- Clone this repo
- Enter the dev environment
$ nix develop
- Build OS
$ just build
- Update upstream inputs
$ just update
- Format, lint, size, clean, search, run and more:
$ just
- Open source by default (public code, auditable, community focused)
- currently: nix+git+github(this repo)
- Minimal attack surface (less apps, simpler apps, minimal customization)
- currently: i3+kitty+restic+kak
$ just size [INFO] Calculating size... du . -sh --exclude=.git 416K . tokei . -s code =============================================================================== Language Files Lines Code Comments Blanks =============================================================================== Nix 45 1112 832 60 220 Org 2 357 254 4 99 Haskell 1 7 5 1 1 =============================================================================== Total 48 1476 1091 65 320 ================================================================================
- Reproducible setup (pinned versions, one step build)
- currently: flakes
- nix pinning: difficult to maintain
- channels: impure
- Safe defaults (rm -i, vpn, encrypted disk and swap, autolock, frecuent and
automatic dedup write-only backup)
- current backup: restic (dedup backup with snapshots on time),
- current sync: rclone (accesible via backblaze mobile app)
- current storage: backblaze (not write-only), will be solved with wasabi
- current vpn: mullvad (multihop + socks5 + killswitch), proton too slow
- current browser: chromium+plugins, brave not working with plugins
- Secrets on remote vault
- currently: 1password CLI with enviroment substitution
- sops: never store the secrets
- gitcrypt: not encrypted at rest in clonned repo
- pass: several files and complex git workflow
- pass+tomb: more tools and same results with sops
- Declarative and avoid of imperative configuration
- currently: home over tmpfs
- future: pending root (/) over blank zfs/brtfs
- future: install as code
- Functional programming
- currently: NixEL+Nixpkgs+NixOS+Home-Manager
- Easy to use (sexy security)
- currently: only grub password, then autologin (only one user)
- Separation of concerns (one functionality needs multiple touch points)
- currently: using modules for os configuration
- pending: apply same strategy for home-manager
- past: everything in one file
- Keyboard centric