genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 09:27:44 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
dots/README.md
Gene Liverman 9b3c078319
Add linting, formatting, and CI with fixes for all warnings 
Infrastructure:
- Add deadnix, nixfmt, and statix to flake inputs
- Add formatter output to flake for nix fmt support
- Add deadnix, nixfmt, statix to Home Manager packages
- Add GitHub Actions workflow for CI validation
- Add .pre-commit-config.yaml with hooks for nixfmt, deadnix, and statix
- Support x86_64-darwin in formatter

Statix fixes (W10/W20 warnings):
- Remove unused lambda argument from nixpkgs-settings.nix
- Merge repeated keys in hardware-configuration.nix files (boot.initrd, boot, fileSystems)
- Merge repeated keys in nixnuc/default.nix (services, virtualisation)
- Merge repeated keys in rainbow-planet/default.nix (desktopManager)
- Merge repeated keys in home/general/default.nix (home)

Deadnix fixes (unused declarations):
- Remove unused pkgs/lib/username/http_port arguments from various files
- Fix unused final parameter in overlay functions (final -> _final)

CI/pre-commit fixes:
- Fix pre-commit statix config: add pass_filenames: false
- Fix CI workflow: use nix run nixpkgs# prefix and --ci flag for nixfmt
2026-03-20 22:29:46 -04:00

