GithubHelp home page GithubHelp logo

nixos-dotfiles's Introduction

Folder structure

TODO TBD

Folder Function
. TODO
common TODO
common/lib TODO
common/settings TODO
home-manager TODO
home-manager/configs TODO
home-manager/configs/secrets TODO
home-manager/configs/secrets/**/ TODO
home-manager/configs/example_secrets TODO
home-manager/modules TODO
home-manager/modules/collections TODO
home-manager/modules/submodule TODO
nixos TODO
nixos/modules TODO
nixos/secrets TODO
nixos/secrets/**/ TODO
nixos/example_secrets TODO

Adding a new device named

<new-device> will be used in the following as placeholder for your new device's name. Also ensure that it does not include underscores (_) as this seems to produce inconsistent hostnames and won't necessarily detect the correct flake configuration for subsequent nixos-rebuild switch executions.

Run the following init commands:

  • git-crypt init -k <new-device> to create the device specific key
  • Recommended: export & backup this key via: git-crypt export-key -k <new-device> <new-key-path> with <new-key-path> describing where to export the key to

Other useful commands:

  • To lock the repo with all keys use git-crypt lock -a
  • To lock the repo with a specific device key named i.e. <my-device> use git-crypt lock -k <my-device>
  • To unlock (decrypt) the repo simply use git-crypt unlock <my-key-path>
    • Note that you might want to unlock the repository with multiple key files to have access to device specific secrets. Simply repeat the command for the all required keys.

Modify the following files:

  • flake.nix:
    • Add below # Define systems something like this: 
        { deviceName = <new-device>; userName = <username>; }
  { deviceName = <new-device>; userName = <username>; confNameSuffix = "no-sec"; forceNoSecrets = true; }
      The first system will try to use the git-crypt secrets whereas the second system will replace them with dummy secrets, in order to allow a first time installation without decrypting the repository.
  • .gitattributes:
    • To add support for device specific secrets with their own keys append similar to the other devices the following line: 
      **/secrets/**/<new-device>/** filter=git-crypt-<new-device> diff=git-crypt-<new-device>

Create the following file:

  • common/settings/<new-device.nix> which contains:
    • general device settings:
      • custom.useDummySecrets
      • custom.gui
      • custom.cpu
      • custom.gpu
        • Note: I haven't tested my setup & modules with an nvidia gpu. Hence, it probably doesn't work.
      • custom.bluetooth
    • all hardware specific setup. This is basically the hardware.nix generated by nixos-generate-config.
    • More settings are available:
      • custom.enableVirtualization
      • custom.grub.enable
      • custom.grub.useUEFI
      • custom.cpuFreqGovernor
      • custom.laptopPowerSaving
      • custom.adb
      • custom.audio.backend
      • custom.internationalization.timeZone
      • custom.internationalization.defaultLocale
      • custom.internationalization.defaultLcTime
      • custom.internationalization.defaultLcPaper
      • custom.internationalization.defaultLcMeasurement
      • custom.internationalization.keyboardLayout
      • custom.internationalization.consoleFont
      • custom.security.usbguard.enforceRules
      • custom.security.usbguard.fixedRules
      • custom.smartcards
      • custom.sshServer.enable
      • custom.sshServer.ports
      • custom.sshServer.authorizedKeys
      • custom.swapfile.enable
      • custom.swapfile.size
      • custom.swapfile.path
      • custom.nano_conf.enable
      • custom.networking.hostname
      • custom.networking.nfsSupport
      • custom.networking.wifiSupport
      • custom.networking.withNetworkManager
      • custom.networking.openvpn.client.enable
      • custom.networking.openvpn.client.autoConnect
    • And even more settings to enable predefined program sets and adjusting their options:
      • custom.hm.modules.alacritty.enable
      • custom.hm.modules.alacritty.virtualboxWorkaround
      • custom.hm.modules.bash.enable
      • custom.hm.modules.calendar.enable
      • custom.hm.modules.easyeffects.enable
      • custom.hm.modules.email.enable
      • custom.hm.modules.git.enable
      • custom.hm.modules.git.scripts.enable
      • custom.hm.modules.gtk.enable
      • custom.hm.modules.neovim.enable
      • custom.hm.modules.optimize_storage.enable
      • custom.hm.modules.qt.enable
      • custom.hm.modules.ssh.enable
      • custom.hm.modules.sway.laptopDisplay
      • custom.hm.modules.sway.disp1
      • custom.hm.modules.sway.disp1_pos
      • custom.hm.modules.sway.disp1_res
      • custom.hm.modules.sway.disp2
      • custom.hm.modules.sway.disp2_pos
      • custom.hm.modules.sway.disp2_res
      • custom.hm.modules.sway.extraConfig
      • custom.hm.modules.waybar.hwmonPath
      • custom.hm.modules.waybar.thermalZone
      • custom.hm.modules.waybar.gpu.tempCmd
      • custom.hm.modules.waybar.gpu.mhzFreqCmd
      • custom.hm.modules.waybar.gpu.usageCmd
      • custom.hm.modules.xdg.enable
      • custom.hm.modules.zsh.enable
      • custom.hm.collections.communication.enable
      • custom.hm.collections.development.enable
      • custom.hm.collections.diyStuff.enable
      • custom.hm.collections.gaming.enable
      • custom.hm.collections.gui_utilities.enable
      • custom.hm.collections.media.enable
      • custom.hm.collections.office.enable
      • custom.hm.collections.utilities.enable

Misc

Waybar

My config is a mashup of Pipshag's config and genofire's config and looks as follows:

nixos-dotfiles's People

Contributors

7fm avatar

Stargazers

avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.