Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/sukhmancs/nixos-configs
yoink, tweak, and make it your own! π
https://github.com/sukhmancs/nixos-configs
agenix flake-parts home-manager nix nix-flakes nixos
Last synced: about 9 hours ago
JSON representation
yoink, tweak, and make it your own! π
- Host: GitHub
- URL: https://github.com/sukhmancs/nixos-configs
- Owner: sukhmancs
- Created: 2024-07-07T01:38:51.000Z (6 months ago)
- Default Branch: main
- Last Pushed: 2024-12-24T00:15:50.000Z (10 days ago)
- Last Synced: 2024-12-26T14:08:10.295Z (7 days ago)
- Topics: agenix, flake-parts, home-manager, nix, nix-flakes, nixos
- Language: CSS
- Homepage:
- Size: 50.1 MB
- Stars: 58
- Watchers: 1
- Forks: 2
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
[](https://builtwithnix.org)
[](https://www.linux.org/)
[]()
[](https://neovim.io/)
[](https://github.com/sukhmancs/nixos-configs/graphs/commit-activity)
[](https://github.com/sukhmancs/nixos-configs/releases/tag/iso-2024-07-29-211510)
[]()
More Catppuccin Previews
Gruvbox-light-hard
Alph
Ashes
Gruvbox-dark-hard
Catppuccin-frappe
ember
emil
fairy-floss
## Todo
- [ ] **Tailnet** - TailScale, WireGuard, ...
- [ ] **Icons** - Icon fonts (gtk/qt) are not dynamic. Try to use base16 colors.
- [ ] **Qemu** - Virtualization with GPU passthrough (_Done but not tested_)
- [ ] **Hardened Systemd**
- [ ] **Modularize** - Anyrun, qt.nix, ...
- [ ] **Refactor** - Remove dead code, unused files, ...
### AppArmor
> One profile a day keeps the hacker away
- [x] **Chrome** - `google-chrome`, `chromium`
## Structure
```plaintext
.
βββ homes π # Common home-manager configuration for all hosts.
βββ hosts π» # Host-specific configurations.
βββ modules π§ # Contains the common modules used across all hosts.
β βββ exclusive πͺ # Modules that need to be enabled exclusively.
β βββ roles π # Roles that can be assigned to a host.
β βββ shared π€ # Modules that are shared across multiple hosts.
βββ flake-parts βοΈ # flake.parts.
β βββ default π¦ # Custom packages that are available to all hosts.
β βββ git-hooks π # Git hooks.
β βββ lib π # Common functions and variables.
β βββ npins π # Nix packages that are pinned.
β βββ shell π # Direnv shell for this project.
β βββ templates π # Flake templates for different languages.
β βββ keys π # Public keys for the hosts.
β βββ live-media π # Live media available for build.
β βββ treefmt π³ # Treefmt configuration.
βββ options βοΈ # Custom options for the hosts.
βββ secrets π # Agenix secrets.
βββ themes π¨ # Custom base16 themes.
```
## Privacy and Security
π‘οΈ Measures
- **Firewall** - `nftables`
- **DNS** - `adguard`
- **VPN** - `wireguard`
- **Secrets** - `agenix`
- **Encryption** - `LUKS`
- **Sandboxing** - `firejail`
- **Security Profiles** - `apparmor`, `selinux`
- **Physical Security** - `yubikey`
- **Ban IPs** - `fail2ban`
- **Malware scanner** - `clamav`
- **USB Device Control** - `usbguard`
- **Software auditing** - `lynis` `vulnix` `auditd`
- **Hardened Firefox** - `Schizofox`
- **Stateless System** - `Impermanence`
- **Kernel Hardening**
## Host
Following hosts are available:
| Host | Type |
| ------------ | ------- |
| `milkyway` | Laptop |
| `triangulum` | Server |
| `andromeda` | Desktop |
| `messier` | ISO |
## Tools
Here are the tools I am using:
| Tool | Milkyway/Andromeda | Messier |
| ------------------ | ------------------ | ------------- |
| πͺ Window Manager | Hyprland | River |
| π₯οΈ Display Manager | swaylock | swaylock |
| π Bar | AGS | Waybar |
| π Launcher | Anyrun, Rofi | Rofi |
| π¨ GTK Theme | adw-gtk3-dark | adw-gtk3-dark |
| π₯οΈ Terminal | Foot | Foot |
| π Notifications | Dunst, AGS | Mako |
> [!NOTE]
>
> **Triangulum** is a headless server, so no graphical stuff there.
