isabel's dotfiles

Foreword

This repository contains my personal configuration for my systems, so its really important that you know it's personal and not everything will fit your needs. Therefore most things will not work out of the box without some changes, so be warned!!!!

warning

Also to note that this configuration will not work if you do not change any of the secrets since they are encrypted.

What does this repo provided

Modular configuration, so you can add or remove parts of the configuration
Sensible defaults, so you can get started quickly
Docs kind of
Catppuccin everywhere.

🖥️ Systems

Name	Main User	Type	OS	Extra Details
amaterasu	isabel	Desktop	NixOS	A powerful desktop dual booting windows 11
athena	isabel	Hybrid	NixOS	My oldest laptop, altogh this flake still supports it, its barely in use
aphrodite	isabel	Sever	NixOS	The host of most tgirl.cloud services
lilith	n/a	Iso	NixOS	An iso image of my NixOS configuration, used to install NixOS on new systems
minerva	isabel	Server	NixOS	This is the orginal server, hosting most of my personal services
skadi	isabel	Server	NixOS	Oracle free server, mostly used for the pds and aarch64 builds
tatsumaki	isabel	Laptop	macOS	A macbook air, given to me by uni, almost exclusively used at uni
valkyrie	isabel	WSL2	NixOS	This is my WSL2 instance, installed on amaterasu

🧩 Modules

flake - modules which are used to build the flake outputs
generic - modules which are intended to work with any module system (e.g. home-manager, nix-darwin, etc.)
nixos - modules which work on NixOS
base - modules which work on either NixOS or macOS
darwin - modules which work on macOS
home - modules which are used to configure home-manager
iso - modules which are used to build isos
wsl - modules which work on WSL2

When writing a module, you should follow these guidelines:

Use a tree like structure for the head lambda args if and only if it is needed.

{
  lib,
  pkgs,
  inputs,
  ...
}:
{
  /* ommitted config */
}

imports should do its best to avoid going backwards in the flake's file structure.

Despite my best efforts to advice you as to not do this, many of you still choose to do so. So here is a guide on how to make it your own. So maybe consider donating to me before continuing.

donation platforms in order of preference:

Making it your own

There are a number of files you will want to edit but the best place to start would be renaming the isabel user to your own user and deleting the robin user.
Following this you will want to edit /modules/base/users/options.nix and change any mentions of isabel to your username.
Then you can create a file in that will contain your ssh key /modules/base/users/<user>.nix.
Finally you will want to edit /modules/nixos/users/<user>.nix to add your encrypted password, generated with mkpasswd.
I host a number off different types of hosts, so there is likely one that will nicely match yours. To check what is a good match for you, look at the hosts table.
At this point you should have found the ideal host, so your going to rename the directory that it is into your preferred hostname.
Then you should make any needed adjustments. This should include renaming the home-manager users and configuring the options.
You will then want to edit modules/nixos/environment/locale.nix such that you have the correct timezone and locale.
You likely don't want to use my lix fork, so you should regex replace izlix with your preferred nix implementation. If your preferred nix implementation does not support nested input.follows you will have to edit the flake.nix.
There is a lot of maintenance burden in this repository, so you should see what you can remove safely. But there's no safe way to guide you on this so best of luck.

NixOS

You might want to use the lilith iso configuration, provided in this repository

To build it you can run nix build .#images.lilith.
Or you can download it from the release page.

If you opted to use the lilith iso image, you can use the iznix-install script to install it on your system. Otherwise, you can follow the steps below.

Install NixOS, you might need to follow the manual
Clone this repository to ~/.config/flake
Run sudo nixos-rebuild switch --flake ~/.config/flake#<host>

Dual boot

If you would like to set up duel boot with Windows, you should consider enabling secure boot. To do so you should follow the lanzaboote guide.

Locate the Windows EFI partition

lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT

Mount the Windows EFI partition

sudo mkdir /mnt/winboot
sudo mount /dev/nvme0n1p1 /mnt/winboot

Copy the Windows EFI files to the NixOS EFI partition

sudo rsync -av /mnt/winboot/EFI/Microsoft/ /boot/EFI/Microsoft/

Finally, clean up

sudo umount /mnt/winboot
sudo rmdir /mnt/winboot

macOS

Install Lix the package manager

curl -sSf -L https://install.lix.systems/lix | sh -s -- install

Then enter a nix development shell in order to use git and other required tools

nix develop

Now we need to switch to the configuration, remember to replace <host> with the system you are configuring

just provision <host>

In the past this repo used to hold templates. Now the templates are located at tgirlcloud/nix-templates. Overall the commands remain the same except for the repo to use.

nix flake init -t github:tgirlcloud/nix-templates#<template> to initialize a new project with the template
nix flake new -t github:tgirlcloud/nix-templates#<template> <out dir> to create a new project in the specified directory

For the full list of templates check the nix-templates repo directory or run nix flake show github:tgirlcloud/nix-templates.

The systems are configured in /systems/<hostname>.