234 lines
11 KiB
Markdown
Raw Blame History

# Dots
This repo is a Nix flake that manages most of my setup on macOS and fully manages machines I have that run NixOS as their operating system.
- [Flake structure](#flake-structure)
- [Repo structure](#repo-structure)
- [Hosts](#hosts)
- [Historical bits](#historical-bits)
- [Adding a new macOS host](#adding-a-new-macos-host)
- [Extras steps not done by Nix and/or Homebrew and/or mas](#extras-steps-not-done-by-nix-andor-homebrew-andor-mas)
- [Firefox profile switcher](#firefox-profile-switcher)
- [Setup sudo via Touch ID](#setup-sudo-via--touch-id)
- [Atuin](#atuin)
- [Mouse support](#mouse-support)
- [Adding a NixOS host](#adding-a-nixos-host)
- [Post-install](#post-install)
## Flake structure
The Nix bits are driven by `flake.nix` which pulls in things under `modules/`. Both Intel and Apple Silicon macOS are supported, as is NixOS.
- inputs: all the places things are pulled from
- outputs:
- all the outputs from the inputs
- a `let` ... `in` block that contains:
- `mkDarwinHost` which takes a set of parameters and pulls in all the things needed to use Nix on a macOS host
- `mkNixosHost` which takes a set of parameters and pulls in all the things needed to configure a NixOS host
- `mkHomeConfig` which takes a set of parameters and pulls in things for standalone Home Manager (non-NixOS Linux)
- the body of outputs that contains:
- `darwinConfigurations` - an attribute set keyed by hostname for each macOS host
- `nixosConfigurations` - an attribute set keyed by hostname for each NixOS host
- `homeConfigurations` - an attribute set keyed by username for standalone HM users
The parameters on `mkDarwinHost`, `mkNixosHost`, and `mkHomeConfig` are:
- `system:` the system definition to use for nixpkgs (e.g., "x86_64-linux", "aarch64-darwin")
- `hostname:` the hostname of the machine being configured
- `username:` the username being configured on the host (all code currently assumes there is a single human user managed by Nix)
- `additionalModules:` any nix modules that are desired to supplement the default for the host
- `additionalSpecialArgs:` any supplemental arguments to be passed to `specialArgs`
## Repo structure
Key files at the root level:
- `flake.nix` - Main flake entry point, defines all hosts and inputs
- `flake.lock` - Lock file for pinned dependencies
- `lib/` - Helper functions (mkDarwinHost, mkNixosHost, mkHomeConfig)
- `modules/hosts/` - All host configurations (see tree below)
- `.sops.yaml` - SOPS secrets management configuration
- `examples/flake-structure.nix` - Minimal example showing flake structure
The Nix stuff is structured like so:
```bash
$ tree modules -I secrets.yaml --dirsfirst
modules
├── shared # Shared configurations (formerly common)
│ ├── all-gui.nix
│ ├── default.nix
│ ├── files # Home manager files (nvim, powershell, tilix, waybar, xfce4)
│ ├── linux
│ │ ├── apps # Linux-specific apps (waybar, tilix, etc.)
│ │ ├── home.nix
│ │ ├── internationalisation.nix
│ │ ├── lets-encrypt.nix
│ │ ├── nixroutes.nix
│ │ └── restic.nix
│ └── linux-apps # (deprecated, apps moved to linux/)
└── hosts
├── darwin # macOS system & home configs
│ ├── AirPuppet
│ │ └── home-gene.nix
│ ├── Blue-Rock
│ │ ├── default.nix
│ │ └── home-gene.liverman.nix
│ ├── default.nix
│ ├── home.nix
│ └── mightymac
│ ├── default.nix
│ └── home-gene.liverman.nix
├── home-manager-only # Standalone Home Manager (non-NixOS Linux)
│ ├── default.nix
│ ├── home-gene.liverman.nix
│ └── home-gene.nix
└── nixos # NixOS system & home configs
├── bigboy
│ ├── default.nix
│ ├── hardware-configuration.nix
│ └── home-gene.nix
├── default.nix
├── hetznix01
│ ├── default.nix
│ ├── disk-config.nix
│ ├── hardware-configuration.nix
│ ├── home-gene.nix
│ ├── post-install # Post-install services
│ │ ├── containers
│ │ ├── default.nix
│ │ ├── matrix-synapse.nix
│ │ ├── monitoring.nix
│ │ ├── mosquitto.nix
│ │ └── nginx.nix
│ └── secrets.yaml
├── hetznix02
├── kiosk-entryway
├── kiosk-gene-desk
├── nixnas1
│ ├── default.nix
│ ├── disk-config.nix
│ ├── hardware-configuration.nix
│ ├── home-gene.nix
│ └── secrets.yaml
├── nixnuc
│ ├── containers
│ ├── default.nix
│ ├── hardware-configuration.nix
│ ├── home-gene.nix
│ └── monitoring-stack.nix
└── rainbow-planet
├── default.nix
├── gnome.nix
├── hardware-configuration.nix
└── home-gene.nix
```
## Hosts
- **Darwin (macOS)**: AirPuppet, Blue-Rock, mightymac
- **NixOS**: bigboy, hetznix01, hetznix02, kiosk-entryway, kiosk-gene-desk, nixnas1, nixnuc, rainbow-planet
- **Home Manager only**: gene (x86_64-linux, aarch64-linux)
## Historical bits
This repo historically contained my dot files. Historically symlinked files on Windows are still in `windows/`. Everything else is just in git history now.
## Adding a new macOS host
1. run `xcode-select --install` to install the command-line developer tools (this includes the Apple's stock version of Git).
2. create ed25519 ssh key via `ssh-keygen -t ed25519`
3. add key to GitHub account
4. run macOS graphical installer from https://determinate.systems/posts/graphical-nix-installer