## Color Scheme
### Default Color Scheme: `cappuccino-mocha`
| Element | Color Name | Hex Code |
| ---------------------------------------------------------- | ---------- | --------- |
| Background Color | base00 | `#1e1e1e` |
| Secondary Background Color | base02 | `#313244` |
| Text Color | base05 | `#cdd6f4` |
| Secondary Text Color | base00 | `#1e1e1e` |
| Accent Color (Button focused, Border color, Button active) | base0E | `#cba6f7` |
| Overlay Color (Button hover, Button disabled) | base03 | `#45475a` |
### Available Color Schemes
| Scheme | Variants |
| ------------------ | --------------------------------------------------------------------------------------------------- |
| `cappuccino` | mocha, frappe |
| `dracula` | - |
| `gruvbox` | light, dark, medium, hard |
| `henna` | - |
| `helios` | - |
| `horizon` | dark |
| `nord` | - |
| `monokai` | - |
| `selenized` | dark, light |
| `solarized` | dark, light |
| `tomorrow-night` | - |
| `twilight` | - |
| `ubuntu` | - |
| `uwunicorn` | - |
| `windows-95` | - |
| `doom-one` | - |
| `alph` | - |
| `ashes` | - |
| `atelier` | cave, dune, estuary, forest, heath, lakeside, meadow, plateu, savanna, seaside, studio, sulphurpool |
| `ayu-dark` | - |
| `bespin` | - |
| `caret` | - |
| `darkmoss` | - |
| `ember` | - |
| `emil` | - |
| `eris` | - |
| `eva` | - |
| `everforest` | - |
| `fairy-floss` | - |
| `gigavolt` | - |
| `io` | - |
| `isotope` | - |
| `manegarm` | - |
| `material-vivid` | - |
| `miramare` | - |
| `monokai` | - |
| `oceanic-next` | - |
| `old-hope` | - |
| `outrun-dark` | - |
| `spaceduck` | - |
| `stella` | - |
| `summerfruit-dark` | - |
| `woodland` | - |
| `xcode-dusk` | - |
## Installation
### Disk Partitioning
Here is what our disk partitioning will look like:
```plaintext
+-----------------------+------------------------+-----------------------+
| Boot partition | Swap partition | LUKS encrypted root |
| | | partition |
| | | |
| /boot | [SWAP] | / |
| | | |
| | | /dev/mapper/crypted |
| | | |
| /dev/sda1 | /dev/sda2 | /dev/sda3 |
| | | |
| 1GB | 8GB | Remaining space |
+-----------------------+------------------------+-----------------------+
```
Option 1 - Partition and mount the drives using disko
```bash
# Change the disk id according to your system
DISK='/dev/disk/by-id/ata-Samsung_SSD_870_EVO_250GB_S6PENL0T902873K'
curl https://raw.githubusercontent.com/sukhmancs/nixos-configs/main/disko/luks-btrfs-subvolumes/default.nix \
-o /tmp/disko.nix
sed -i "s|to-be-filled-during-installation|$DISK|" /tmp/disko.nix
nix --experimental-features "nix-command flakes" run github:nix-community/disko\
-- --mode disko /tmp/disko.nix
```
Option 2 - Manual Partitioning
**Create Partitions**
```bash
# Create boot, swap, and root partitions
DISK=/dev/sda
parted "$DISK" -- mklabel gpt
parted "$DISK" -- mkpart ESP fat32 1MiB 1GiB
parted "$DISK" -- set 1 boot on
parted "$DISK" -- mkpart Swap linux-swap 1GiB 9GiB
parted "$DISK" -- mkpart primary 9GiB 100%
```
**Setup Swap Partition**
```bash
mkswap -L SWAP "$DISK"2
swapon "$DISK"2
```
**Btrfs with LUKS (Root Partition)**
```bash
