nix-config/README.md

[![built with nix](https://img.shields.io/static/v1?logo=nixos&logoColor=white&label=&message=Built%20with%20Nix&color=41439a)](https://builtwithnix.org)

# My NixOS configurations

Here's my NixOS/home-manager config files. Requires [Nix flakes](https://nixos.wiki/wiki/Flakes).

## Structure

- `flake.nix`: Entrypoint for hosts and home configurations. Also exposes a
  devshell for boostrapping (`nix develop` or `nix-shell`).
- `lib`: A few lib functions for making my flake cleaner
- `hosts`: NixOS Configurations, accessible via `nixos-rebuild --flake`.
  - `common`: Shared configurations consumed by the machine-specific ones.
    - `global`: Configurations that are globally applied to all my machines.
    - `optional`: Opt-in configurations my machines can use.
  - `floki`: Lenovo ThinkPad X1 Carbon Extreme Gen 5
- `home`: My Home-manager configuration, acessible via `home-manager --flake`
    - Each directory here is a "feature" each hm configuration can toggle, thus
      customizing my setup for each machine (be it a server, desktop, laptop,
      anything really).
- `modules`: A few actual modules (with options) I haven't upstreamed yet.
- `overlay`: Patches and version overrides for some packages. Accessible via
  `nix build`.
- `pkgs`: My custom packages. Also accessible via `nix build`. You can compose
  these into your own configuration by using my flake's overlay, or consume them through NUR.
- `templates`: A couple project templates for different languages. Accessible
  via `nix init`.


## About the installation

Home-manager is used in a standalone way, and because of opt-in persistence is
activated on every boot with `loginShellInit`.


## How to bootstrap

All you need is nix (any version). Run:
```
nix-shell
```

If you already have nix 2.4+, git, and have already enabled `flakes` and
`nix-command`, you can also use the non-legacy command:
```
nix develop
```

`nixos-rebuild --flake .` To build system configurations

`home-manager --flake .` To build user configurations

`nix build` (or shell or run) To build and use packages

`sops` To manage secrets, example:

```
export GPG_TTY=$(tty)
gpgconf --reload gpg-agent
EDITOR=vi sops --config .sops.yaml nixos/_mixins/secrets.yaml
```


## Secrets

For deployment secrets (such as user passwords and server service secrets), I'm
using the awesome [`sops-nix`](https://github.com/Mic92/sops-nix). All secrets
are encrypted with my personal PGP key (stored on a YubiKey), as well as the
relevant systems's SSH host keys.

On my desktop and laptop, I use `pass` for managing passwords, which are
encrypted using (you bet) my PGP key. This same key is also used for mail
signing, as well as for SSH'ing around.

## Tooling and applications I use

Most relevant user apps daily drivers:

- emacs
- fish
- kitty
- qutebrowser
- neomutt + mbsync
- khal + khard + todoman + vdirsyncer
- gpg + pass
- tailscale
- podman
- zathura
- wofi
- bat + fd + rg
- kdeconnect
- sublime-music

Some of the services I host:

- hydra
- navidrome
- deluge
- prometheus
- websites (such as https://burd.me ...)
- headscale

Nixy stuff:

- nix-colors
- sops-nix
- impermanence
- home-manager
- deploy-rs
- and NixOS and nix itself, of course :)

Let me know if you have any questions about them :)
add README.md 2023-09-15 18:15:08 +00:00			`[![built with nix](https://img.shields.io/static/v1?logo=nixos&logoColor=white&label=&message=Built%20with%20Nix&color=41439a)](https://builtwithnix.org)`

			`# My NixOS configurations`

			`Here's my NixOS/home-manager config files. Requires [Nix flakes](https://nixos.wiki/wiki/Flakes).`

			`## Structure`

			- `flake.nix`: Entrypoint for hosts and home configurations. Also exposes a
			devshell for boostrapping (`nix develop` or `nix-shell`).
			- `lib`: A few lib functions for making my flake cleaner
			- `hosts`: NixOS Configurations, accessible via `nixos-rebuild --flake`.
			- `common`: Shared configurations consumed by the machine-specific ones.
			- `global`: Configurations that are globally applied to all my machines.
			- `optional`: Opt-in configurations my machines can use.
s/loki/floki/g 2023-09-22 14:10:04 +00:00			- `floki`: Lenovo ThinkPad X1 Carbon Extreme Gen 5
add README.md 2023-09-15 18:15:08 +00:00			- `home`: My Home-manager configuration, acessible via `home-manager --flake`
			`- Each directory here is a "feature" each hm configuration can toggle, thus`
			`customizing my setup for each machine (be it a server, desktop, laptop,`
			`anything really).`
			- `modules`: A few actual modules (with options) I haven't upstreamed yet.
			- `overlay`: Patches and version overrides for some packages. Accessible via
			`nix build`.
			- `pkgs`: My custom packages. Also accessible via `nix build`. You can compose
			`these into your own configuration by using my flake's overlay, or consume them through NUR.`
			- `templates`: A couple project templates for different languages. Accessible
			via `nix init`.


			`## About the installation`

			`Home-manager is used in a standalone way, and because of opt-in persistence is`
			activated on every boot with `loginShellInit`.


			`## How to bootstrap`

			`All you need is nix (any version). Run:`
			```
			`nix-shell`
			```

			If you already have nix 2.4+, git, and have already enabled `flakes` and
			`nix-command`, you can also use the non-legacy command:
			```
			`nix develop`
			```

			`nixos-rebuild --flake .` To build system configurations

			`home-manager --flake .` To build user configurations

			`nix build` (or shell or run) To build and use packages

updates 2024-05-03 01:36:17 +00:00			`sops` To manage secrets, example:

			```
			`export GPG_TTY=$(tty)`
			`gpgconf --reload gpg-agent`
			`EDITOR=vi sops --config .sops.yaml nixos/_mixins/secrets.yaml`
			```
add README.md 2023-09-15 18:15:08 +00:00

			`## Secrets`

			`For deployment secrets (such as user passwords and server service secrets), I'm`
			using the awesome [`sops-nix`](https://github.com/Mic92/sops-nix). All secrets
			`are encrypted with my personal PGP key (stored on a YubiKey), as well as the`
			`relevant systems's SSH host keys.`

			On my desktop and laptop, I use `pass` for managing passwords, which are
			`encrypted using (you bet) my PGP key. This same key is also used for mail`
			`signing, as well as for SSH'ing around.`

			`## Tooling and applications I use`

			`Most relevant user apps daily drivers:`

update docker and podman config 2023-10-16 18:46:06 +00:00			`- emacs`
will apply, but is it right? 2023-09-26 17:44:54 +00:00			`- fish`
add README.md 2023-09-15 18:15:08 +00:00			`- kitty`
			`- qutebrowser`
			`- neomutt + mbsync`
			`- khal + khard + todoman + vdirsyncer`
			`- gpg + pass`
			`- tailscale`
			`- podman`
			`- zathura`
			`- wofi`
			`- bat + fd + rg`
			`- kdeconnect`
			`- sublime-music`

			`Some of the services I host:`

			`- hydra`
			`- navidrome`
			`- deluge`
			`- prometheus`
			`- websites (such as https://burd.me ...)`
			`- headscale`

			`Nixy stuff:`

			`- nix-colors`
			`- sops-nix`
			`- impermanence`
			`- home-manager`
			`- deploy-rs`
			`- and NixOS and nix itself, of course :)`

			`Let me know if you have any questions about them :)`