Skip to content

My messy system configuration setup

License

Notifications You must be signed in to change notification settings

berbiche/dotfiles

Repository files navigation

Dotfiles

My configuration for the various tools I use.

This README needs a thorough rewrite. All instructions are out-of-date.

I use Sway (a tiling window manager running on Wayland) on NixOS on both my laptop and my desktop.

I also have two macbooks for work (M1 and Intel).

This repository lives under $HOME/dotfiles and I use Home Manager to manage my configuration files and my packages.

I use Gnome Keyring to manage my secrets (SSH, GPG) and to have a graphical prompt to unlock my keys.

Structure

My configuration is organized as follows:

  • ./flake.nix: contains my system definitions

  • ./top-level: contains logic to load my custom NixOS/Darwin/Home Manager modules and the basic common setup used by all my systems.

    This is where some of the options that I use in my configuration are defined.

    Each OS also declares "stub"/"sink" options for things that are not available on respective OS as their assignment leads to an error.

    For instance, NixOS does not have a launchd option so it is stubbed with mkSinkUndeclaredOptions.

  • ./user: declares an active user, note that my system configuration does not support using multiple users yet. All profiles are configurated for the "current" user.

  • ./host: this is where I define each host. The list of "profiles" used by each host is defined in the root flake.nix file.

  • ./modules: this is where I define my custom modules for NixOS, nix-darwin and Home Manager.

    These modules are loaded automatically depending on the platform by ./top-level/module.nix

  • ./profiles: configurations for my tools, desktop environment and other stuff.

    Most configurations work with NixOS and nix-darwin but some are exclusive to each platform.

    I am currently in the process of rewriting my profiles to be compatible with a standalone Home Manager installation.

  • ./cachix: this folder is owned by cachix and serves to configure substituers.

    Substituers are sources that will be used to lookup binary packages to minimise local rebuilds.

  • ./secrets: secrets managed with sops and sops-nix.

Initial setup (for NixOS)

  1. Clone this repository.

    $ git clone https://github.com/berbiche/dotfiles
    $ cd dotfiles

    If you are already using Nix >= 2.4 and have experimental-features = nix-command flakes in your /etc/nix/nix.conf, then you won't need to do the next steps and can jump directly to building.

  2. Enter the nix shell

    $ nix --extra-experimental-features "nix-command flakes" develop
  3. Build the system

3.1. Build the system (in this case the mero host)

``` console
$ rebuild switch --flake '.#mero' -v -L
```

Building

If the new system configuration has been built once before, then you don't need to use the nix-shell.

  1. Rebuild the system

    • On NixOS (in this case the mero host)

      $ sudo nixos-rebuild switch --flake '.#mero' -v -L
      building the system configuration...

      This command is also aliased to the command nrsf in my shells.

    • On Darwin

      $ darwin-rebuild switch --flake '.#PC335' -v -L
      building the system configuration...

      Note this command SHOULD NOT be run with root with my configuration.

      nix-darwin will automatically request superuser permissions as required.

      This command is also aliased to the command nrsf in my ZSH shell.

Updating

  1. Update the dependencies

    $ nix flake update --commit-lock-file

    or

    $ nix flake lock --commit-lock-file --update-input <input-name>
  2. Rebuild per instructions in the Building section

Adding a Cachix cache

$ cachix use <name> -d . -m nixos

The -d flag instructs cachix to use the current folder as the base folder instead of /etc/nixos while the -m flag forces cachix to only create nix files under ./cachix (and to update ./cachix.nix).

Darwin

As it stands, bootstrapping the system using only flakes is not possible because nix-darwin does not expose the installer script in the flake.

  1. Build the configuration

    $ nix --extra-experimental-features "nix-command flakes" build '.#darwinConfigurations.${machine-name}' -v -L
    ...
  2. Activate the system configuration

    $ sudo ./result/activate
  3. Activate the user configuration

    $ ./result/activate-user

The configuration is now active and linked. You can purge your old configurations at anytime with sudo nix-collect-garbage -d.

Configuration

Most programs configuration live under user/programs.

Email

  1. Create an application password on Google

  2. Copy the password and add it to the keyring

    $ nix shell nixpkgs#gnome.libsecret
    $ secret-tool store --label='Gmail account for neomutt' account gmail
    Password: <paste>
    $ mbsync -V gmail

Sops

Setup

  1. sudo nix run nixpkgs#ssh-to-pgp -- -i /etc/ssh/ssh_host_rsa_key -o secrets/hosts/"$(hostname -s)".asc
  2. Copy the fingerprint to .sops.yaml

OR

  1. age-keygen -o "$SOPS_AGE_KEY_FILE"

Make sure to export SOPS_AGE_KEY_FILE!

`SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt`

Updating keys

  1. sops updatekeys <FILE>

OR if a gpg key has expired:

  1. nix shell nixpkgs#libfaketime -c 'faketime "<DATE>" sops updatekeys <FILE>

Modifying secret

  1. sops --in-place <FILE>

pam_u2f

  1. pamu2fcfg -i pam://$(hostname -s) -o pam://$(hostname -s) >~/.config/Yubico/u2f_keys

ZSH

Many aliases are defined in my ZSH config that replaces default commands.

  • eza (ls with --tree and other goodies)
  • bat (cat with syntax highlighting and pagination)
  • ripgrep (opiniated grep with defaults applied, claims to be faster than grep)
  • fd (find with a much more intuitive syntax to me though I use them interchangeably)
  • neofetch (get basic system information from the terminal)
  • starship (cool shell prompt with git, nodejs, rust, go, etc. support)
  • hexyl (cli hex viewer, an alternative to xxd)

TODOS

  • Further improve the README, maybe change markdown to orgmode

  • Transform my profiles in real Nix modules where it makes sense.

    Certain profiles will never be loaded on Darwin or NixOS because they do not expose certain options, resulting in an error.