balsoft/nixos-config
1
0
Fork 0
Code Issues Releases Wiki Activity

Update documentation

Browse Source
This commit is contained in:
Alexander Bantyev 2021-06-12 01:21:24 +03:00
parent d298947e83
commit 0c047a852d
Signed by: balsoft
GPG Key ID: E081FF12ADCB4AD5
4 changed files with 49 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
README.md
View File

@ -1,7 +1,42 @@
# balsofts nixos configuration # balsofts nixos configuration
## Creating your own secret.nix for better experience ## License
You can check out the structure of `./secret.nix` in `./modules/secrets.nix`
Most of this config is in public domain (see [LICENSE](./LICENSE)), with
the exception of [a Brother printer ppd file](./modules/workspace/print-scan/Brother_HL-3170CDW_series.ppd)
which is licensed under GPLv2 and [an sqlite database of programs in nixpkgs](./misc/programs.sqlite).
I believe I am entitled to distribute both with this config, if this is
not true, please contact me.
## Stuff that may be useful
### Secrets
Secrets are kept in a separate (private) git repository, encrypted with
gpg and decrypted at runtime using [secrets.nix](./modules/secrets.nix)
and [secrets-envsubst.nix](./modules/secrets-envsubst.nix). The repo is
`pass(1)`-compatible, so passwords are also stored there.
_pls no pwn_
### Themes
Themes for everything are generated from a custom base16 theme. The theme
is defined in [themes.nix](./modules/themes.nix), and the generation is spread all around
[modules](./modules).
### Tmpfs root
To prevent extraneous state from clinging on the drive, I am using tmpfs
root on my two main devices. It is implemented in [persist.nix](./modules/persist.nix).
### Easy Wireguard setup module
Copied from notgne2 with permission to redistribute as public domain software.
Can be found in [ezwg.nix](./modules/ezwg.nix)
## Installing it on your machine ## Installing it on your machine
`sudo nixos-rebuild test --flake .`
1. Remove `yt-utilities` from `profiles/desktop.nix`;
2. Add a config for your device to `machines` (it has to set `deviceSpecific.devInfo`, import your `hardware-configuration.nix` and one of the profiles, and contain a `system` file);
3. `sudo nixos-rebuild test --flake .`

1
modules/applications/packages.nix
View File

@ -30,7 +30,6 @@
gnumeric gnumeric
gcalcli gcalcli
xdg_utils xdg_utils
inputs.yt-utilities.defaultPackage.x86_64-linux
lambda-launcher lambda-launcher
nix-patch nix-patch
pass-wayland pass-wayland

3
modules/applications/yt-utilities.nix
View File

@ -1,5 +1,6 @@
{ pkgs, config, lib, ... }: { { pkgs, config, lib, inputs, ... }: {
home-manager.users.balsoft = { home-manager.users.balsoft = {
home.packages = [ inputs.yt-utilities.defaultPackage.x86_64-linux ];
home.activation.yt-config = "$DRY_RUN_CMD ln -sf $VERBOSE_ARG ${config.secrets-envsubst.yt} $HOME/.yt.yaml"; home.activation.yt-config = "$DRY_RUN_CMD ln -sf $VERBOSE_ARG ${config.secrets-envsubst.yt} $HOME/.yt.yaml";
}; };
secrets-envsubst.yt = { secrets-envsubst.yt = {

10
modules/secrets.nix
View File

@ -94,6 +94,14 @@ in {
type = attrsOf (submodule secret); type = attrsOf (submodule secret);
default = { }; default = { };
}; };
options.secretsConfig = {
repo = lib.mkOption {
type = str;
default = "ssh://git@github.com/balsoft/pass";
};
};
config.systemd.services = config.systemd.services =
mkMerge (concatLists (mapAttrsToList mkServices config.secrets)); mkMerge (concatLists (mapAttrsToList mkServices config.secrets));
@ -106,7 +114,7 @@ in {
if [ -d "$HOME/.password-store" ]; then if [ -d "$HOME/.password-store" ]; then
cd "$HOME/.password-store"; ${pkgs.git}/bin/git pull cd "$HOME/.password-store"; ${pkgs.git}/bin/git pull
else else
${pkgs.git}/bin/git clone ssh://git@github.com/balsoft/pass "$HOME/.password-store" ${pkgs.git}/bin/git clone ${lib.escapeShellArg config.secretsConfig.repo} "$HOME/.password-store"
fi fi
ln -sf ${ ln -sf ${
pkgs.writeShellScript "push" "${pkgs.git}/bin/git push origin master" pkgs.writeShellScript "push" "${pkgs.git}/bin/git push origin master"