{"id":13896783,"url":"https://github.com/teto/home","last_synced_at":"2025-09-17T20:32:20.767Z","repository":{"id":8295098,"uuid":"9835882","full_name":"teto/home","owner":"teto","description":"Configurations","archived":false,"fork":false,"pushed_at":"2025-09-04T10:45:49.000Z","size":21390,"stargazers_count":50,"open_issues_count":0,"forks_count":4,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-09-04T12:34:16.380Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Nix","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/teto.png","metadata":{"files":{"readme":"README.org","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2013-05-03T12:52:45.000Z","updated_at":"2025-09-04T10:45:52.000Z","dependencies_parsed_at":"2024-05-27T17:57:00.057Z","dependency_job_id":"2c3e6bbe-e5d9-4702-bbac-462aa4dd1eeb","html_url":"https://github.com/teto/home","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/teto/home","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/teto%2Fhome","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/teto%2Fhome/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/teto%2Fhome/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/teto%2Fhome/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/teto","download_url":"https://codeload.github.com/teto/home/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/teto%2Fhome/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275658727,"owners_count":25504776,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-17T02:00:09.119Z","response_time":84,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-06T18:03:09.375Z","updated_at":"2025-09-17T20:32:20.731Z","avatar_url":"https://github.com/teto.png","language":"Nix","funding_links":[],"categories":["Nix"],"sub_categories":[],"readme":"#+title: how to use this repo\n#+author: teto\n#+NAME: demo\n\n* home\n\nThis folder contains my customizations for:\n- [[https://dystroy.org/broot/][broot]] file explorer\n- [[https://github.com/jarun/Buku][buku]]: a cli bookmark manager\n- clerk (to control mpd via rofi)\n- [[https://github.com/FontManager/font-manager][font-manager]] the best font manager I could find\n- [[https://fcitx-im.org/wiki/Fcitx_5][fcitx5]] (input method mechanims, e.g. to type japanese from your qwerty keyboard)\n- [[https://github.com/rycee/home-manager/][home-manager]] to generate dotfiles from nix\n- htop / btop\n- [[https://gitlab.freedesktop.org/emersion/kanshi]][[kanshi]]: a monitor manager for wayland\n- [[way-displays]][[]] in the same vein\n- [[https://github.com/Alexays/Waybar][waybar]] sway bar\n- [[https://github.com/pimutils/khard][khard]] (a carddav CLI)\n- [[https://github.com/pimutils/khal][khal]] (a calendar CLI)\n- mpd (configuration files to run this music server as a user)\n  - [[rmpc][https://github.com/mierak/rmpc/]] A fantastic rust+tui player\n  - [[euphonica][https://github.com/htkhiem/euphonica]] a beautiful gtk gui\n  - ncmpcpp (mpd console player)\n- [[https://marlam.de/msmtp/news][msmtp]] (MSA: Mail Sending Agent)\n- [[https://mierak.github.io/rmpc/]][rmcp]] (mpd console player)\n- [[https://github.com/neovim/neovim][neovim]] (fork of vim)\n- [[https://newsboat.org/][newboat]] (RSS reader, fork of newsbeuter)\n- [[www.notmuch.org][notmuch]] (to tag mails)\n   - [[https://github.com/purebred-mua/purebred][purebred]] (terminal MUA)\n   - [[https://github.com/pazz/alot][alot]] (MUA: Mail User Agent, like mutt)\n   - [[https://github.com/astroidmail/astroid][astroid]] (MUA with a GUI)\n   - [[https://neomutt.org][neomutt]] (Mail User Agent)\n- [[qutebrowser][www.qutebrowser.org]] (vim like browser)\n- [[https://github.com/DaveDavenport/rofi][rofi]] (a dmenu-like interactive prompt, works with clerk/i3 etc...)