nix & nixOS Configuration / Linux Config

The spiciest config on the market 😳🥵💦

My reproducible nix Configuration & other configuration files.
More Documentation (for myself) about nixOS in my TechNotes Repo.

It has my personal configuration for my Lenovo Legion laptop(hyrulecastle), my MS Surface Pro 7(kakariko) and my Oracle aarch64 server(skyloft).

Installing on a new computer

• sudo nixos-rebuild --flake github:Yeshey/nixOS-Config#skyloft boot --max-jobs 2 --cores 4 --option experimental-features "nix-command flakes pipe-operators" --impure

• You might need to create the home manager folder manually mkdir ~/.local/state/nix/profiles

• Yo'll have to find the syncthing ID by going to http://127.0.0.1:8384, getting the ID, and adding it in the syncthing config

• You'll have to add the new machine public key to the secrets for agenix with cat /etc/ssh/ssh_host_rsa_key.pub and add it in the secrets/secrets.nix and rekey the keys cd ~/.setup/secrets and agenix --rekey.

• Right click on wastebin and configure to delete trash after 7 days, still don't know how to declare this.

• For remote backups, I'm using OneDrive with rclone, you will have to add the rclone remote with rclone config either as yeshey (for hyrulecastle) or as root (for skyloft) and set the name of the remote to OneDriveISCTE.

• You'll need to run sudo wg show wgOracle to see the public keys and update the publicKey in wireguardServer.nix and wireguardClient.nix

• nix-on-droid: (don't forget you can connect your phone to the PC and control it with something like scrcpy --legacy-paste) install my flake in app by adding the normal packages (restart nix-on-droid after that) and running nix-shell -p git --run "nix-on-droid --flake github:Yeshey/nixOS-Config#nix-on-droid switch". (or use the /nix-on-droid branch if it isn't working) You'll have to find a way to send the ssh keys, scp isn't working, you can do this:

  • Transfer the files to Downloads folder in the phone and then use this method to get it in nix-on-droid

  • To use nix-on-droid with root, you can try taking a look here

  • If you want to add a termux:widget to connect to your computers with their reverse proxy to the server (can be enabled with autosshReverseProxy) you can add to ~/.shortcuts/ these files:

    • connectHyruleCastle:

      ssh -t -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null yeshey@143.47.53.175 "ssh -t -p 2232 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null yeshey@localhost"

    • connectKakariko:

      ssh -t -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null yeshey@143.47.53.175 "ssh -t -p 2233 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null yeshey@localhost"

    • connectSkyloft:

      ssh -t -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null yeshey@143.47.53.175

    • From your phone, you can redirect port 2998 of your PC to http://localhost:2998 on your phone with ssh -L 2998:localhost:2998 -J yeshey@143.47.53.175 yeshey@localhost -p 2232

  • If you get rate limitted, you can use authenticated requests:

    • gh auth login
    • sudo nixos-rebuild --flake ~/.setup#hyrulecastle --option cores 6 --option max-jobs 3 switch --option access-tokens "github.com=$(gh auth token)"

Non-NixOS Home-manager standalone with flakes

1. Install nix, follow hm standalone. (These instructions assume system wide installation)
2. mkdir ~/.setup ; git clone git@github.com:Yeshey/nixOS-Config.git ~/.setup/ --depth 1
3. Follow flakes Standalone setup, and use nix run home-manager/master -- init --switch /home/yeshey/.setup to set up the hm in the right place.
4. home-manager switch --flake ~/.setup#yeshey to activate the configuration
5. Set zsh shell as default:
   echo "/home/$USER/.nix-profile/bin/zsh" | sudo tee -a /etc/shells
chsh -s "/home/$USER/.nix-profile/bin/zsh" "$USER"

Credits

• Initially introduced to nix and nixOS by Kylix 👀
• First iteration inspiered by Matthias Benaets' configuration and his video;
• Derived from LongerHV's nixos-configuration;
• Based on Misterio77's nix-starter-configs;
• Inspiered by pinage404 dotfiles
• (Furure?/To-Do) Looking into mightyiam's config

Highlights:

• Structure

  • Separation of home manager, nixOS system configuration and Host services through a myHome and mySystem and toHost modules, this way it could also be deployed on a home-manager only system the same way LongerHV's nixos-configuration is set up;

  • Unstable packages available at pkgs.unstable.<package>, NUR packages available at pkgs.nur.<package> using overlays. Check Misterio77's standard nix-starter-configs for getting started with this structure.

• Auto Upgrades On Shutdown - Setting auto upgrades on my desktop PC only on shutdown once every week: autoUpgradesOnShutdown.nix;

• Syncthing - Declaratively set syncthing, including ignore patterns with userActivationScripts (TODO: set syncthing as a home manager service): syncthing.nix;

• LUKS on LVM with LVM cache bcacheFS as root ( ͡° ͜ʖ ͡°) - across microSD (background_target) and NVME (foreground_target and promote_target) on kakariko: boot.nix;

• clean - clean is an alias for a script that cleans user and system dangling nix packages, optimises the store, uninstalls unused Flatpak packages, and removes dangling docker and podman images, volumes and networks: for myHome and for mySystem

• pci-passthrough - for passing my NVIDIA GeForce RTX 2060 Mobile to a virt-manager VM and using my intel processor for the host: pci-passthrough.nix, but better yet:

• VGPU - Unlocked VGPU functionality on my consumer nvidia card: vgpu.nix. Using my module, more details there: nixos-nvidia-vgpu;

• Ollama with open-webui and searx - Ollama and Open-WebUI can be activated with a single module: ollama. If searx, to use your own search engine, is also activated, models on openweb-ui are able to search the internet through it: searx

• i2p firefox profile - Home manager auto creates a firefox profile able to access the hidden i2p net when services.i2p.enable is enabled on the host, and makes a .desktop file for easy access, i2pFirefoxProfile option: firefox.nix;

• Safe-rm - I nuked my PC once by running sudo rm -r /* instead of sudo -r rm ./*, so I decided to change all my rm calls to safe-rm calls through changing the binary and adding aliases, both in myHome: safe-rm.nix; and in mySystem: safe-rm.nix;

• OneDriver - home-manager module for onedriver that auto clears cache every month, of course: onedriver.nix.

• Substituters - Uses a bunch of substituters for extra caches to hopefully make rebuilds faster: default.nix. Also in my module to activate when home manager is used standalone (untested): non-nixos.nix;

• Agenix - Using agenix both at system (mySystem - default.nix): and at user (myHome - default.nix) levels, they grab secrets from /secrets.

• VSCodium - Visual Studio Codium, the open source version of VSC, configuration settings propagated to appropriate locations for VScodium, VSCode and openvscode-server, has a bunch of extensions and configuration for latex nix language server, settings for special characters to work with starship theme in terminal, java, etc: vscodium/default.nix

• piper-tts as Text to Speach - A single english voice, instead of the robotic default voice: piperTextToSpeech.nix

Gallery

HyruleCastle

Kakariko

 

 

 

story.md 🥀