{"id":20613209,"url":"https://github.com/konradmalik/dotfiles","last_synced_at":"2025-04-15T07:10:59.575Z","repository":{"id":37587313,"uuid":"240877744","full_name":"konradmalik/dotfiles","owner":"konradmalik","description":"Dotfiles for Linux and MacOS. Currently on Nix.","archived":false,"fork":false,"pushed_at":"2025-04-12T06:48:22.000Z","size":99208,"stargazers_count":25,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-12T07:35:00.453Z","etag":null,"topics":["automation","dotfiles","home-manager","linux","macos","nix","nix-darwin","nixos","nixos-configuration"],"latest_commit_sha":null,"homepage":"","language":"Nix","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/konradmalik.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-02-16T11:15:11.000Z","updated_at":"2025-04-12T06:48:25.000Z","dependencies_parsed_at":"2023-09-26T04:26:35.023Z","dependency_job_id":"648e6293-2ff3-4a96-891b-0818e3971284","html_url":"https://github.com/konradmalik/dotfiles","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/konradmalik%2Fdotfiles","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/konradmalik%2Fdotfiles/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/konradmalik%2Fdotfiles/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/konradmalik%2Fdotfiles/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/konradmalik","download_url":"https://codeload.github.com/konradmalik/dotfiles/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249023725,"owners_count":21199960,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","dotfiles","home-manager","linux","macos","nix","nix-darwin","nixos","nixos-configuration"],"created_at":"2024-11-16T11:09:09.580Z","updated_at":"2025-04-15T07:10:59.568Z","avatar_url":"https://github.com/konradmalik.png","language":"Nix","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Actions Status](https://github.com/konradmalik/dotfiles/actions/workflows/linux.yml/badge.svg)](https://github.com/konradmalik/dotfiles/actions)\n[![Actions Status](https://github.com/konradmalik/dotfiles/actions/workflows/darwin.yml/badge.svg)](https://github.com/konradmalik/dotfiles/actions)\n\n# Dotfiles\n\nMy NixOS and Nix-Darwin configurations.\n\n## Commands\n\n\u003e [!NOTE]\n\u003e in all commands flake location can be one of the following:\n\n```bash\n# github repo\ngithub:konradmalik/dotfiles#\u003ctarget\u003e\n# local current dir\n.#\u003ctarget\u003e\n# absolute local git repo\ngit+file://$HOME/Code/github.com/konradmalik/dotfiles#\u003ctarget\u003e\n```\n\nI'll use the local version for brevity.\n\n### NixOS:\n\n#### Build and enable config locally:\n\n```bash\n$ sudo nixos-rebuild --flake . switch\n```\n\nTo just build (for example for a test):\n\n```bash\n$ nix build .#nixosConfigurations.$(hostname -s).config.system.build.toplevel\n```\n\n#### Build and enable config on remote:\n\n\u003e [!NOTE]\n\u003e This will fail because of [this bug](https://github.com/NixOS/nixpkgs/issues/118655).\n\u003e Workaround is to use root ssh access, but I don't want to do that\n\n```bash\n$ TARGET=rpi4-1 nixos-rebuild --flake .#$TARGET --target-host $TARGET --build-host $TARGET --use-remote-sudo boot\n```\n\nInstead, this will work for now. I may create a wrapper for that:\n\n```bash\n\n$ TARGET=rpi4-1 ssh $TARGET -- sudo nixos-rebuild --flake github:konradmalik/dotfiles#$TARGET boot\n```\n\n#### Build sd-image:\n\n```bash\n$ nix build .#rpi4-2-sd-image\n```\n\nCopy it somewhere and unpack:\n\n```bash\n$ unzstd -d rpi4-2.img.zst\n```\n\nFlash directly to the card:\n\n```bash\n$ sudo dd if=rpi4-2.img of=/dev/sdX bs=4096 conv=fsync status=progress\n```\n\n\u003e [!NOTE]\n\u003e The filesystem won't be complete, it will miss `etc` and more. NixOS will populate those dirs on first boot.\n\u003e\n\u003e So if you need to modify something on the card (like read host keys or add `wpa_supplicant.conf`) then the steps are:\n\u003e\n\u003e -   boot rpi with the newly flashed card once\n\u003e -   wait a minute or two\n\u003e -   poweroff rpi and mount the card on your PC\n\u003e -   filesystem will be complete\n\u003e\n\u003e In my case, Wi-Fi (`wpa_supplicant.conf`) is symlinked from `sops`, but you may still need to add appropriate host key to `.sops.yaml`.\n\n#### Build minimal ISO with ssh access for root:\n\nUseful for installing any nixos-config through ssh.\n\n```bash\n$ nix build .