dotfiles
dotfiles copied to clipboard
martinbaillie
π
#+BEGIN_html
#+END_html
- :house_with_garden: [[https://builtwithnix.org][https://img.shields.io/badge/built_with-Nix-5277C3.svg?logo=nixos&labelColor=24292E]] [[https://travis-ci.org/martinbaillie/dotfiles][https://img.shields.io/travis/martinbaillie/dotfiles/master.svg?label=NixOS&logo=travis&labelColor=24292E]] [[https://github.com/martinbaillie/dotfiles/actions?query=workflow%3AmacOS][https://github.com/martinbaillie/dotfiles/workflows/macOS/badge.svg]] :TOC_2:noexport:
- [[#about][About]]
- [[#installation-notes][Installation Notes]]
- [[#macos][macOS]]
- [[#nixos][NixOS]]
- [[#references][References]]
- About Welcome to the [[https://en.wiktionary.org/wiki/bikeshedding][bikeshed]]!
This repository houses all my [[machines][machine configurations]] expressed declaratively using a [[https://nixos.org/nix][Nix]] [[https://nixos.wiki/wiki/Flakes][flake]]. It covers both my personal and work devices that are running either NixOS or macOS.
The expressions are organised into platform-agnostic [[modules][modules]] that leverage the likes of the [[https://github.com/NixOS/nixpkgs][nixpkgs]], [[https://github.com/rycee/home-manager][home-manager]] and [[https://github.com/LnL7/nix-darwin][nix-darwin]] to fully configure the OS and userspace from scratch.
These days I am spending the majority of time in either Firefox or Emacs (+[[https://github.com/akermu/emacs-libvterm][vterm]]). On NixOS I am using [[https://github.com/ch11ng/exwm][EXWM]] and on macOS I am usually just running native fullscreen, ββΉing between the two previously mentioned apps. Additionally, a simple [[modules/themes][theming]] system is used to switch various things between light and dark versions, and a [[options.nix#L22][secrets]] attribute set (kept encrypted in a private repository) is referenced throughout.
#+BEGIN_QUOTE NOTE: Some twisted souls found value in all the ricing of the previous incarnation of this repository. I'll keep archived on this [[../../tree/archive][branch]] for reference. #+END_QUOTE
CI (Travis for NixOS, GitHub Actions for macOS) runs on push. The jobs generate a special [[machines/ci/default.nix][CI machine]] that imports every module, and derives either a NixOS VM (via QEMU) or simply builds on a fresh Darwin agent VM (in the case of macOS). The resultant binaries are pushed to [[https://cachix.org/][Cachix]] and subsequently become available for any of my other machines, saving a lot of wasted battery!
The [[Makefile][Makefile]] (in conjunction with some helpful [[default.nix#L58][aliases]]) is used to drive most actions, abstracting away NixOS/macOS differences where necessary.
- Installation Notes Below are some rough platform specific installation notes I use to go from fresh installs to fully configured machine. ** macOS From a fresh macOS install. **** Enable SSHd #+BEGIN_SRC shell sudo systemsetup -setremotelogin on #+END_SRC **** Install XCode #+BEGIN_SRC shell sudo xcodebuild -license #+END_SRC **** Install Homebrew for those macOS GUI apps unmanageable through Nix #+BEGIN_SRC shell /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)" #+END_SRC **** [APPLE SILICON] Install Rosetta2 #+begin_src shell softwareupdate --install-rosetta #+end_src **** Install Nix (multi-user) NOTE: Do not use =sudo= here. #+BEGIN_SRC shell
curl https://nixos.org/nix/install | sh
sh <(curl -L https://nixos.org/nix/install) --darwin-use-unencrypted-nix-store-volume --daemon #+END_SRC **** Enable Flakes and experimental commands Move to experimental. #+begin_src shell nix-env -iA nixpkgs.nixUnstable #+end_src
#+begin_src shell
cat << EOF | sudo tee -a /etc/nix/nix.conf
experimental-features = nix-command flakes
extra-platforms = x86_64-darwin aarch64-darwin
EOF
sudo launchctl kickstart -k system/org.nixos.nix-daemon
#+end_src
**** [OPTIONAL] Confirm remotely accessible
#+BEGIN_SRC shell
ssh $REMOTE nix-daemon --version
#+END_SRC
**** [OPTIONAL] Seed Nix store contents from an existing Darwin machine
#+BEGIN_SRC shell
nix copy --no-check-sigs --keep-going --to ssh-ng://$REMOTE ~/.nix-profile
#+END_SRC
**** Grab dotfiles using forwarded agent
#+BEGIN_SRC shell
sudo git clone --recursive [email protected]:martinbaillie/dotfiles.git /etc/dotfiles
sudo chown -R $USER: /etc/dotfiles
#+END_SRC
**** Optionally decrypt secrets one-off
If not forwarding.
#+BEGIN_SRC shell
nix-shell -p gpg
mkdir -m 700 ~/.gnupg-temp
#+NAME: nixos-ver #+BEGIN_SRC emacs-lisp :cache yes "21.05" #+END_SRC
#+RESULTS[8f7a4f3511d5d6152ec17fdf52addc1eecd1a880]: nixos-ver : 21.05
#+NAME: nixos-rel #+BEGIN_SRC emacs-lisp :cache yes :var nixos-ver=nixos-ver (format "%s.2796.110a2c9ebbf" nixos-ver) #+END_SRC
#+RESULTS[d02522c67a569b479981b108c6d2236d90a80aec]: nixos-rel : 21.05.2796.110a2c9ebbf
#+NAME: nixos-url #+BEGIN_SRC emacs-lisp :cache yes :var nixos-ver=nixos-ver (format "https://releases.nixos.org/nixos/%s" nixos-ver) #+END_SRC
#+RESULTS[6ea8b95b40577283983b31f1862093ba872ded97]: nixos-url : https://releases.nixos.org/nixos/21.05
#+BEGIN_SRC shell :exports code :var NIXOS_REL=nixos-rel NIXOS_URL=nixos-url curl -O ${NIXOS_URL}/nixos-${NIXOS_REL}/nixos-minimal-${NIXOS_REL}-x86_64-linux.iso curl -O ${NIXOS_URL}/nixos-${NIXOS_REL}/nixos-minimal-${NIXOS_REL}-x86_64-linux.iso.sha256 sha256sum -c nixos-minimal-${NIXOS_REL}-x86_64-linux.iso.sha256 #+END_SRC
Create a bootable NixOS USB (macOS example): #+BEGIN_SRC shell :exports code :var NIXOS_REL=nixos-rel NIXOS_URL=nixos-url diskutil list # Find USB diskutil unmountDisk /dev/disk2 dd if=nixos-minimal-${NIXOS_REL}-x86_64-linux.iso of=/dev/rdisk2 bs=4m diskutil unmountDisk /dev/disk2 #+END_SRC
Create a bootable NixOS USB (NixOS example): #+BEGIN_SRC shell :exports code :var NIXOS_REL=nixos-rel NIXOS_URL=nixos-url lsblk -i # Locate the device. cp nixos-minimal-${NIXOS_REL}-x86_64-linux.iso /dev/sdX # Target whole disk. #+END_SRC **** BIOS Tweaks (ThinkPad)
- [X] Disable Secure Boot
- [X] Enable CSM Support **** Boot Setup networking: #+BEGIN_SRC shell sudo su wpa_supplicant -B -i interface -c <(wpa_passphrase 'SSID' 'key') ip addr #+END_SRC
Conduct rest of install from other laptop for convenience (+SSH agent forwarding):
#+BEGIN_SRC shell
ssh -A root@
o (create new empty partition table)
n (add partition, 500M, type ef00 EFI)
n (add partition, remaining space, type 8301 Linux Reserved - in the absence of a LUKS code)
w (write partition table and exit)
#+END_SRC
Setup the encrypted LUKS partition and open it: #+BEGIN_SRC shell cryptsetup luksFormat /dev/nvme0n1p2 cryptsetup luksOpen /dev/nvme0n1p2 enc-pv #+END_SRC
Create two logical volumes (swap and root): #+BEGIN_SRC shell pvcreate /dev/mapper/enc-pv vgcreate vg /dev/mapper/enc-pv lvcreate -L 8G -n swap vg lvcreate -l '100%FREE' -n root vg #+END_SRC
Format the partitions: #+BEGIN_SRC shell mkfs.fat -F 32 /dev/nvme0n1p1 mkfs.ext4 -L root /dev/vg/root mkswap -L swap /dev/vg/swap #+END_SRC **** Install Mount the partitions just created under /mnt: #+BEGIN_SRC shell mount /dev/vg/root /mnt mkdir /mnt/boot mount /dev/nvme0n1p1 /mnt/boot swapon /dev/vg/swap #+END_SRC
Install:
#+BEGIN_SRC shell
useradd -m -G wheel martin
sudo su - martin
nix-shell -p git --run
git clone --recursive [email protected]:martinbaillie/dotfiles.git
/mnt/etc/dotfiles
nix-shell -p nixUnstable -p git sudo -E nixos-install --option pure-eval no --flake .#$HOSTNAME
make -C /mnt/etc/dotfiles install
#+END_SRC **** Iterative Troubleshooting If system doesn't boot: #+BEGIN_SRC shell cryptsetup luksOpen /dev/nvme0n1p2 enc-pv lvchange -a y /dev/vg/swap lvchange -a y /dev/vg/root mount /dev/vg/root /mnt mount /dev/nvme0n1p1 /mnt/boot swapon /dev/vg/swap wpa_supplicant -B -i interface -c <(wpa_passphrase 'SSID' 'key') nixos-enter #+END_SRC
Try again. **** Import GPG key #+BEGIN_SRC shell gpg --import ~/.gnupg/gpg.asc #+END_SRC **** Configure Emacs #+BEGIN_SRC shell make config-emacs #+END_SRC
- References
- [[https://github.com/hlissner][@hlissner]]
- [[https://github.com/jwiegley][@jwiegley]]
- [[https://github.com/cmacrae][@cmacrae]]
martinbaillie