To set up a system configuration it must be declared in /systems/default.nix.

arch:
- default: "x86_64"
- options: "x86_64", "aarch64"
class:
- default: "nixos"
- options: "nixos", "darwin", "iso", "wsl"
system:
- default: constructSystem config.easyHosts.hosts.<hostname>.target config.easy-hosts.hosts.<hostname>.arch
- note: This is a function that constructs the system configuration, it will make x86_64-linux by from the target and arch attributes or aarch64-darwin
deployable:
- default: false
modules:
- default: "[ ]"
- options:
specialArgs:
- default: "{ }"

tip

Please consult easy-hosts for more information on how to set up a system configuration.

The user side is configured in /home/<user>.

To set up a user configuration it must be declared in /modules/base/users/options.nix and /modules/base/users/<user>.nix can be used for anything that is not preconfigured by /modules/base/users/mkusers.nix. You will also want to add a hashed password generated from mkpasswd to /modules/nixos/users/<user>.nix.

You should also add your user into the users.nix file for your system. Whilst following the template:

{
  garden.system = {
    mainUser = "robin";
    users = [ "robin" ];
  };

  # you can add a home-manager configuration here for the user if it needs
  # anything special
  home-manager.users.robin.garden = {};
}

Adding packages to your user or system profile is different then most other flakes. In this flake we use the garden.packages attribute to add our packages, which take an attrset. This prevents us from having duplicate listings of packages, and lets us think a little less when writing home-manger or nixos/darwin module code.

An example of this may look like the following:

{ pkgs, ... }:
{
  garden.packages = {
    inherit (pkgs) git;

    wrapped-nvim = pkgs.symlinkJoin {
      name = "wrapped-nvim";
      paths = [ pkgs.nvim pkgs.astro-language-server ];
    };
  };
}

Sops Nix

We also use sops-nix to manage secrets that are not files. For the most part this will be ssh keys, api keys and other plaintext secrets.

To start you should identify whether you are creating a system level secret or a user level secret.

User secrets

If you are adding a user level secret, you should add your user to the list of users in the .sops.yaml file. Then you should get your public key by running:

ssh-to-age < ~/.ssh/id_ed25519.pub

Then you can create your users secrets file. To do so you should run the command:

sops secrets/your_username.yaml

Where your_username is your actual username.

System secrets

If you are adding a system level secrets, you should get the hostname and its accompanied public key. To get the public key, you can run:

ssh-keyscan <host> | ssh-to-age

Where <host> is the ip address or hostname of the system you want to add.

Alternatively, if you are on the machine you can run:

ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub

Then you can create the system secrets file. To do so you should run the command:

sops secrets/services/<service>.yaml

You should replace <service> with the name of the service you are adding the secrets for.

Rotating secrets

To rotate a secret file all you have to run is:

sops rotate -i secrets/<file>.yaml

Where <file> is the name of the file you want to rotate.

To rotate all the secrets, you can run:

find secrets/ -name "*.yaml" | xargs -I {} sops rotate -i {}

Adding new owners to secrets

To add a new owner to a secret file, you must first add the new recipent to the .sops.yaml file. Then you can run the command:

sops updatekeys secrets/<file>.yaml

Where <file> is the name of the file you want to update.

Futhermore, to batch update all secrets, you can run:

find secrets/ -name "*.yaml" | xargs -I {} sops updatekeys -y {}

To uninstall nix darwin run the following command:

nix run github:LnL7/nix-darwin#darwin-uninstaller

Issues

A awesome list of issues I've had that I want to document for future reference.

chmod nix darwin error

error: chmod '"/nix/store/66kaihiqnn02vpxs6qydcbw9pq7nrkld-iterm2-3.5.4/Applications/iTerm2.app"': Operation not permitted

You can get this error when trying to run nix store gc. The fix for this is to give nix FDA. To do so System Settings > Privacy & Security > Full Disk Access and add nix to the list of apps that have full disk access.

See also https://github.com/NixOS/nix/issues/6765

I use lix.

note

Furthermore this is with a custom patch set through izlix. Though I don't recommend using izlix. If you want the patches you may copy them for personal use.

This flake makes a point of using lix where possible.

To do so we add the following snippet taken from modules/base/nix/overlays/default.nix. What this does is use lix where possible rather than nix.

_: prev: {
  # in order to reduce our closure size, we can override these packages to
  # use the nix package that we have installed, this will trigget a rebuild
  # of the packages that depend on them so hopefully its worth it for that
  # system space
  nixVersions = prev.nixVersions // {
    stable = config.nix.package;
  };
}

I use fht-compositor as my window manager on linux. On macos I don't use a window manager, but when I do it has to be areospace. This page documents how they are used.

SKHD Shortcut	fht-compositor Shortcut	What it does
`CMD+RETURN`	`SUPER+RETURN`	open terminal
	`SUPER+B`	open browser
`CMD+Q`	`SUPER+Q`	quit
`CMD+D`	`SUPER+D`	launcher
	`SUPER+F`	full screen
`CMD+CTRL+[number]`	`SUPER+[number]`	open workspace [number]
`CMD+SHIFT+[number]`	`SUPER+SHIFT+[number]`	move to workspace [number]

lib.hardware:

`lib.hardware.isx86Linux`

check if the host platform is linux and x86

Arguments

[pkgs] the package set

Keyboard shortcuts

dotfiles