#installer-iso\n```\n\nFlash iso to a pendrive\n\n```bash\n$ sudo dd if=installer.iso of=/dev/sdX bs=4096 conv=fsync status=progress\n```\n\nBoot, find the ip and ssh connect as root.\n\nConsider using nmap for discovery:\n\n```bash\n$ sudo nmap -p 22 --open -sV 192.168.178.0/24\n```\n\nFormat, partition the drive etc.\n\nThen you can install the system from flake directly:\n\n```bash\n$ sudo nixos-install --flake github:konradmalik/dotfiles#m3800 --root /mnt --no-bootloader\n```\n\nTip: `nixos-enter` is also very handy if you have a working system but need to fix something, e.g. change your password.\n\nTip2: I use `--no-bootloader` because I don't want grub (either way it will fail if there is systemd already defined I think,\nit will say something like '/boot/efi is not at the root'). My flake has already all the needed hardware and booloader configs for the machines I use.\nIn order to install on a new machine, just generate hardware-configuration.nix on that machine and add a new entry in this flake.\n\n### nix-darwin:\n\nDisable gatekeeper or however it's called:\n\n```bash\n$ sudo spctl --master-disable\n```\n\nGo to Settings → Security and Privacy and allow apps from \"Anywhere\".\n\nThen install nix following the official guidelines and installer.\n\nThen build and enable config locally:\n\n```bash\n$ darwin-rebuild switch --flake .\n```\n\nTo just build (for example for a test):\n\n```bash\n$ nix build .#darwinConfigurations.$(hostname -s).config.system.build.toplevel\n# or shortened by nix-darwin\n$ nix build .#darwinConfigurations.$(hostname -s).system\n```\n\n#### Linux builder\n\nIt is useful to have a Linux builder on a macOS machine to build linux-specific stuff.\n\nNixOS has a great support for this. We need to:\n\n-   set up a remote builder\n-   configure nix.buildMachines to use it\n\nWe can have either a truly remote machine (local PC, cloud VM etc. etc.) or a 'local remote builder' which is just a qemu virtual machine with\nNixOS inside. This 'local remote builder' is very handy to have either way, very easy to deploy and very lightweight\n(it mounts your existing /nix/store for example for absolutely minimal disk usage).\n\n`nix-darwin` support a Linux builder as an option:\n\n```nix\nnix.linux-builder.enable = true;\n```\n\n#### Docker on Darwin\n\nUse `darwin-docker` module.\n\n### Linux (non-NixOS; home-manager):\n\nBuild and enable config locally:\n\n```bash\n$ home-manager switch --flake .\n```\n\nTo just build (for example for a test):\n\n```bash\n$ nix build .#homeConfigurations.$(whoami)@$(hostname -s).activationPackage\n```\n\n### sops-nix\n\n#### system-wide (Linux only)\n\nWe use `age`, it's way easier and more straightforward than `gpg`.\n\nStrategy with keys:\n\n-   `age` derived from host ssh key for host-wide secrets\n-   `age` derived from personal ssh key for personal secrets\n-   one global `age` key per person that is kept secret and not directly on any machine. Serves as a backup to decrypt in case of 'tragedy'\n\nCreate `age` directory for sops:\n\n```bash\n$ mkdir -p \"$XDG_CONFIG_HOME/sops/age\" \\\n$ \u0026\u0026 touch \"$XDG_CONFIG_HOME/sops/age/keys.txt\" \\\n$ \u0026\u0026 chmod 700 \"$XDG_CONFIG_HOME/sops/age\" \\\n$ \u0026\u0026 chmod 600 \"$XDG_CONFIG_HOME/sops/age/keys.txt\"\n```\n\nCreate `age` key from your personal ssh key:\n\n\u003e Why do this when decryption keys are also derived from host ssh keys?\n\u003e\n\u003e 1. Redundancy, 2. Personal (user-specific) secrets, 3. Keys generated here can also be used in the home-manager module below\n\n```bash\n$ ssh-to-age -private-key -i ~/.ssh/personal \u003e \"$XDG_CONFIG_HOME/sops/age/keys.txt\"\n```\n\nAdd this key to `.sops.yaml` and propagate re-encryption to all secrets:\n\n```bash\n# adjust this command, glob may not work!\n$ sops updatekeys secrets/*.yaml\n```\n\n#### home-manager\n\nFor user-specific secrets, a home-manager modules of sops-nix is used.\n\nWe similarly use `age`. The key is reused from system-wide config (the one derived from personal ssh).\nSee how `sops` is configured in the home-manager (it just points at the `keys.txt` file).\n\n### Credits\n\n[Misterio77](https://github.com/Misterio77/nix-config) - big inspiration for hyprland and nix files structure.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkonradmalik%2Fdotfiles","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkonradmalik%2Fdotfiles","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkonradmalik%2Fdotfiles/lists"}