Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/teto/home
Configurations
https://github.com/teto/home
Last synced: 22 days ago
JSON representation
Configurations
- Host: GitHub
- URL: https://github.com/teto/home
- Owner: teto
- License: gpl-2.0
- Created: 2013-05-03T12:52:45.000Z (over 11 years ago)
- Default Branch: main
- Last Pushed: 2024-05-22T18:36:54.000Z (6 months ago)
- Last Synced: 2024-05-22T19:39:47.557Z (6 months ago)
- Language: Nix
- Size: 16.7 MB
- Stars: 42
- Watchers: 3
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.org
Awesome Lists containing this project
README
#+title: how to use this repo
#+author: teto
#+NAME: demo
* home
This folder contains my customizations for:
- [[https://github.com/pazz/alot][alot]] (MUA: Mail User Agent, like mutt)
- [[https://github.com/astroidmail/astroid][astroid]] (MUA with a GUI)
- bash
- [[https://dystroy.org/broot/][broot]] file explorer
- [[https://github.com/jarun/Buku][buku]]: a cli bookmark manager
- clerk (to control mpd via rofi)
- [[font-manager][https://github.com/FontManager/font-manager]] the best font manager I could find
- [[https://fcitx-im.org/wiki/Fcitx_5][fcitx5]] (input method mechanims, e.g. to type japanese from your qwerty keyboard)
- [[https://github.com/rycee/home-manager/][home-manager]]
- htop / btop
- [[https://github.com/Alexays/Waybar][waybar]] sway bar
- [[https://github.com/pimutils/khard][khard]] (a carddav CLI)
- [[https://github.com/pimutils/khal][khal]] (a calendar CLI)
- mpd (configuration files to run this music server as a user)
- [[https://marlam.de/msmtp/news][msmtp]] (MSA: Mail Sending Agent)
- [[https://neomutt.org][neomutt]] (Mail User Agent)
- ncmpcpp (mpd console player)
- [[https://github.com/neovim/neovim][neovim]] (fork of vim)
- [[https://newsboat.org/][newboat]] (RSS reader, fork of newsbeuter)
- [[www.notmuch.org][notmuch]] (to tag mails)
- [[https://github.com/purebred-mua/purebred][purebred]] (terminal MUA)
- [[qutebrowser][www.qutebrowser.org]] (vim like browser)
- [[https://github.com/DaveDavenport/rofi][rofi]] (a dmenu-like interactive prompt, works with clerk/i3 etc...)
- [[https://starship.rs/][starship]] (prompt manager)
- nssxiv (image viewer)
- [[www.swaywm.com][sway]] (wayland window manager)
- [[https://sw.kovidgoyal.net/kitty/][kitty]] (terminal)
- [[https://wezfurlong.org/][wezterm]] (terminal)
- [[https://github.com/jonas/tig][tig]] (a git history reader)
- tmux (terminal multiplexer)
- [[https://github.com/tio/tio][tio]] a serial device tool
- [[https://vifm.info/][vifm]] (ranger-like, file explorer)
- [[https://github.com/vimus/vimus][vimus]] (or vimpc ? mpd player)
- [[https://www.visidata.org/][visidata]] (for data analysis, csv/json/pcap/... reader)
- [[https://weechat.org/][weechat]] (Irc client)
- [[https://github.com/sxyazi/yazi][yazi]] a TUI file manager in rust, much faster than ranger or joshuto, just amazing
- zsh (alternative to bash)
* nixos Install via flakes
As long as flakes are not supported natively, you need to
#+BEGIN_SRC shell
# when not setting #my-machine, defaults to hostname
nixos-rebuild switch --flake 'github:teto/home#laptop' --use-remote-sudo --option accept-flake-config true --option extra-experimental-features 'nix-command flakes'
#+END_SRC
* Approach to handling secrets
Nix writes everything world-readable so you dont want to embed passwords in .nix files.
** information you prefer to hide but won't seppuku if discovered...
... are handled via git-crypt in the repo.
** Infrastructure secrets
The solution I adopted is [[https://github.com/Mic92/sops-nix][sops-nix]] which reads secrets from sops files.
*** How to securely load those secrets in systemd units ?
With sops, you could create /run/secrets/email_password and have your service pick it up.
Set the proper owner to avoid anyone being able to read it.
One further security can be to rely on systemd-creds.
LoadCredentialEncrypted
/home/teto/.config/systemd/user/mbsync.service.d/override.conf
** Most intimate secrets
you wont find on this repo. I handle them via [[https://www.passwordstore.org/][pass]] and transfer them
manually on my machines via the tool in the next section.
* How to transfer state
Some secrets can't be shared reliably on the repository so they need to be
transferred.
** How to transfer secrets from another machine
* age key for sops
* git crypt key to decypher secrets saved in the repo
TODO mention termscp or yazi + rsync ?
On the old machine:
#+BEGIN_SRC
$ wormhole send ~/.gnupg
$ wormhole send ~/.password-store
$ wormhole send ~/.ssh
$ wormhole send ~/home/secrets
#+END_SRC
On the new machine:
#+BEGIN_SRC
$ just receive-secrets
tar xvf -C ~/.gnupg/ gnupg.tar
...
#+END_SRC
** How to recover this repo cyphered files
Get git-crypt do decypher the files
Retreive the key (possibly from an existing deployement via `git-crypt export-key toto.key`) and use
it on the new deployement via:
#+BEGIN_SRC sh
$ git-crypt unlock secrets/git-crypt-teto.key
#+END_SRC
should unlock the files.
NOTE: nixos doesnt seem to work out of the box with git-crypt [[https://github.com/NixOS/nix/issues/5260][anymore]],
the secret is to leave your repo in a dirty state so that nix sees the unlocked secrets.nix !
* Debug neovim config ?
You can see the resulting config via:
#+BEGIN_SRC
nix repl . --override-input nixpkgs github:nixos/nixpkgs
nixosConfigurations.laptop.config.home-manager.users.teto.programs.neovim.finalPackage.XXX
#+END_SRC
** tips for reinstallation
Apart from dd, to create a windows installer USB key, unetbootin worked the best:
`nix shell nixpkgs#unetbootin`