Update documentation

2021-06-12 01:21:24 +03:00 · 2021-06-12 01:21:24 +03:00 · 0c047a852d
commit 0c047a852d
parent d298947e83
4 changed files with 49 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -1,7 +1,42 @@
 # balsoft’s nixos configuration

-## Creating your own secret.nix for better experience
-You can check out the structure of `./secret.nix` in `./modules/secrets.nix`
+## License
+
+Most of this config is in public domain (see [LICENSE](./LICENSE)), with
+the exception of [a Brother printer ppd file](./modules/workspace/print-scan/Brother_HL-3170CDW_series.ppd)
+which is licensed under GPLv2 and [an sqlite database of programs in nixpkgs](./misc/programs.sqlite).
+I believe I am entitled to distribute both with this config, if this is
+not true, please contact me.
+
+## Stuff that may be useful
+
+### Secrets
+
+Secrets are kept in a separate (private) git repository, encrypted with
+gpg and decrypted at runtime using [secrets.nix](./modules/secrets.nix)
+and [secrets-envsubst.nix](./modules/secrets-envsubst.nix). The repo is
+`pass(1)`-compatible, so passwords are also stored there.
+
+_pls no pwn_
+
+### Themes
+
+Themes for everything are generated from a custom base16 theme. The theme
+is defined in [themes.nix](./modules/themes.nix), and the generation is spread all around
+[modules](./modules).
+
+### Tmpfs root
+
+To prevent extraneous state from clinging on the drive, I am using tmpfs
+root on my two main devices. It is implemented in [persist.nix](./modules/persist.nix).
+
+### Easy Wireguard setup module
+
+Copied from notgne2 with permission to redistribute as public domain software.
+Can be found in [ezwg.nix](./modules/ezwg.nix)

 ## Installing it on your machine
-`sudo nixos-rebuild test --flake .`
+
+1. Remove `yt-utilities` from `profiles/desktop.nix`;
+2. Add a config for your device to `machines` (it has to set `deviceSpecific.devInfo`, import your `hardware-configuration.nix` and one of the profiles, and contain a `system` file);
+3. `sudo nixos-rebuild test --flake .`
--- a/modules/applications/packages.nix
+++ b/modules/applications/packages.nix
@ -30,7 +30,6 @@
      gnumeric
      gcalcli
      xdg_utils
-      inputs.yt-utilities.defaultPackage.x86_64-linux
      lambda-launcher
      nix-patch
      pass-wayland
--- a/modules/applications/yt-utilities.nix
+++ b/modules/applications/yt-utilities.nix
@ -1,5 +1,6 @@
-{ pkgs, config, lib, ... }: {
+{ pkgs, config, lib, inputs, ... }: {
  home-manager.users.balsoft = {
+    home.packages = [ inputs.yt-utilities.defaultPackage.x86_64-linux ];
    home.activation.yt-config = "$DRY_RUN_CMD ln -sf $VERBOSE_ARG ${config.secrets-envsubst.yt} $HOME/.yt.yaml";
  };
  secrets-envsubst.yt = {
--- a/modules/secrets.nix
+++ b/modules/secrets.nix
@ -94,6 +94,14 @@ in {
    type = attrsOf (submodule secret);
    default = { };
  };
+
+  options.secretsConfig = {
+    repo = lib.mkOption {
+      type = str;
+      default = "ssh://git@github.com/balsoft/pass";
+    };
+  };
+
  config.systemd.services =
    mkMerge (concatLists (mapAttrsToList mkServices config.secrets));

@ -106,7 +114,7 @@ in {
      if [ -d "$HOME/.password-store" ]; then
        cd "$HOME/.password-store"; ${pkgs.git}/bin/git pull
      else
-        ${pkgs.git}/bin/git clone ssh://git@github.com/balsoft/pass "$HOME/.password-store"
+        ${pkgs.git}/bin/git clone ${lib.escapeShellArg config.secretsConfig.repo} "$HOME/.password-store"
      fi
      ln -sf ${
        pkgs.writeShellScript "push" "${pkgs.git}/bin/git push origin master"