~bwolf/dotfiles

My dot files based on Nix.

fed154b Ito: Add printer driver cups-brother-dcpl3550cdw

~bwolf pushed to ~bwolf/dotfiles git

an hour ago

d06e97b Revert "Ito: Add greetd"

~bwolf pushed to ~bwolf/dotfiles git

15 hours ago
View project feed  RSS 

#Overview

My system and home configuration based on NixOS.

Dotfiles are managed by GNU Stow, instead of the usual home-manager: Historically I used home-manager for over 5 years, and dropped it 2024-12 for simplicity. I want to use more of NixOS to manage my systems, even on desktops. Home-manager looked nice and felt right for a long time, but basically it does nothing more than writing a few dotfiles and defining some systemd services which are incompatibly defined compared to NixOS, and all of that very slow. Even more it has many outstanding issues and limitations which I no longer want to tolerate. I already maintain Emacs, and a complex XMonad setup with Xmobar, without using home-manager. All of this for greater flexibility, which motivated me to look for an alternative solution, replacing home-manager.

As of 2024-12, Emacs configuration lives once again in a separate repository. It is using the Emacs Overlay. I maintain it via Git for at least since 2015. I started using Emacs in 1998 and did maintain a configuration, copied to various machines since then. At some point I merged the separate Emacs Git repository with this one using a history rewrite, and now it is once again separated.

#Machines

Desktop machines:

  • ito, Primary development machine, HiDPI
  • kazuki, Development machine, HiDPI
  • rie, Secondary development machine, a laptop

Servers:

Host Kind
nix01 metal kvm host, database, Prometheus, Syncthing
nix02 metal kvm host
nix03 metal kvm host
marta vm Production, OpenLDAP
olga vm Production
jakub vm Production
calcium vm Production

#Home configuration aka dotfile management

Dotfiles are managed using GNU Stow. They reside in the dots subdirectory. Currently, there are three profiles:

  • default: The default profile, applicable to all machines
  • ito: Hostname specific dotfiles
  • rie: Hostname specific dotfiles...

A sample invocation of GNU Stow with the default profile and a host profile:

stow -d ~/src/dotfiles/dots --dotfiles --target ~ default ito

Removing the symlinks is as simple as:

stow -D -d ~/src/dotfiles/dots --dotfiles --target ~ default ito

#Secret Management with Sops-Nix

Secret management is performed using the excellent sops-nix.

Generate an age based key for myself from an existing SSH key:

mkdir -p .config/sops/age
# Remove passphrase from key.
cp ~/.ssh/id_ed25519 tmp-key
chmod 0600 tmp-key
ssh-keygen -p -N "" -f tmp-key
nix run nixpkgs#ssh-to-age -- -private-key \
    -i ~/tmp-key >.config/sops/age/keys.txt
# Protect private key.
chmod 0600 .config/sops/age/keys.txt

Get the public age key:

nix-shell -p age --run "age-keygen -y ~/.config/sops/age/keys.txt"

This key is then put into .sops.yaml.

Generate a public key for a target host:

ssh-keyscan -t ed25519 host | nix run nixpkgs#ssh-to-age

This key is then also put into .sops.yaml.

Create an encrypted file:

nix run nixpkgs#sops -- secrets/example.yaml
cat secrets/example.yaml

Reference the secrets in the system configuration:

sops.defaultSopsFile = ./../example.yaml;
sops.secrets.example-key = {};
sops.secrets."myservice/my_subdir/my_secret" = {};

#License

See LICENSE.