\n- [[https://starship.rs/][starship]] (prompt manager)\n- nssxiv (image viewer)\n- [[www.swaywm.com][sway]] (wayland window manager)\n- [[https://sw.kovidgoyal.net/kitty/][kitty]] (terminal)\n- [[https://wezfurlong.org/][wezterm]] (terminal)\n- [[https://github.com/jonas/tig][tig]] (a git history reader)\n- tmux (terminal multiplexer)\n- [[https://github.com/tio/tio][tio]] a serial device tool\n- [[https://vifm.info/][vifm]] (ranger-like, file explorer)\n- [[https://github.com/vimus/vimus][vimus]] (or vimpc ? mpd player)\n- [[https://www.visidata.org/][visidata]] (for data analysis, csv/json/pcap/... reader)\n- [[https://weechat.org/][weechat]] (Irc client)\n- [[https://github.com/sxyazi/yazi][yazi]] a TUI file manager in rust, much faster than ranger or joshuto, just amazing\n- zsh (alternative to bash)\n\n\n* nixos Install via flakes\n\nAs long as flakes are not supported natively, you need to:\n#+BEGIN_SRC shell\n# when not setting #my-machine, defaults to hostname\n# deploy a first generation without any secrets but in my favorite environment\n$ nixos-rebuild switch --flake 'github:teto/home#laptop' --use-remote-sudo --option accept-flake-config true --option extra-experimental-features 'nix-command flakes'\n$ just stow-config stow-home stow-local\n# once you've moved on the secrets to where they must be, you can deploy the final configuration\n$ nixos-rebuild switch --flake 'github:teto/home#laptop-with-secrets' --use-remote-sudo --option accept-flake-config true --option extra-experimental-features 'nix-command flakes'\n#+END_SRC\n\n\n\n\n* Approach to handling secrets\n\n  Nix writes everything world-readable so you dont want to embed passwords in .nix files.\n\n  ** information you prefer to hide but won't seppuku if discovered...\n\n  ... are handled via git-crypt in the repo.\n\n  ** Infrastructure secrets\n\n  The solution I adopted is [[https://github.com/Mic92/sops-nix][sops-nix]] which reads secrets from sops files.\n\n  *** How to securely load those secrets in systemd units ?\n\n  With sops, you could create /run/secrets/email_password and have your service pick it up.\n  Set the proper owner to avoid anyone being able to read it.\n\n  One further security can be to rely on systemd-creds.\n  LoadCredentialEncrypted\n\n   /home/teto/.config/systemd/user/mbsync.service.d/override.conf\n\n  ** Most intimate secrets\n\n  you wont find on this repo. I handle them via [[https://www.passwordstore.org/][pass]] and transfer them\n  manually on my machines via the tool in the next section.\n\n\n* How to transfer state\n\nSome secrets can't be shared reliably on the repository so they need to be\ntransferred.\n\n\n** How to transfer secrets from another machine\n\n* age key for sops\n* git crypt key to decypher secrets saved in the repo\n\nTODO mention termscp or yazi + rsync ?\n\nOn the old machine:\n#+BEGIN_SRC\n$ wormhole send ~/.gnupg\n$ wormhole send ~/.password-store \n$ wormhole send ~/.ssh\n$ wormhole send ~/home/secrets\n#+END_SRC\n\nOn the new machine:\n#+BEGIN_SRC\n$ just receive-secrets\ntar xvf -C ~/.gnupg/ gnupg.tar\n...\n#+END_SRC\n\n** How to recover this repo cyphered files\n\nGet git-crypt do decypher the files\nRetreive the key (possibly from an existing deployement via `git-crypt export-key toto.key`) and use\nit on the new deployement via:\n#+BEGIN_SRC sh \n$ git-crypt unlock secrets/git-crypt-teto.key\n#+END_SRC\nshould unlock the files.\n\nNOTE: nixos doesnt seem to work out of the box with git-crypt [[https://github.com/NixOS/nix/issues/5260][anymore]], \n the secret is to leave your repo in a dirty state so that nix sees the unlocked secrets.nix !\n\n* Font management\n\nfontconfig\n\n* Debug neovim config ?\n\nYou can see the resulting config via:\n\n#+BEGIN_SRC\nnix repl . --override-input nixpkgs github:nixos/nixpkgs\nnixosConfigurations.laptop.config.home-manager.users.teto.programs.neovim.finalPackage.XXX\n#+END_SRC\n\n** tips for reinstallation\n\nApart from dd, to create a windows installer USB key, unetbootin worked the best:\n`nix shell nixpkgs#unetbootin`\n\n\nTell me what to do please\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fteto%2Fhome","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fteto%2Fhome","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fteto%2Fhome/lists"}