My dot files based on Nix.

7e2f143 Make tmux window splitting easy

~bwolf pushed to ~bwolf/dotfiles git

5 hours ago

bb55aae Switch tmux back and forth using space

~bwolf pushed to ~bwolf/dotfiles git

5 hours ago


My configuration based on NixOS. They are basically used to configure NixOS and Darwin machines. Besides the system configuration, the user configuration is driven by Home Manager. My Emacs configuration is using the Emacs Overlay.

#Workaround for Git 2.35.2


sudo git config --global --add safe.directory /etc/nixos sudo git config --global --add safe.directory /home/marcus/src/dotfiles


Secret management is performed using the excellent sops-nix.

Generate an age based key for myself from an existing SSH key:

mkdir -p .config/sops/age
# Remove passphrase from key.
cp ~/.ssh/id_ed25519 tmp-key
chmod 0600 tmp-key
ssh-keygen -p -N "" -f tmp-key
nix run nixpkgs#ssh-to-age -- -private-key \
    -i ~/tmp-key >.config/sops/age/keys.txt
# Protect private key.
chmod 0600 .config/sops/age/keys.txt

Get the public age key:

nix-shell -p age --run "age-keygen -y ~/.config/sops/age/keys.txt"

This key is then put into .sops.yaml.

Generate a public key for a target host:

ssh-keyscan -t ed25519 host | nix run nixpkgs#ssh-to-age

This key is then also put into .sops.yaml.

Create an encrypted file:

nix run nixpkgs#sops -- secrets/example.yaml
cat secrets/example.yaml

Reference the secrets in the system configuration:

sops.defaultSopsFile = ./../example.yaml;
sops.secrets.example-key = {};
sops.secrets."myservice/my_subdir/my_secret" = {};


See LICENSE.txt.