cryptsetup --verify-passphrase -v luksFormat "$DISK"3 # /dev/sda3
cryptsetup open "$DISK"3 crypted
mkfs.btrfs -L NIXOS /dev/mapper/crypted
mount -t btrfs /dev/mapper/crypted /mnt
# Setups subvolumes
btrfs subvolume create /mnt/root
btrfs subvolume create /mnt/home
btrfs subvolume create /mnt/nix
btrfs subvolume create /mnt/persist
btrfs subvolume create /mnt/log
btrfs subvolume create /mnt/snapshots
# Blank snapshot of the root subvolume
btrfs subvolume snapshot -r /mnt/root /mnt/root-blank
# Unmount the root partition
umount /mnt
# Create mount points
mkdir /mnt/home
mkdir /mnt/nix
mkdir /mnt/persist
mkdir -p /mnt/var/log
mkdir /mnt/snapshots
# Mount the subvolumes
mount -o subvol=root,compress=zstd,noatime /dev/mapper/crypted /mnt
mount -o subvol=home,compress=zstd,noatime /dev/mapper/crypted /mnt/home
mount -o subvol=nix,compress=zstd,noatime /dev/mapper/crypted /mnt/nix
mount -o subvol=persist,compress=zstd,noatime /dev/mapper/crypted /mnt/persist
mount -o subvol=log,compress=zstd,noatime /dev/mapper/crypted /mnt/var/log
mount -o subvol=snapshots,compress=zstd,noatime /dev/mapper/crypted /mnt/snapshots
```
**Setup Boot Partition**
```bash
mkfs.vfat -n BOOT "$DISK"1
mount --mkdir "$DISK"1 /mnt/boot
```
### Install NixOS
```bash
# Generate the configuration
nixos-generate-config --root /mnt
```
Run `nixos-install` to install NixOS.
### Install the dotfiles
```bash
git clone https://github.com/sukhmancs/nixos-configs/ ~/.config/nixos-configs
cd ~/.config/nixos-configs
```
> [!CAUTION]
> If Impermanence is enabled, we need to add the `neededForBoot = true` to some
> mounted subvolumes in hardware-configuration.nix. It will look something like this:
>
> ```nix
> fileSystems."/persist" = {
> device = "/dev/disk/by-uuid/b79d3c8b-d511-4d66-a5e0-641a75440ada";
> fsType = "btrfs";
> options = ["subvol=persist"];
> neededForBoot = true; # <- add this
> };
>
> fileSystems."/var/log" = {
> device = "/dev/disk/by-uuid/b79d3c8b-d511-4d66-a5e0-641a75440ada";
> fsType = "btrfs";
> options = ["subvol=log"];
> neededForBoot = true; # <- add this
> };
>
> fileSystems."/snapshots" = {
> device = "/dev/disk/by-uuid/b79d3c8b-d511-4d66-a5e0-641a75440ada";
> fsType = "btrfs";
> options = ["subvol=snapshots"];
> neededForBoot = true; # <- add this
> };
> ```
>
> Also, ensure that the password files are located in a volume marked with
> `neededForBoot = true` otherwise the user will not be able to login.
>
> ```bash
> mkdir -p /persist/passwords/root /persist/passwords/
> mkpasswd -m sha-512 > /persist/passwords/
> mkpasswd -m sha-512 > /persist/passwords/root
> ```
```bash
nixos-rebuild switch --flake .#
```
## Thanks to these amazing people
- [MatthiasBenaets](https://github.com/MatthiasBenaets/nix-config/)
- [raf](https://github.com/notashelf/nyx)
- [end-4](https://github.com/end-4/dots-hyprland)
- [aylur](https://github.com/Aylur/dotfiles/)
- will add more
## Credit and Attribution
Iβm totally cool with you borrowing my codeβno need to give me a shout-out. Just make sure to tip your hat to the original authors whose code Iβve borrowed for this project. They deserve the applause!