the org-protocol policy system-wide:

{
  "AutoLaunchProtocolsFromOrigins": [
    {
      "allowed_origins": [ "*" ],
      "protocol": "org-protocol2"
    }
  ]
}

Brave nix source

NixOS Operations

Building and switching

Local rebuild:

sudo nixos-rebuild switch --flake ".#"

Remote deployment

# just deploy <hostnam> <target>
just deploy syncthing-pve [email protected]

Deploy to a remote host:

nixos-rebuild \
    --target-host [email protected] \
    --use-remote-sudo \
    switch \
    --flake ".#hostname"

NixOS Installation

An easy solution is to do a remote setup - have the nixos config on an existing machine and connect to the new system via ssh.

On the installation target, change the password so that ssh will work:

passwd

Do partitioning according to the host specific instructions TODO use disko

Setup

Mount partitions:

mount /dev/sda3 /mnt
mkdir -p /mnt/boot
mount /dev/sda1 /mnt/boot
swapon /dev/sda2

Generate the hardware-configuration.nix:

nixos-generate-config --root /mnt --dir .

Copy the hardware-configuration to the git repo:

HOST=kondor
mkdir -p hosts/$HOST
scp [email protected]:hardware-configuration.nix hosts/$HOST
cp hosts/nixos-vm/{default,home}.nix hosts/$HOST

Then customize hardware-configuration.nix, default.nix and home.nix

Installation

Get the config to the target (rsync won’t work if not available on target):

rsync -ravh ./ [email protected]:dotfiles/

On the target, run nixos-install:

HOST=kondor
nixos-install --root /mnt --flake .#$HOST

Repair NixOS Installation via Live ISO

To repair a NixOS installation when booted to a live ISO:

Mount the partitions to /mnt and enter the special nixos chroot:

nixos-enter
cd /path/to/dotfiles
nixos-rebuild switch --flake .#hostname

Secrets Management with agenix

Add a new secret

Modify secrets/secrets.nix and add the new secret file.

Create and edit a secret

cd secrets
agenix -e <name-of-secret>.age

Emacs will open and you can insert the content to modify or create a new file. Save the file and close with SPC b k to terminate the buffer and return to the shell.

Add a new host

  • You need to first setup NixOS without agenix
  • Put the auto-generated ssh host public key /etc/ssh/ssh_host_ed25519_key.pub into secrets.nix
  • Rekey with another private key that allows decrypting all relevant keys:
agenix --rekey -i ~/.ssh/id_ed25519_stfl

Create a Custom ISO

Edit modules/iso.nix, then build:

nix build .#iso

Write to USB:

sudo dd if=results/iso/*.iso \
        of=/dev/sda \
        bs=1M \
        conv=sparse,fsync \
        status=progress

Application Setup

Citrix Workspace

Download the corresponding version from https://www.citrix.com/downloads/workspace-app/

Add the file to the nix store:

nix-prefetch-url file://${PWD}/packages/citrix/linuxx64-24.8.0.98.tar.gz

Afterwards citrix_workspace can be installed.

FlakeHub

Login to FlakeHub for faster downloads and cache:

determinate-nixd login

Hyprland

Monitors

hyprctl monitors all

Configure rclone

rclone has many different endpoints it can set up.

I believe, the easiest to set up an endpoint is to run the rclone config wizard and copy the resulting confing including secrets from ~~/.config/rclone/rclone.conf~ into the nixos module and agenix secrets respectivly

Update Google Drive token

https://rclone.org/drive/

  • in modules/home/rclone-shares.nix configure config.client_id and secrets.client_secret. (without secrets.token)
  • rebuild the system
  • possibly remove the token value from ~~/.config/rclone/rclone.conf~
  • run rclone config and reconfigure the drive endpoint.
  • after authenticating the client, copy the **token** value from ~~/.config/rclone/rclone.conf~ into the secrets/rclone-drive-token.age via *Secrets Management with agenix. This token value contians the refresh_token that allows the client to stay online
  • rebuild the system with secrets.token set to the agenix secret in modules/home/rclone-shares.nix

About

NixOS

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Languages