There are a few ways you can use this setup. Skip ahead to the part that is most pertinent to you.
From what I can tell, this is currently a {{type}} install on {{machine}}. Your display manager is {{display}}. {{keybase}}{{cachix}}
If you are using the default iso, this readme was generated by a github action.
your username is runner
, there is no password. the default display is sway
.
./setup.sh
will get you my fish
configs, nvim
configs, and general
configs. i use this on unprivileged systems all the time. checkout the
commands
section, but there's nothing else non-obvious.
wm | display | cmd |
---|---|---|
sway | wayland | sway |
hyprland | wayland | Hyprland |
xmonad | x | startx |
i3 | x | startx |
fb | - | fb |
none | - | - |
command | description |
---|---|
+ |
Adds the program to shell. Run + program -- command_with program for single program usage. |
--- | |
, |
Run after a command fails. Reruns the last command with assumed missing program. |
--- | |
home |
Uses home-manager to set up user home. |
--- | |
live |
Builds a live disk based on system. |
--- | |
snix |
Switch and rebuild the current NixOS system. |
--- | |
wsl |
Build a WSL tar file for use on windows. |
--- | |
nixos-help |
Run nixos-help but with some fail safes. |
--- | |
dots-help |
Show this readme. |
--- | |
dots-docker |
Build a docker layer of .dots and load it. |
--- | |
dots-remove |
Remove a machine from dots. |
--- | |
dots-install |
Run installation from live disk with zfs partitioning. |
--- | |
start-daemon |
For non-NixOS (but root) start nix-daemon. |
--- | |
stop-daemon |
For non-NixOS (but root) stop nix-daemon. |
--- | |
unlock |
remove given flake from lock (defaults to sensitive ). |
--- | |
update |
Update flake and nix with correct hashes for nixpkgs. |
--- | |
prs |
Applies pull request differences to working branch. |
the disk is immutable and ephemeral. Save persistent files to keybase, make major changes by updating the iso; this is a feature not a bug.
TODO: enable luks on disk, please see
github:dmadisetti/.dots#34
. to made adhoc changes, use home
over snix
as
you will likely overwrite network information.
you can make another iso with the live
command, or from a remote:
nix run github:<github user>/.dots#home;
change user-space configurations and programs, nixOs
not required (you do
need nix
). run home
to install your home configuration. nix/home/common.nix
will automatically be loaded. home
will use nix/home/users/{{user}}.nix
if
it exists, otherwise falls back to nix/home/users/user.nix
.
you can run this from github:
nix run github:<github user>/.dots#home;
For auto-installation: run dots-install
and follow the wizard. This is a
little brittle, but seems to work in general and provides zfs partitioning.
For manual installation, here's a check list of things to do:
- [] partition disks and mount them on /mnt
- [] move over
.dots
and generated sensitive flake to desired location. - [] generate machine + hardware info (i.e.
nixos-generate-config --root /mnt --show-hardware-config > /mnt/$DOTFILES/nix/machines/hardware/$hostname.nix
, and make a/mnt/$DOTFILES/nix/machines/$hostname.nix
file too (you can follownix/spoof/machine.nix
) - [] run installation:
nixos-install --flake "$DOTFILES#$hostname" --override-input sensitive $DOTFILES/nix/sensitive --cores 0 --no-channel-copy
- [] unmount, reboot and rejoice.
current machine: {{machine}}
keybase was acquired by zoom, but hopefully it'll stick around? it's got great
nix integration, may as well sign up while you can. i
recommend putting your sensitive
flake on keybase's
git. There's also a hook to set up ssh keys from
a keys.git
repo. This might blow up if you don't have one, open an issue and
we'll add some defensive checks around it.
keybase will auto-mount to /home/{{user}}/keybase
. careful with the public
folder.
cachix is vital for reasonable build times (esp. if using dots-manager
).
create a cachix account, it's free. set up
cachix by adding a definition to your sensitive:
cachix = [{
name = "{{user}}";
sha256 = "sha256:blahblahblahblahblahblahblahblahblahblahblahblahblah";
}];
if you are using github actions, this will default to your user or organization name. you can change, this, but you'll have to fiddle with the actions. you can just use my public cache if you want, but you aren't getting write privileges.
this is only valid if you opt-in for the eww sidebar (enabled on xmonad).
first, create an account. and add the relevant api
information to your sensitive
:
weather = {
enable = true;
key = "00112233445566778899aabbccddeeff";
city = "4140963"; # obviously your city, your rules
};
someone is scanning for these creds. you'll get an annoying email if you put
them somewhere publicly. for more details see dot/config/eww/scripts/getweather#L20
.
if you have some self signed ssl certificates, you can install them by setting
certificates = {
cert_name = {cert = ./relative/path/to/my/source/checked/cert.crt;};
another = {cert=./another.crt; optional_key=./place.key;}
};
in your sensitive
flake.
feel free to contribute your ideas. templating makes contributions awkward, but this might make things easier
git clone --no-checkout --branch main \
https://github.com/dmadisetti/.dots dylan-dots;
+ rsync -- rsync -avzlh --progress $DOTFILES/ dylan-dots \
--exclude .git --exclude dots-manager/target --exclude nix/sensitive;
cd dylan-dots;
git restore --staged .;
# commit ONLY the changes you'd like to share
+ gh -- gh pr create -B main;