5. run `mkdir ~/repos`
6. run `cd ~/repos`
7. run `git clone git@github.com/genebean/dots`
8. create keys for [SOPS](https://georgheiler.com/post/sops/) via `mkdir -p ~/Library/Application\ Support/sops/age && nix run nixpkgs#ssh-to-age -- -private-key -i ~/.ssh/id_ed25519 > ~/Library/Application\ Support/sops/age/keys.txt && nix run nixpkgs#ssh-to-age -- -i ~/.ssh/id_ed25519.pub >~/Library/Application\ Support/sops/age/pub-keys.txt`
9. run `cat ~/Library/Application\ Support/sops/age/pub-keys.txt |pbcopy`
10. edit `.sops.yaml` and:
1. paste copied data into a new line under keys
2. add creation rule
3. add to common rule
11. run `mkdir modules/home-manager/hosts/$(hostname -s)`
12. run `nix run nixpkgs#sops -- modules/home-manager/hosts/$(hostname -s)/secrets.yaml`
13. Add entries for
- `local_git_config` containing something like this:
```
[user]
email = me@example.com
```
- `local_private_env` containing anything you want exported as env vars or local aliases that you want to keep private
- `tailscale_key`
14. create `modules/home-manager/hosts/darwin/$(hostname -s)/<username>.nix` based on needs for this machine
15. run `mkdir modules/hosts/darwin/$(hostname -s)`
16. create `modules/hosts/darwin/$(hostname -s)/default.nix` based on need for this machine
17. add entry to `flake.nix`
18. if not a fresh install of macOS,
- run `brew leaves` and look for things installed from taps you don't want any more
- uninstall the program and the tap if not adding it to nix
19. run `git add .`
20. run `git status` - it should look something like this:
```bash
gene.liverman@mightymac dots % git status
On branch main
Your branch is up to date with 'origin/main'.
Changes to be committed:
(use "git restore --staged <file>..." to unstage)
modified: .sops.yaml
modified: flake.nix
new file: modules/home-manager/hosts/mightymac/gene.liverman.nix
new file: modules/home-manager/hosts/mightymac/secrets.yaml
new file: modules/hosts/darwin/mightymac/default.nix
```
21. run `sudo mv /etc/nix/nix.conf{,.before-nix-darwin}`
22. run `sudo mv /etc/zshenv{,.before-nix-darwin}`
23. run `nix run --extra-experimental-features 'nix-command flakes repl-flake' nix-darwin -- check --flake ~/repos/dots`
24. Run `nix run --extra-experimental-features 'nix-command flakes repl-flake' nix-darwin -- switch --flake ~/repos/dots`
- if prompted, run `sudo mv /etc/shells{,.before-nix-darwin}`
- if prompted, run `sudo mv /etc/zshenv{,.before-nix-darwin}`
- if prompted, you may also have to move or remove `~/.zshrc`
- on the first (or several) run(s) homebrew may well fail due to previously installed casks or programs in `/Applications`. You may have to run `brew install --force <package name>` to fix this
- you may have to run brew multiple times to fix things
25. in Settings > Privacy & Security > App Management you will need to allow iTerm
26. After the nix command finally works, open a new iTerm window and it should have all the nixified settings in it.
27. Go into iTerm2's preferences and use the Hack Nerd Mono font so that the prompt and other things look right. You will likely also want to adjust the size of the font.
### Extras steps not done by Nix and/or Homebrew and/or mas
#### Firefox profile switcher
You will need to link `firefox-profile-switcher-connector` for it to work. The easiest way to do this is to run `brew reinstall firefox-profile-switcher-connector` and follow the directions printed in the terminal.
#### Setup sudo via Touch ID
1. run `sudo cp /etc/pam.d/sudo_local{.template,}` - this will generate a popup asking permission
2. run `sudo nvim /etc/pam.d/sudo_local` and uncomment line as directed by top comments
3. save via `!w` which will generate a popup asking permission
#### Atuin
Nix installs and configures Atuin, but you still need to log into the server:
1. run `atuin import auto` to import the shell history from before Atuin was installed and running
2. run `read -s akey` and enter the encryption key
3. run `read -s apass` and enter the user password
4. run `atuin login --key=$akey --password=$apass --username=gene`
#### Mouse support
- [Logitech M720 Triathlon mouse](https://support.logi.com/hc/en-us/articles/360024698414--Downloads-M720-Triathlon-Multi-Device-Mouse)
## Adding a NixOS host
### Post-install
1. clone this repo
2. create keys for [SOPS](https://georgheiler.com/post/sops/) via `mkdir -p ~/.config/sops/age && nix run nixpkgs#ssh-to-age -- -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt && nix run nixpkgs#ssh-to-age -- -i ~/.ssh/id_ed25519.pub > ~/.config/sops/age/pub-keys.txt`
3. copy output of `~/.config/sops/age/pub-keys.txt`
4. add entries to `.sops.yaml`
5. run `sops modules/hosts/nixos/$(hostname)/secrets.yaml`
- if there is an empty yaml file in where you target you will get an error... just delete it and try again
6. edit `sops modules/hosts/nixos/$(hostname)/default.nix` and add the Tailscale service and the block of config for sops.
- if there is an empty yaml file in where you target you will need to delete it
Reference in a new issue View git blame Copy permalink