Update documentation

README.md

@@ -1,7 +1,42 @@
 # balsoft’s nixos configuration
 
-## Creating your own secret.nix for better experience
+## License
-You can check out the structure of `./secret.nix` in `./modules/secrets.nix`
+
+Most of this config is in public domain (see [LICENSE](./LICENSE)), with
+the exception of [a Brother printer ppd file](./modules/workspace/print-scan/Brother_HL-3170CDW_series.ppd)
+which is licensed under GPLv2 and [an sqlite database of programs in nixpkgs](./misc/programs.sqlite).
+I believe I am entitled to distribute both with this config, if this is
+not true, please contact me.
+
+## Stuff that may be useful
+
+### Secrets
+
+Secrets are kept in a separate (private) git repository, encrypted with
+gpg and decrypted at runtime using [secrets.nix](./modules/secrets.nix)
+and [secrets-envsubst.nix](./modules/secrets-envsubst.nix). The repo is
+`pass(1)`-compatible, so passwords are also stored there.
+
+_pls no pwn_
+
+### Themes
+
+Themes for everything are generated from a custom base16 theme. The theme
+is defined in [themes.nix](./modules/themes.nix), and the generation is spread all around
+[modules](./modules).
+
+### Tmpfs root
+
+To prevent extraneous state from clinging on the drive, I am using tmpfs
+root on my two main devices. It is implemented in [persist.nix](./modules/persist.nix).
+
+### Easy Wireguard setup module
+
+Copied from notgne2 with permission to redistribute as public domain software.
+Can be found in [ezwg.nix](./modules/ezwg.nix)
 
 ## Installing it on your machine
-`sudo nixos-rebuild test --flake .`
+
+1. Remove `yt-utilities` from `profiles/desktop.nix`;
+2. Add a config for your device to `machines` (it has to set `deviceSpecific.devInfo`, import your `hardware-configuration.nix` and one of the profiles, and contain a `system` file);
+3. `sudo nixos-rebuild test --flake .`

modules/applications/packages.nix

@@ -30,7 +30,6 @@
       gnumeric
       gcalcli
       xdg_utils
-      inputs.yt-utilities.defaultPackage.x86_64-linux
       lambda-launcher
       nix-patch
       pass-wayland

modules/applications/yt-utilities.nix

@@ -1,5 +1,6 @@
-{ pkgs, config, lib, ... }: {
+{ pkgs, config, lib, inputs, ... }: {
   home-manager.users.balsoft = {
+    home.packages = [ inputs.yt-utilities.defaultPackage.x86_64-linux ];
     home.activation.yt-config = "$DRY_RUN_CMD ln -sf $VERBOSE_ARG ${config.secrets-envsubst.yt} $HOME/.yt.yaml";
   };
   secrets-envsubst.yt = {

modules/secrets.nix

@@ -94,6 +94,14 @@ in {
     type = attrsOf (submodule secret);
     default = { };
   };
+
+  options.secretsConfig = {
+    repo = lib.mkOption {
+      type = str;
+      default = "ssh://git@github.com/balsoft/pass";
+    };
+  };
+
   config.systemd.services =
     mkMerge (concatLists (mapAttrsToList mkServices config.secrets));
 
@@ -106,7 +114,7 @@ in {
       if [ -d "$HOME/.password-store" ]; then
         cd "$HOME/.password-store"; ${pkgs.git}/bin/git pull
       else
-        ${pkgs.git}/bin/git clone ssh://git@github.com/balsoft/pass "$HOME/.password-store"
+        ${pkgs.git}/bin/git clone ${lib.escapeShellArg config.secretsConfig.repo} "$HOME/.password-store"
       fi
       ln -sf ${
         pkgs.writeShellScript "push" "${pkgs.git}/bin/git push origin master"