Skip to content

jralvarezc/conf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

235 Commits
docs
docs
 
 
hardware/x1c6
hardware/x1c6
 
 
hosts
hosts
 
 
users
users
 
 
.envrc
.envrc
 
 
.gitignore
.gitignore
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 
justfile
justfile
 
 
shell.nix
shell.nix
 
 

Repository files navigation

NixOS and Home-Manager Configuration

“Doing anything in Nix causes me untold pain and suffering, and wastes absurd amounts of my time … unless it follows a path already well-trodden by me personally. I put myself through this because I know that, after all the pain, suffering and wasted time, if eventually I reach my destination, I will have a robust, reliable, reusable solution which will save me even more pain, suffering and time in the long run.” Jacek Generowicz

Usage

  1. Clone this repo
  2. Enter the dev environment 
    $ nix develop
  3. Build OS 
    $ just build
  4. Update upstream inputs 
    $ just update
  5. Format, lint, size, clean, search, run and more: 
    $ just

Goals

  1. Open source by default (public code, auditable, community focused)
    • currently: nix+git+github(this repo)
  2. Minimal attack surface (less apps, simpler apps, minimal customization)
    • currently: i3+kitty+restic+kak
    $ just size
[INFO] Calculating size...
du . -sh --exclude=.git
416K	.
tokei . -s code
===============================================================================
Language            Files        Lines         Code     Comments       Blanks
===============================================================================
Nix                    45         1112          832           60          220
Org                     2          357          254            4           99
Haskell                 1            7            5            1            1
===============================================================================
Total                  48         1476         1091           65          320
================================================================================
  3. Reproducible setup (pinned versions, one step build)
    • currently: flakes
    • nix pinning: difficult to maintain
    • channels: impure
  4. Safe defaults (rm -i, vpn, encrypted disk and swap, autolock, frecuent and automatic dedup write-only backup)
    • current backup: restic (dedup backup with snapshots on time),
    • current sync: rclone (accesible via backblaze mobile app)
    • current storage: backblaze (not write-only), will be solved with wasabi
    • current vpn: mullvad (multihop + socks5 + killswitch), proton too slow
    • current browser: chromium+plugins, brave not working with plugins
  5. Secrets on remote vault
    • currently: 1password CLI with enviroment substitution
    • sops: never store the secrets
    • gitcrypt: not encrypted at rest in clonned repo
    • pass: several files and complex git workflow
    • pass+tomb: more tools and same results with sops
  6. Declarative and avoid of imperative configuration
    • currently: home over tmpfs
    • future: pending root (/) over blank zfs/brtfs
    • future: install as code
  7. Functional programming
    • currently: NixEL+Nixpkgs+NixOS+Home-Manager
  8. Easy to use (sexy security)
    • currently: only grub password, then autologin (only one user)
  9. Separation of concerns (one functionality needs multiple touch points)
    • currently: using modules for os configuration
    • pending: apply same strategy for home-manager
    • past: everything in one file
  10. Keyboard centric

About

NixOS and Home-Manager Configuration

Resources

Readme
Activity

Stars

8 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages