Mikha's NIXOS Configs

This repository contains my nixos configuration files for my laptop and server.

Several modules (listed below), have their own readme files with more information.

1. Bash
2. KeyD
3. Nh
4. Tmux
5. Work
6. Ulauncher

Warning

This config is a work in progress. There are many aspects of my system that are still configured imperatively, or omitted until I get nix-sops working.

Opinions

This configuration expects and enforces several rules and patterns:

• The default shell is assumed to be bash.
• System modules can install packages in home manager via home-config.packages.
• All modules can set options on the user via default-user.extra.

Mini applications

This configuration contains several mini applications that can be installed using flakes.

• e: A simple tool to get environment variable values with completions.
• emulators: A script to launch work emulators with the correct environment variables set. Several other applications are made available in this flake as well.

Useful command reference

Evaluate the value of a configuration option:

# example
nix eval .#nixosConfigurations.laptop.config.home-manager.users.mikha.bash.completions --json

Update flake inputs (must be run in the same dir as the flake.nix):

nix flake update

Enter nix devShell defined in a flake and use nix-output-monitor to watch build progress (run in the same dir as the flake.nix):

nom develop

Delete all old revisions and garbage collect nix store

# If your system imports the nh home manager module
gc
# Normal way (keep 5 old generations)
sudo nix-collect-garbage --keep 5

Rebuild the system configuration and switch to it (run in the same dir as the flake.nix):

# If your system imports the nh home manager module
nh os switch
# Normal way
sudo nixos-rebuild switch --flake .

Check configuration for errors (run in the same dir as the flake.nix):

nix flake check .

Format all nix files in the repo (run in the same dir as the flake.nix):

nix fmt .

Install

Install this configuration on a new NixOS system:

nix-shell -p git --command "nix run --experimental-features 'nix-command flakes pipe-operators' github:MikhaD/nixos-config"

Repl

Open a nix repl with the flake loaded

nix repl .#nixosConfigurations.<system name>

Evaluate nix file. Note that you will probably want let pkgs = import <nixpkgs> { }; in at the start of the file to get access to nixpkgs.

nix repl --file <filepath>

Load nixpkgs in repl

:l <nixpkgs>

SSH Setup

1. This configuration expects you to have SSH keys set up at ~/.ssh/id_ed25519 and ~/.ssh/id_ed25519.pub. These can be generated with:

   ssh-keygen -t ed25519 -a 100 -C "<system name>"

   [!Note] <system name> is a unique name for the system (e.g. "laptop" or "homelab"). This is used as a comment in the public key file for easier identification. The -a flag sets the number of KDF (key derivation function) rounds on your ssh key password to 100 for better brute force resistance.

2. Add the public key to github here by clicking new SSH key. Add it twice, once as a signing key and once as an authentication key.

3. If you want to use that key to SSH into other systems running SSH servers configured by this repository add the public key to the ./modules/nixos/services/sshd/ssh-public-keys.nix file named <system name>.pub.

Generate age key from SSH key

prefix with a space to prevent your password from being stored in your shell history

 nix-shell -p ssh-to-age --run "export SSH_TO_AGE_PASSPHRASE='<SSH Key Password>' && ssh-to-age -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt"
 # Generate public key
 nix-shell -p age --run "age-keygen -y ~/.config/sops/age/keys.txt"
 # Use age key to replace file with encrypted version
 sops --encrypt --age "$(cat ~/.ssh/id_ed25519.pub)" -i <input file>
 # Edit encrypted file
 sops <encrypted file>
 # (if there is a .sops.yaml file configured)
 sops encrypt/decrypt -i <input file>

Resources

• NixOS & Flakes book
• Managing dotfiles with home manager
• Nix Flakes on NixOS
• Nix concepts
• Great intro to flakes & their outputs
• How to install NixOS on a flashdrive
• Bash completions
• Latest kernel versions

How to use a custom version of the Linux kernel

Example:

boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.linux_6_17.override {
	argsOverride = rec {
		version = "6.17.2";
		modDirVersion = version;
		src = pkgs.fetchurl {
			url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz";
			hash = "sha256-/evLBlBl9cG43Gim+1nNpQzd2/kQPSB8IZbVXqdk9X8=";
		};
	};
});

TODO

• Tmux nix options to enable or disable attaching / creating specific session when a new shell is opened
• Make custom cd ... functionality work when there are directories after the ... (e.g. cd .../some/other/dirs)

• Move SSH to home manager
• Move Firefox profiles to home manager
• Move Obsidian vault to home manager
• Move Firefox search engines to home manager
• Consider switching to a stand alone home manager config instead of including it in the nixos config to make rebuilding faster (nh home switch)
• Look into nix VMs. Do they have access to the host file system?
• Overhaul work emulators script bash completions
• Add info on [] and [[]] in bash cheat-sheet
• pkgs README with info on how to write derivations
• Phone SSH
• Bash options:
  • Use unused timer.success, timer.failure, timer.warning, gitBranch.statusSummary, directory.abridged
  • Remove functions from bashrc that are not used when sections are toggled off
  • Update readme with new prompt section & examples
  • Create formal system for adding cd hooks
• Try alacritty. Need to see if it is possible to fix badly sized powerline icons.
• Start using stylix
• Switch to dendretic configuration pattern