diff --git a/README.md b/README.md index e81b488..c5790fb 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,42 @@ # balsoft’s nixos configuration -## Creating your own secret.nix for better experience -You can check out the structure of `./secret.nix` in `./modules/secrets.nix` +## License + +Most of this config is in public domain (see [LICENSE](./LICENSE)), with +the exception of [a Brother printer ppd file](./modules/workspace/print-scan/Brother_HL-3170CDW_series.ppd) +which is licensed under GPLv2 and [an sqlite database of programs in nixpkgs](./misc/programs.sqlite). +I believe I am entitled to distribute both with this config, if this is +not true, please contact me. + +## Stuff that may be useful + +### Secrets + +Secrets are kept in a separate (private) git repository, encrypted with +gpg and decrypted at runtime using [secrets.nix](./modules/secrets.nix) +and [secrets-envsubst.nix](./modules/secrets-envsubst.nix). The repo is +`pass(1)`-compatible, so passwords are also stored there. + +_pls no pwn_ + +### Themes + +Themes for everything are generated from a custom base16 theme. The theme +is defined in [themes.nix](./modules/themes.nix), and the generation is spread all around +[modules](./modules). + +### Tmpfs root + +To prevent extraneous state from clinging on the drive, I am using tmpfs +root on my two main devices. It is implemented in [persist.nix](./modules/persist.nix). + +### Easy Wireguard setup module + +Copied from notgne2 with permission to redistribute as public domain software. +Can be found in [ezwg.nix](./modules/ezwg.nix) ## Installing it on your machine -`sudo nixos-rebuild test --flake .` + +1. Remove `yt-utilities` from `profiles/desktop.nix`; +2. Add a config for your device to `machines` (it has to set `deviceSpecific.devInfo`, import your `hardware-configuration.nix` and one of the profiles, and contain a `system` file); +3. `sudo nixos-rebuild test --flake .` diff --git a/modules/applications/packages.nix b/modules/applications/packages.nix index a512735..33a71f3 100644 --- a/modules/applications/packages.nix +++ b/modules/applications/packages.nix @@ -30,7 +30,6 @@ gnumeric gcalcli xdg_utils - inputs.yt-utilities.defaultPackage.x86_64-linux lambda-launcher nix-patch pass-wayland diff --git a/modules/applications/yt-utilities.nix b/modules/applications/yt-utilities.nix index 116808b..0bdaad0 100644 --- a/modules/applications/yt-utilities.nix +++ b/modules/applications/yt-utilities.nix @@ -1,5 +1,6 @@ -{ pkgs, config, lib, ... }: { +{ pkgs, config, lib, inputs, ... }: { home-manager.users.balsoft = { + home.packages = [ inputs.yt-utilities.defaultPackage.x86_64-linux ]; home.activation.yt-config = "$DRY_RUN_CMD ln -sf $VERBOSE_ARG ${config.secrets-envsubst.yt} $HOME/.yt.yaml"; }; secrets-envsubst.yt = { diff --git a/modules/secrets.nix b/modules/secrets.nix index db30040..8d6a108 100755 --- a/modules/secrets.nix +++ b/modules/secrets.nix @@ -94,6 +94,14 @@ in { type = attrsOf (submodule secret); default = { }; }; + + options.secretsConfig = { + repo = lib.mkOption { + type = str; + default = "ssh://git@github.com/balsoft/pass"; + }; + }; + config.systemd.services = mkMerge (concatLists (mapAttrsToList mkServices config.secrets)); @@ -106,7 +114,7 @@ in { if [ -d "$HOME/.password-store" ]; then cd "$HOME/.password-store"; ${pkgs.git}/bin/git pull else - ${pkgs.git}/bin/git clone ssh://git@github.com/balsoft/pass "$HOME/.password-store" + ${pkgs.git}/bin/git clone ${lib.escapeShellArg config.secretsConfig.repo} "$HOME/.password-store" fi ln -sf ${ pkgs.writeShellScript "push" "${pkgs.git}/bin/git push origin master"